Microsoft Security Bulletin: April 12

Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 39 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft Security Update for XML Core Services (MS16-040)

Severity

Critical 4

Qualys ID

124885

Vendor Reference

MS16-040

CVE Reference

CVE-2016-0147

CVSS Scores

Base 9.3 / Temporal 6.9

Description

A remote code execution vulnerability exists when the Microsoft XML Core Services (MSXML) parser processes user input.
The update addresses the vulnerability by correcting how the MSXML parser processes user input.
This security update is rated Critical for Microsoft XML Core Services 3.0 on all supported releases of Microsoft Windows.

Consequence

The vulnerability could allow an attacker to run malicious code remotely to take control of the user's system.

Solution

Refer to Microsoft Security Bulletin MS16-040 for further details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-040 Windows 10 Version 1511 for 32-bit Systems
MS16-040 Windows 10 Version 1511 for x64-based Systems
MS16-040 Windows 10 for 32-bit Systems
MS16-040 Windows 10 for x64-based Systems
MS16-040 Windows 7 for 32-bit Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows 7 for x64-based Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows 8.1 for 32-bit Systems(Microsoft XML Core Services 3.0)
MS16-040 Windows 8.1 for x64-based Systems(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012 R2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012 R2 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Vista Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Vista x64 Edition Service Pack 2(Microsoft XML Core Services 3.0)
Microsoft Cumulative Security Update for Internet Explorer (MS16-037)

Severity

Critical 4

Qualys ID

100281

Vendor Reference

MS16-037

CVE Reference

CVE-2016-0154, CVE-2016-0159, CVE-2016-0160, CVE-2016-0162, CVE-2016-0164, CVE-2016-0166

CVSS Scores

Base 7.6 / Temporal 6.3

Description

Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
This security update resolves multiple vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

Consequence

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Solution

Customers are advised to refer to Microsoft Advisory MS16-037 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-037 Windows 10 Version 1511 for 32-bit Systems
MS16-037 Windows 10 Version 1511 for x64-based Systems
MS16-037 Windows 10 for 32-bit Systems
MS16-037 Windows 10 for x64-based Systems
MS16-037 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS16-037 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS16-037 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS16-037 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS16-037 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS16-037 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS16-037 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS16-037 Windows Server 2012(Internet Explorer 10)
MS16-037 Windows Server 2012 R2(Internet Explorer 11)
MS16-037 Windows Vista Service Pack 2(Internet Explorer 9)
MS16-037 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
Microsoft Edge Cumulative Security Update (MS16-038)

Severity

Critical 4

Qualys ID

91202

Vendor Reference

MS16-038

CVE Reference

CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161

CVSS Scores

Base 7.6 / Temporal 6.3

Description

Microsoft Edge is a web browser developed by Microsoft and included in the company's Windows 10 operating systems, replacing Internet Explorer as the default web browser on all device classes.
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow code execution with elevated privileges if a user views a specially crafted webpage using Microsoft Edge.
This security update is rated critical for Microsoft Edge on Windows 10.

Consequence

An attacker who has successfully exploited the vulnerabilities could gain the same user rights as the current user.

Solution

Customers are advised to refer to Microsoft Security Bulletin MS16-038 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-038 Windows 10 Version 1511 for 32-bit Systems
MS16-038 Windows 10 Version 1511 for x64-based Systems
MS16-038 Windows 10 for 32-bit Systems
MS16-038 Windows 10 for x64-based Systems
Microsoft Windows Graphics Component Security Update (MS16-039)

Severity

Urgent 5

Qualys ID

91204

Vendor Reference

MS16-039

CVE Reference

CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167

CVSS Scores

Base 9.3 / Temporal 8.1

Description

- Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory.
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.
This security update is rated Critical for all supported released of Microsoft Windows, affected versions of Microsoft .NET framework, affected editions of Skype for business 2016, Microsoft Lync 2013 and Microsoft Office 2010.
This security update is rated Important for all affected editions of Microsoft Office 2007 and Microsoft Office 2010.

Consequence

Successful exploitation allows attacker to execute arbitrary code.

Solution

Customers are advised to refer to Microsoft Advisory MS16-039 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-039 Microsoft Live Meeting 2007 Console
MS16-039 Microsoft Lync 2010
MS16-039 Microsoft Lync 2010
MS16-039 Microsoft Lync 2010 Attendee
MS16-039 Microsoft Lync 2010 Attendee
MS16-039 Microsoft Lync 2013 Service Pack 1
MS16-039 Microsoft Lync 2013 Service Pack 1
MS16-039 Microsoft Lync Basic 2013 Service Pack 1
MS16-039 Microsoft Lync Basic 2013 Service Pack 1
MS16-039 Microsoft Office 2007 Service Pack 3
MS16-039 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-039 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-039 Microsoft Word Viewer
MS16-039 Skype for Business 2016
MS16-039 Skype for Business 2016
MS16-039 Skype for Business Basic 2016
MS16-039 Skype for Business Basic 2016
MS16-039 Windows 10 Version 1511 for 32-bit Systems
MS16-039 Windows 10 Version 1511 for x64-based Systems
MS16-039 Windows 10 for 32-bit Systems
MS16-039 Windows 10 for 64-bit Systems
MS16-039 Windows 10 for x64-based Systems
MS16-039 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-039 Windows 7 for 32-bit Systems Service Pack 1
MS16-039 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-039 Windows 7 for x64-based Systems Service Pack 1
MS16-039 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS16-039 Windows 8.1 for 32-bit Systems
MS16-039 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS16-039 Windows 8.1 for x64-based Systems
MS16-039 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-039 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-039 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-039 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS16-039 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-039 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-039 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-039 Windows Server 2012(Microsoft .NET Framework 3.5)
MS16-039 Windows Server 2012
MS16-039 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-039 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS16-039 Windows Server 2012 R2
MS16-039 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-039 Windows Vista Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Vista Service Pack 2
MS16-039 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework Remote Code Execution Vulnerability (MS16-041)

Severity

Critical 4

Qualys ID

91201

Vendor Reference

MS16-041

CVE Reference

CVE-2016-0148

CVSS Scores

Base 7.2 / Temporal 5.3

Description

The Microsoft .NET Framework is a software framework for computers running Microsoft Windows operating systems.
A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system.
The security update addresses the vulnerability by correcting how correcting how .NET validates input on library load.
This security update is rated Important for Microsoft .NET Framework 4.6 and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows.

Consequence

The more severe of the vulnerabilities could cause remote code execution if an attacker with access to the local system executes a malicious application.

Solution

Refer to MS16-041 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-041 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-041 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-041 Windows Vista Service Pack 2(Microsoft .NET Framework 4.6)
MS16-041 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.6)
Microsoft Office Remote Code Execution Vulnerabilities (MS16-042)

Severity

Urgent 5

Qualys ID

110271

Vendor Reference

MS16-042

CVE Reference

CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory
Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
Microsoft has released a security update that addresses the vulnerabilities by correcting how Office handles objects in memory.

Consequence

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Solution

Refer to Microsoft Security Bulletin MS16-042 for further details.
Workaround:
1) Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources
Impact of Workaround #1: Users who have configured the File Block policy and have not configured a special "exempt directory" will be unable to open documents saved in the RTF format.
2) Use Microsoft Office File Block policy to prevent Office from opening Office 2003 (Excel binary files) and earlier documents from unknown or untrusted sources and locations
Impact of Workaround #2: Users who have configured the File Block policy and have not configured a special "exempt directory" will be unable to open documents saved in the Office 2003 or older file formats.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-042 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
MS16-042 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)
MS16-042 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
MS16-042 Microsoft Excel 2007 Service Pack 3
MS16-042 Microsoft Excel 2010 Service Pack 2 (32-bit editions)
MS16-042 Microsoft Excel 2010 Service Pack 2 (64-bit editions)
MS16-042 Microsoft Excel 2013 Service Pack 1 (32-bit editions)
MS16-042 Microsoft Excel 2013 Service Pack 1 (64-bit editions)
MS16-042 Microsoft Excel 2016 (32-bit edition)
MS16-042 Microsoft Excel 2016 (64-bit edition)
MS16-042 Microsoft Excel Viewer
MS16-042 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-042 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-042 Microsoft Office Compatibility Pack Service Pack 3
MS16-042 Microsoft Office Compatibility Pack Service Pack 3
MS16-042 Microsoft Office Web Apps 2010 Service Pack 2
MS16-042 Microsoft Office Web Apps Server 2013 Service Pack 1
MS16-042 Microsoft Word 2007 Service Pack 3
MS16-042 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS16-042 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS16-042 Microsoft Word 2013 Service Pack 1 (32-bit editions)
MS16-042 Microsoft Word 2013 Service Pack 1 (64-bit editions)
MS16-042 Microsoft Word 2016 for Mac
MS16-042 Microsoft Word Viewer
MS16-042 Microsoft Word for Mac 2011
MS16-042 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
MS16-042 Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Windows OLE Remote Code Execution Vulnerability (MS16-044)

Severity

Critical 4

Qualys ID

91198

Vendor Reference

MS16-044

CVE Reference

CVE-2016-0153

CVSS Scores

Base 9.3 / Temporal 6.9

Description

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.
The security update addresses the vulnerability by correcting how Windows OLE validates user input.
This security update is rated Important for all supported editions of Microsoft Windows, except for Windows 10.

Consequence

An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message. The update addresses the vulnerability by correcting how Windows OLE validates user input.

Solution

Refer to MS16-044 for further information.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-044 Windows 7 for 32-bit Systems Service Pack 1
MS16-044 Windows 7 for x64-based Systems Service Pack 1
MS16-044 Windows 8.1 for 32-bit Systems
MS16-044 Windows 8.1 for x64-based Systems
MS16-044 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-044 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-044 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-044 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-044 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-044 Windows Server 2012
MS16-044 Windows Server 2012 R2
MS16-044 Windows Vista Service Pack 2
MS16-044 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Security Update for Hyper-V (MS16-045)

Severity

Critical 4

Qualys ID

91200

Vendor Reference

MS16-045

CVE Reference

CVE-2016-0088, CVE-2016-0089, CVE-2016-0090

CVSS Scores

Base 7.2 / Temporal 5.3

Description

Hyper-V is a hypervisor-based technology.
The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Information disclosure vulnerabilities exist when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
The security update addresses the vulnerabilities by correcting how Hyper-V validates guest operating system user input.
This security update is rated Important for all supported editions of Windows 8.1 for x64-based Systems, Windows Server 2012, Windows Server 2012 R2, and Windows 10 for x64-based Systems.

Consequence

An attacker who successfully exploited the vulnerability could execute arbitrary code or gain access to information on the Hyper-V host operating system.

Solution

Refer to Microsoft Security Bulletin MS16-045 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-045 Windows 10 for x64-based Systems
MS16-045 Windows 8.1 for x64-based Systems
MS16-045 Windows Server 2012
MS16-045 Windows Server 2012 R2
Microsoft Windows Security Update for Secondary Logon (MS16-046)

Severity

Critical 4

Qualys ID

91203

Vendor Reference

MS16-046

CVE Reference

CVE-2016-0135

CVSS Scores

Base 7.2 / Temporal 5.3

Description

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. The security update addresses the vulnerability by correcting how Windows Secondary Logon Service handles requests in memory.
This security update is rated Important for all supported editions of Windows 10.

Consequence

An attacker who successfully exploits this vulnerability could run arbitrary code as an administrator. An attacker could then install programs, view, change, or delete data; or create new accounts with full user rights.

Solution

Customers are advised to refer to Microsoft Advisory MS16-046 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-046 Windows 10 Version 1511 for 32-bit Systems
MS16-046 Windows 10 Version 1511 for 32-bit Systems
MS16-046 Windows 10 for 32-bit Systems
MS16-046 Windows 10 for x64-based Systems
Microsoft Windows Security Update for SAM and LSAD Remote Protocols (MS16-047) (BADLOCK)

Severity

Serious 3

Qualys ID

91199

Vendor Reference

MS16-047

CVE Reference

CVE-2016-0128

CVSS Scores

Base 5.8 / Temporal 4.8

Description

An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect the RPC channel adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel.
The security update addresses the vulnerability by modifying how the SAM and LSAD remote protocols handle authentication levels.
This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Consequence

The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack.

Solution

Refer to Microsoft Security Bulletin MS16-047 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-047 Windows 10 Version 1511 for 32-bit Systems
MS16-047 Windows 10 Version 1511 for x64-based Systems
MS16-047 Windows 10 for 32-bit Systems
MS16-047 Windows 10 for x64-based Systems
MS16-047 Windows 7 for 32-bit Systems Service Pack 1
MS16-047 Windows 7 for x64-based Systems Service Pack 1
MS16-047 Windows 8.1 for 32-bit Systems
MS16-047 Windows 8.1 for x64-based Systems
MS16-047 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-047 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-047 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-047 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-047 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-047 Windows Server 2012
MS16-047 Windows Server 2012 R2
MS16-047 Windows Vista Service Pack 2
MS16-047 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Security Feature Bypass Vulnerability (MS16-048)

Severity

Critical 4

Qualys ID

91205

Vendor Reference

MS16-048

CVE Reference

CVE-2016-0151

CVSS Scores

Base 7.2 / Temporal 6

Description

Microsoft CSRSS (Client/Server Runtime Subsystem) is an essential Windows subsystem. The CSRSS is responsible for console windows, creating and/or deleting threads.
- A security feature bypass vulnerability exists in CSRSS component that does not properly manage process tokens in memory.
This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 and Windows 10.

Consequence

This issue can be exploited by malicious, local users to gain escalated privileges.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

Customers are advised to view MS16-048 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-048 Windows 10 Version 1511 for 32-bit Systems
MS16-048 Windows 10 Version 1511 for x64-based Systems
MS16-048 Windows 10 for 32-bit Systems
MS16-048 Windows 10 for x64-based Systems
MS16-048 Windows 8.1 for 32-bit Systems
MS16-048 Windows 8.1 for x64-based Systems
MS16-048 Windows Server 2012
MS16-048 Windows Server 2012 R2
Microsoft Windows HTTP.sys Denial of Service Vulnerability (MS16-049)

Severity

Critical 4

Qualys ID

91197

Vendor Reference

MS16-049

CVE Reference

CVE-2016-0150

CVSS Scores

Base 7.8 / Temporal 5.8

Description

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests.
To exploit this vulnerability, an attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become non-responsive.
Microsoft has released an update that addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP 2.0 requests.
This security update is rated Important for all supported editions of Microsoft Windows 10.

Consequence

The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

Solution

Refer to Microsoft Security Bulletin MS16-049 for further details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-049 Windows 10 Version 1511 for 32-bit Systems
MS16-049 Windows 10 Version 1511 for x64-based Systems
MS16-049 Windows 10 for 32-bit Systems
MS16-049 Windows 10 for x64-based Systems
Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-050 and KB3154132)

Severity

Urgent 5

Qualys ID

100282

Vendor Reference

MS16-050

CVE Reference

CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019

CVSS Scores

Base 10 / Temporal 8.7

Description

Microsoft released an update (MS16-050) for Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
The update addresses the vulnerabilities described in Adobe Security bulletin APSB16-10.
This security update is rated Critical for Adobe Flash Player in Internet Explorer 10, Internet Explorer 11 and Microsoft Edge.

Consequence

Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code, failed exploits may result in denial of service.

Solution

Customers are advised to view MS16-050 for instructions pertaining to the remediation of these vulnerabilities. Workaround:
- Prevent Adobe Flash Player from running
- Prevent Adobe Flash Player from running on Internet Explorer through Group Policy
- Prevent Adobe Flash Player from running in Office 2010 on affected systems
- Prevent ActiveX controls from running in Office 2007 and Office 2010
- Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
- Add sites that you trust to the Internet Explorer Trusted sites zone
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-050 Windows 8.1 for 32-bit Systems(Adobe Flash Player)
MS16-050 Windows 8.1 for x64-based Systems(Adobe Flash Player)
MS16-050 Windows Server 2012(Adobe Flash Player)
MS16-050 Windows Server 2012 R2(Adobe Flash Player)

These new vulnerability checks are included in Qualys vulnerability signature 2.3.281-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 124885
- 100281
- 91202
- 91204
- 91201
- 110271
- 91198
- 91200
- 91203
- 91199
- 91205
- 91197
- 100282
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

April 12, 2016

Advisory overview

Vulnerability details

Microsoft Security Update for XML Core Services (MS16-040)

Microsoft Cumulative Security Update for Internet Explorer (MS16-037)

Microsoft Edge Cumulative Security Update (MS16-038)

Microsoft Windows Graphics Component Security Update (MS16-039)

Microsoft .NET Framework Remote Code Execution Vulnerability (MS16-041)

Microsoft Office Remote Code Execution Vulnerabilities (MS16-042)

Microsoft Windows OLE Remote Code Execution Vulnerability (MS16-044)

Microsoft Windows Security Update for Hyper-V (MS16-045)

Microsoft Windows Security Update for Secondary Logon (MS16-046)

Microsoft Windows Security Update for SAM and LSAD Remote Protocols (MS16-047) (BADLOCK)

Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Security Feature Bypass Vulnerability (MS16-048)

Microsoft Windows HTTP.sys Denial of Service Vulnerability (MS16-049)

Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-050 and KB3154132)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys