Software

Microsoft Security Updates January 2016

New Year's greetings with Silverlight and five other Critical Bulletins!

с новым годом! Microsoft rings in the New Year with a new set of ten security bulletins MS16-001 through MS16-010, patching 24 CVE detailed vulnerabilities. These bulletins effect Microsoft web browsers and plugins, Office software, Windows system software, and Exchange mail servers. Six of them maintain a critical rating. The Critical bulletins effect the following software:

    • Silverlight Runtime
    • Internet Explorer
    • Microsoft Edge
    • VBScript and JScript scripting engine
    • Microsoft Office, Visio, and SharePoint
    • Windows Win32k Kernel Components

Somewhat surprisingly with over twenty vulnerabilities, Microsoft claims to be unaware of public exploitation of any of them at the time of reporting, however they acknowledge at least three were publicly disclosed. Nonetheless, the urgency to patch remains, so please update your software.

Of these, the Silverlight vulnerability CVE-2016-0034 (note that Mitre records the CVE as assigned on 2015.12.04) appears to be the most interesting and most risky, as it enabled remote code execution across multiple platforms for this widespread software, including Apple. But more of the IE, Edge and add-on related vulnerabilities also provide opportunity for mass exploitation. Don’t forget to return to Securelist soon for concrete perspective and upcoming posts detailing past and ongoing exploitation of these issues.

It’s also assuring to see Microsoft security operations pushing the edges of improving TLS algorithms to encrypt web sessions and provide greater privacy. Even their Technet page for a summary of these Bulletins provides TLS 1.2, implementing 3DES_EDE_CBC with HMAC-SHA1 and a RSA key exchange. But, it looks like their research group hasn’t pushed forward their work on post-quantum resistant TLS key exchange (Full RWLE Paper [pdf]), as “R-LWE in TLS” into production. Tomorrow’s privacy will have to wait.

Microsoft Security Updates January 2016

Your email address will not be published. Required fields are marked *

 

  1. augustine oryema

    Yes those vulnerabilities you mention is now at advance level, Microsoft believed they got enough update to Katter for those but they unaware that these malware block/change services local by default and lock it in the registry, these update will not be install and they are not even getting Data from those infected computers, their researcher out of touch with what is happening. these super Trojan is running in separate memory and store its setting in lock registry files, if a user log in, it will trigger remote execution, I got infected hard drive want to give for research purposes.

  2. Wayne Fields, qualified IT professional

    Recently I tried to download an unlocker program because Adobe won’t respond to not being able to delete old pdf files.
    Unfortunately, it turned out to have a nasty virus that thank goodness was picked up by my Kapsersky protection and it removed it. But it left my settings so screwed up I had to do a system restore, and thank goodness the computer is fine! Watch out for them!

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox