Security Alert (A16-02-01): Multiple Vulnerabilities in Microsoft Products (February 2016)


 

Published on: 11 February 2016

  
  

Description:

Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS16-009    Cumulative Security Update for Internet Explorer
MS16-011    Cumulative Security Update for Microsoft Edge
MS16-012    Security Update for Microsoft Windows PDF Library to Address Remote Code Execution
MS16-013    Security Update for Windows Journal to Address Remote Code Execution
MS16-014    Security Update for Microsoft Windows to Address Remote Code Execution
MS16-015    Security Update for Microsoft Office to Address Remote Code Execution
MS16-016    Security Update for WebDAV to Address Elevation of Privilege
MS16-017    Security Update for Remote Desktop Display Driver to Address Elevation of Privilege
MS16-018    Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege
MS16-019    Security Update for .NET Framework to Address Denial of Service
MS16-020    Security Update for Active Directory Federation Services to Address Denial of Service
MS16-021    Security Update for NPS RADIUS Server to Address Denial of Service


Affected Systems:

  • Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1
  • Microsoft Edge
  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
  • Microsoft Office Compatibility Pack, Excel, Word Viewer
  • Microsoft Office Web Apps 2010, 2013
  • Microsoft SharePoint Server 2007, 2010, 2013, SharePoint Foundation 2013
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
  • Microsoft Windows Vista, 7, 8.1, RT 8.1, 10

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:
https://technet.microsoft.com/library/security/ms16-feb


Impact:

Depending on the vulnerability exploited, a successful attack could lead to a denial-of-service condition, arbitrary code execution, elevation of privilege and information disclosure.


Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate

If any problem is encountered during the patch installation via automated methods, patches for various affected systems can also be downloaded individually from the "Affected and Non-Affected Software" section of the corresponding Microsoft Security Advisory and Bulletins which can be accessed from the URL(s) listed in the "More Information" section of this Security Alert.

End-of-Life Upgrade Notification for Internet Explorer

A new “End of Life” upgrade notification feature was delivered in the 12 January 2016 cumulative security update for Internet explorer (IE). This feature notifies users of IE8, IE9 and IE10 on Windows 7 SP1 and Windows Server 2008 R2 that their IE is end of life. The notification web page is displayed in an additional tab when the end of life IE is launched. This feature can be disabled by configuring a registry key. For more details, please refer to the below URL:

https://support.microsoft.com/en-us/kb/3123303

More Information:

https://technet.microsoft.com/en-us/library/security/ms16-feb
https://technet.microsoft.com/library/security/MS16-009
https://technet.microsoft.com/library/security/MS16-011
https://technet.microsoft.com/library/security/MS16-012
https://technet.microsoft.com/library/security/MS16-013
https://technet.microsoft.com/library/security/MS16-014
https://technet.microsoft.com/library/security/MS16-015
https://technet.microsoft.com/library/security/MS16-016
https://technet.microsoft.com/library/security/MS16-017
https://technet.microsoft.com/library/security/MS16-018
https://technet.microsoft.com/library/security/MS16-019
https://technet.microsoft.com/library/security/MS16-020
https://technet.microsoft.com/library/security/MS16-021
https://blogs.msdn.microsoft.com/ie/2014/08/07/stay-up-to-date-with-internet-explorer/
https://www.hkcert.org/my_url/en/alert/16021101 (to 16021112)
https://www.us-cert.gov/ncas/current-activity/2016/02/09/Microsoft-Releases-February-2016-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0036 (to CVE-2016-0042)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0046 (to CVE-2016-0056)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0058 (to CVE-2016-0064)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0067 (to CVE-2016-0069)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0084



Tag: .NET Framework , Edge , Internet Explorer , SharePoint , Windows Server , Windows , Microsoft , Microsoft Office
Tags