Software

Microsoft Security Updates March 2016

Thirteen bulletins patch 44 vulnerabilities, none publicly disclosed or exploited

Microsoft releases thirteen bulletins this month, patching a total of 44 vulnerabilities. More than half of the critical vulnerabilities fixed this month support the web browsers, Internet Explorer and Microsoft Edge. Vulnerabilities rated critical also exist in Opentype font parsing kernel components, Windows Media Player, and the Windows PDF library. Microsoft reports that none of these vulnerabilities have been publicly disclosed or exploited in the wild. Most everyone running a Windows system that installs these updates will have to reboot that system. A variety of OS, kernel driver, web browser, and entertainment and productivity applications are affected.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Mail Library Loading Validation
  • Windows Adobe Type Manager Library OpenType Font Parsing (in the past, atmfd.dll)
  • Windows Media
  • Microsoft Office
  • Windows OLE supporting applications like Microsoft Office (Asycfilt.dll, Ole32.dll, Oleaut32.dll, Olepro32.dll)
  • Windows Security Authority (seclogon.dll)
  • Multiple Drivers (KMD)
  • .Net Framework

Microsoft is patching yet another dll sideloading vulnerability, a fairly common problem. Microsoft has been addressing dll pre/side-load problems since Win2k SP4! But this one appears to be a bit of a corner case, requiring the use of Microsoft Mail, and a malicious OLE document be opened for editing on the target’s system.

We are anticipating that more than a couple of these vulnerabilities will be attacked in the wild. In the meantime, we are prioritizing other packages, like Adobe and their updates.

Microsoft Security Updates March 2016

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox