Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:19 PM
Connect Directly

Microsoft November Security Updates Include Fix For Zero-Day Flaw

In total, company released 14 security bulletins, six of which addressed Critical flaws

Microsoft’s monthly security patch updates for November include fixes for four previously disclosed vulnerabilities, at least one of which, is already being actively exploited in the wild.

The flaw being attacked (CVE-2016-7255) exists in the Windows kernel and allows threat actors to escalate privileges on vulnerable systems.

Security researchers from Google’s Threat Analysis Group who disclosed the flaw late last month described it as enabling a security sandbox escape. At the time, the Google researchers said they had decided to release details of the bug because attackers were already exploiting it in the wild in conjunction with a separate flaw in Adobe Flash.

Google’s decision to go public before a patch became available earned it a rebuke from Microsoft, which however also warned that it had seen the flaw being used in a low-volume spearphishing campaign by a threat group dubbed STRONTIUM.

Microsoft Security Bulletin MS16-135, released Tuesday and rated as "Important" by the company, has addressed the flaw and four other kernel-level bugs in multiple versions of Windows, including Windows 10.

Enterprises should consider deploying the patch for CVE-2016-7255 in an expedient fashion, says Karl Sigler, threat intelligence manager at Trustwave.

“Since there is a Windows vulnerability being actively exploited in the wild, admins should really focus on verifying that their Windows clients are up to date before focusing on their servers,” he says. “We recommend that admins set their user’s workstations up for automatic updates when possible,” Sigler says.

In total, Microsoft Tuesday released 14 security bulletins addressing a slew of vulnerabilities across almost its entire range of products. Microsoft rated six of the bulletins as "critical" and the remaining eight as "important."

In addition to the Windows kernel flaw that is already being exploited, three other vulnerabilities that Microsoft addressed today, are flaws that were previously disclosed, said Amol Sarwate, director of engineering at Qualys.  

He identified the three flaws (CVE-2016-7227, CVE-2016-7199, and CVE-2016-7209) as existing in Microsoft Internet Explorer and Edge browser and fixed via the MS-16-129 and MS-16-142 security bulletins, both of which Microsoft rated as critical.

From a patch deployment standpoint however, enterprises should focus on first deploying the fix for the Windows Kernel-Mode flaw that Google disclosed. Also important is a fix for a critical Open Type Font remote code execution vulnerability that Microsoft addressed in its MS16-132 released Tuesday, Sarwate says.

Administrators should also not overlook the patches for vulnerabilities in IE and Edge, he says. “Browsers are like gateways to the Internet and desktop administrators should focus on browser patches MS16-142 and MS16-129,” he says. In addition, enterprises might want to pay immediate attention to the Security Update for Microsoft Office (MS-16-133) released today even though Microsoft has only given it an ‘Important’ rating he said.

“Starting last month as all patches are now included in one bundled fix, it’s more of a question of identifying your resources and applying the patch bundle,” Sarwate says.

Meanwhile, in a separate announcement, Adobe Tuesday released security updates for its Adobe Connect for Windows web conferencing software and for Flash Player for Windows, Linux, Macintosh, and Chrome OS.

The update for Adobe Connect addresses an input validation error that could be used to launch cross-site scripting attacks. Adobe’s Flash Player update for November has fixes for nine critical vulnerabilities, the most severe of which would allow an attacker to take complete control of a vulnerable system.

Related stories:


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are, and Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.