Microsoft Patch Tuesday Summary for July 2016
As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important.
One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory.
None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities:
CVE-2016-3287 , a vulnerability in Secure Boot.
CVE-2016-3272 , an information disclosure vulnerability in the Windows Kernel.
I don't consider either vulnerability very serious.
As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first.
The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted.
For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here.
---
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
Interesting write up on the MS16-087 issue here:
http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack
Anonymous
Jul 12th 2016
8 years ago
I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.
I wonder if more people have the same problems as we do.
Anonymous
Jul 13th 2016
8 years ago
I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.
I wonder if more people have the same problems as we do.[/quote]
Some sage advise, use 1 client in parallel for updates before poisoning the entire network. Or, wait a few days for any fallout.
Anonymous
Jul 13th 2016
8 years ago
I've noticed you have the CVE (2016-3287) for the MS16-094 (Secure Boot), listed next to MS16-093, instead of the actual list of Adobe CVEs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4182, CVE-2016-4188, CVE-2016-4185, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249)
It would be nice if you could correct :)
Anonymous
Jul 13th 2016
8 years ago
Anonymous
Aug 1st 2016
8 years ago
Anonymous
Aug 1st 2016
8 years ago
We're having similar problems. The export to Excel button on our Oracle/PeopleSoft system is broken. The only fixes we've found so far are to disable Protected View in Excel or to uninstall the patch. Neither are good ideas...
John
Anonymous
Aug 2nd 2016
8 years ago