Software

Microsoft Security Updates January 2016

New Year's greetings with Silverlight and five other Critical Bulletins!

с новым годом! Microsoft rings in the New Year with a new set of ten security bulletins MS16-001 through MS16-010, patching 24 CVE detailed vulnerabilities. These bulletins effect Microsoft web browsers and plugins, Office software, Windows system software, and Exchange mail servers. Six of them maintain a critical rating. The Critical bulletins effect the following software:

    • Silverlight Runtime
    • Internet Explorer
    • Microsoft Edge
    • VBScript and JScript scripting engine
    • Microsoft Office, Visio, and SharePoint
    • Windows Win32k Kernel Components

Somewhat surprisingly with over twenty vulnerabilities, Microsoft claims to be unaware of public exploitation of any of them at the time of reporting, however they acknowledge at least three were publicly disclosed. Nonetheless, the urgency to patch remains, so please update your software.

Of these, the Silverlight vulnerability CVE-2016-0034 (note that Mitre records the CVE as assigned on 2015.12.04) appears to be the most interesting and most risky, as it enabled remote code execution across multiple platforms for this widespread software, including Apple. But more of the IE, Edge and add-on related vulnerabilities also provide opportunity for mass exploitation. Don’t forget to return to Securelist soon for concrete perspective and upcoming posts detailing past and ongoing exploitation of these issues.

It’s also assuring to see Microsoft security operations pushing the edges of improving TLS algorithms to encrypt web sessions and provide greater privacy. Even their Technet page for a summary of these Bulletins provides TLS 1.2, implementing 3DES_EDE_CBC with HMAC-SHA1 and a RSA key exchange. But, it looks like their research group hasn’t pushed forward their work on post-quantum resistant TLS key exchange (Full RWLE Paper [pdf]), as “R-LWE in TLS” into production. Tomorrow’s privacy will have to wait.

Microsoft Security Updates January 2016

Comment

Your email address will not be published. Required fields are marked *

 

Cancel

  1. augustine oryema

    Yes those vulnerabilities you mention is now at advance level, Microsoft believed they got enough update to Katter for those but they unaware that these malware block/change services local by default and lock it in the registry, these update will not be install and they are not even getting Data from those infected computers, their researcher out of touch with what is happening. these super Trojan is running in separate memory and store its setting in lock registry files, if a user log in, it will trigger remote execution, I got infected hard drive want to give for research purposes.

  2. Wayne Fields, qualified IT professional

    Recently I tried to download an unlocker program because Adobe won’t respond to not being able to delete old pdf files.
    Unfortunately, it turned out to have a nasty virus that thank goodness was picked up by my Kapsersky protection and it removed it. But it left my settings so screwed up I had to do a system restore, and thank goodness the computer is fine! Watch out for them!

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox