Print

Print


To all IT Professionals:

 

The UNL ITS Security Team wanted to let you know there are quite a few
critical Microsoft updates available this Tuesday.  MS16-053 has known
exploits.  Please visit the following link to get a better visual of the
security ratings of the patches listed below:

 

hxxps://isc.sans.edu/mspatchdays.html?viewday=2016-05-10

 

Microsoft Patch Tuesday 2016-05-10

MS16-051 Title Cumulative Security Update for Internet Explorer

Replaces              KB3147458, KB3155413

Affected              Microsoft Windows, Internet Explorer

KB           KB3155533

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Critical

ISC Server Rating              Critical

CVE        Exploitability

2016-0187          1

2016-0188          3

2016-0189          1

2016-0192          2

2016-0194          2

Top of page

MS16-052 Title Cumulative Security Update for Microsoft Edge

Replaces              KB3147458, KB3147461

Affected              Microsoft Windows, Microsoft Edge

KB           KB3155538

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Critical

ISC Server Rating              Critical

CVE        Exploitability

2016-0186          1

2016-0191          1

2016-0192          1

2016-0193          1

Top of page

 

MS16-053 Title Cumulative Security Update for JScript and VBScript

Replaces              KB3124625

Affected              Microsoft Windows

KB           KB3156764

Known Exploits Yes

Microsoft Rating               Critical

ISC Client Rating               Patch now

ISC Server Rating              Patch now

CVE        Exploitability

2016-0187          1

2016-0189          0

Top of page

MS16-054 Title Cumulative Security Update for Microsoft Office

Replaces              KB2760585, KB2760591, KB3054841, KB3054848, KB3114486,
KB3114553, KB3114855, KB3114937, KB3114937, KB3114982, KB3114983, KB3114987,
KB3114988, KB3114990, KB3114993, KB3114994, KB3142577, KB3154208

Affected              Microsoft Office, Microsoft Office Services and Web
Apps

KB           KB3155544

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Critical

ISC Server Rating              Important

CVE        Exploitability

2016-0126          2

2016-0140          1

2016-0183          2

2016-0198          1

Top of page

 

MS16-055 Title Cumulative Security Update for Microsoft Graphics Component

Replaces              KB3035132, KB3124001, KB3147458, KB3147461

Affected              Microsoft Windows

KB           KB3156754

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Critical

ISC Server Rating              Critical

CVE        Exploitability

2016-0168          2

2016-0169          1

2016-0170          2

2016-0184          1

2016-0195          2

Top of page

 

MS16-056 Title Windows Journal Memory Corruption Vulnerability

Replaces              KB3147458, KB3147461

Affected              Microsoft Windows

KB           KB3156761

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Important

ISC Server Rating              N/A

CVE        Exploitability

2016-0182          3

Top of page

MS16-057 Title Windows Shell Remote Code Execution Vulnerability

Replaces              KB3147458, KB3147461

Affected              Microsoft Windows

KB           KB3156987

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Critical

ISC Server Rating              Critical

CVE        Exploitability

2016-0179          2

Top of page

 

MS16-058 Title Windows DLL Loading Remote Code Execution Vulnerability

Replaces              

Affected              Microsoft Windows

KB           KB3141083

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              Important

CVE        Exploitability

2016-0152          2

Top of page

MS16-059 Title Windows Media Center Remote Code Execution Vulnerability

Replaces              KB3108669

Affected              Microsoft Windows

KB           KB3150220

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              N/A

CVE        Exploitability

2016-0185          2

Top of page

 

MS16-060 Title Windows Kernel Elevation of Privilege Vulnerability

Replaces              KB3121212, KB3121212, KB3140410, KB3140410, KB3147458

Affected              Microsoft Windows

KB           KB3154846

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              Important

CVE        Exploitability

2016-0180          2

Top of page

 

MS16-061 Title RPC Network Data Representation Engine Elevation of Privilege
Vulnerability

Replaces              KB2978668, KB3140410, KB3147458, KB3147461

Affected              Microsoft Windows

KB           KB3155520

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              Important

CVE        Exploitability

2016-0178          2

Top of page

 

MS16-062 Title Cumulative Security Update for Windows Kernel-Mode Drivers

Replaces              KB2976897, KB3139852, KB3145739, KB3147458, KB3147461,
KB3147461

Affected              Microsoft Windows

KB           KB3158222

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              Important

CVE        Exploitability

2016-0171          1

2016-0173          1

2016-0174          1

2016-0175          2

2016-0176          1

2016-0196          1

2016-0197          3

Top of page

 

MS16-064 Title Cumulative Security Update for Adobe Flash

Replaces              KB3154132

Affected              Microsoft Windows, Adobe Flash Player

KB           KB3157993

Known Exploits No

Microsoft Rating               Critical

ISC Client Rating               Critical

ISC Server Rating              Critical

CVE        Exploitability

Top of page

MS16-065 Title TLS/SSL Information Disclosure Vulnerability

Replaces              KB2972107, KB2978041, KB2978042, KB3140768, KB3147458

Affected              Microsoft Windows, Microsoft .NET Framework

KB           KB3156757

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              Important

CVE        Exploitability

2016-0149          3

Top of page

 

MS16-066 Title Hypervisor Code Integrity Security Feature Bypass

Replaces              KB3147458, KB3147461

Affected              Microsoft Windows

KB           KB3155451

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              N/A

CVE        Exploitability

2016-0181          3

Top of page

 

MS16-067 Title Remote Desktop Protocol Drive Redirection Information
Disclosure Vulnerability

Replaces              

Affected              Microsoft Windows

KB           KB3155784

Known Exploits No

Microsoft Rating               Important

ISC Client Rating               Important

ISC Server Rating              Important

CVE        Exploitability

2016-0190          3

Top of page

 

We will update issues on this page for about a week or so as they evolve. We
appreciate your updates!

US based customers can call Microsoft for free patch related support on
1-866-PCSAFETY

(*): ISC rating

 

    We use 4 levels:

        PATCH NOW: Typically used where we see immediate danger of
exploitation. Typical environments will want to deploy these patches ASAP.
Workarounds are typically not accepted by users or are not possible. This
rating is often used when typical deployments make it vulnerable and
exploits are being used or easy to obtain or make.

        Critical: Anything that needs little to become "interesting" for the
dark side. Best approach is to test and deploy ASAP. Workarounds can give
more time to test.

        Important: Things where more testing and other measures can help.

        Less Urgent: practices for servers such as not using outlook, MSIE,
word etc. to do traditional office or leisure work.

        The rating is not a risk analysis as such. It is a rating of
importance of the vulnerability and the perceived or even predicted
threatatches.

 

 

Departments fully managed by ITS will have the updates automatically
distributed.  Departments using SCCM and/or Casper to manage their own
devices should enable the updates for distribution to their users.  For more
information about how you can take advantage of the Enterprise Desktop
Services provided by ITS, please visit http://its.unl.edu/desktop

 

 

Don't hesitate to reach out if you have questions or comments about this
notice. 

 

Mike

 

 

 

Michael Rutt, CISSP | University of Nebraska - Lincoln | IT Security
Coordinator | 402-472-0933 | [log in to unmask] <mailto:[log in to unmask]>