By Robert Brown

Last week’s June solstice once again marked the longest day of the year. Long summer days come just in time for this month’s Patch Tuesday, which features an enormous number of Microsoft updates.

This month your IT security officers will need to double their efforts to appreciate the second massive release of Microsoft updates. Earlier this month, Microsoft released 34 KB updates covering Office 2007 to 2016. Today, they have released an additional 16 bulletins of which five are rated Critical and 11 are rated Important. If you are responsible for managing your server estate, you will have your hands full as this report contains 12 updates which are needed on the Windows Server OS — and many of them require reboots.

Are Hackers Going Old-School?

Is there a global resurrection in the spread of viruses and malware using macros? Our evidence has shown, over the past 10 years, the global threat of cyberattacks has increased in sophistication. The damage caused has expanded massively to the point of data hijacking. We recommend our clients keep in mind that viruses can be delivered in the simplest of payloads: an email with a spreadsheet or a presentation or Word document.{ad}

Before 1997, the biggest threat to businesses was the corruption or virus infection of spreadsheets which were used by some of the most important departments in any business. We recommend you make sure your Office updates are applied and your antivirus software is up to date. If you are too focused on the next viable threat, you may forget to look at the basics.

A study conducted by BusinessWire found that 66 percent of U.S. consumers are likely to stop doing business with organizations that have been hacked. The results are alarming when compared to the record number of complaints the FBI’s Internet Crime Center received from users infected with ransomware in 2015. Could your business be next?

“Recently many companies have been affected by the so-called ’Crypto Locker virus’ or variations thereof; so keeping your antivirus up to date is crucial in your defense against such attacks,” says James Rowney, service manager for Verismic. “However, what is often overlooked are operating systems and application security updates. There is no better defense from an attacker than a fully patched OS, yet many still believe that antivirus software being on the front line is where it ends; many are mistaken.”

MS16-039, which resolves several vulnerabilities within Windows, Lync and .NET Framework, has been re-released this month. The patch corrects the way they handle Windows embedded fonts. It is recommended you pay extra attention to this vulnerability being that it has …

{vpipagebreak}

… been observed to upgrade Lync to Skype for Business. Additional testing should be done in order to reduce the chance of end-user disruption if you are still using Lync.

To help your IT security officers, we have chosen a few updates from this Patch Tuesday you should prioritize. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability.

MS16-063 resolves several vulnerabilities with Internet Explorer 9 to 11. It fixes how IE validates JavaScript, closes several memory handle issues and it corrects how Windows handles proxy discovery. Due to the high number of customers still using IE, we recommend this be a priority this month.

MS16-070 resolves vulnerabilities with Office 2007 to 2016. It fixes several memory handle issues and corrects Windows’ validation of some libraries. With the rise in exploits seen when using Word, Excel and PowerPoint documents, we recommend this also be a priority this month.

MS16-071 resolves a serious vulnerability with DNS on Windows Server 2012 and Windows Server 2012 R2 with both UI and Core editions. An unauthenticated attacker could send malicious requests to a DNS server which could allow them to run arbitrary code in the context of the Local System Account. Our research proves DNS populates most on this version of Windows; therefore, we recommend you prioritize this update this month.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

UPDATES

MS16-063 — Cumulative Security Update for Internet Explorer (3163649)
(Impact: Remote Code Execution; Restart Requirement: Requires restart; Severity: Critical; CVSS Score: 9.3)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then …

{vpipagebreak}

… install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-068 — Cumulative Security Update for Microsoft Edge (3163656)
(Impact: Remote Code Execution; Restart Requirement: Requires restart; Severity: Critical; CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted web page using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-069 — Cumulative Security Update for JScript and VBScript (3163640)
(Impact: Remote Code Execution; Restart Requirement: Maybe; Severity: Critical; CVSS Score: 9.3)

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-070 — Security Update for Microsoft Office (3163610)
(Impact: Remote Code Execution; Restart Requirement: Maybe; Severity: Critical; CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-071 — Security Update for Microsoft Windows DNS Server (3164065)
(Impact: Remote Code Execution; Restart Requirement: Requires restart; Severity: Critical; CVSS Score: 9.3)

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a …

{vpipagebreak}

… DNS server.

MS16-072 — Security Update for Group Policy (3163622)
(Impact: Elevation of Privilege; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 4.3)

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MitM) attack against the traffic passing between a domain controller and the target machine. 

MS16-073 — Security Update for Windows Kernel-Mode Drivers (3164028)
(Impact: Elevation of Privilege; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 7.2)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-074 — Security Update for Microsoft Graphics Component (3164036)
(Impact: Elevation of Privilege; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 7.2)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.

MS16-075 — Security Update for Windows SMB Server (3164038)
(Impact: Elevation of Privilege; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 7.2)

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

MS16-076 — Security Update for Netlogon (3167691)
(Impact: Remote Control Execution; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 8.5)

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

MS16-077 — Security Update for WPAD (3165191)
(Impact: Elevation of Privilege; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 4.3)

This security update resolves …

{vpipagebreak}

… vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

MS16-078 — Security Update for Windows Diagnostic Hub (3165479)
(Impact: Elevation of Privilege; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 7.2)

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-079 — Security Update for Microsoft Exchange Server (3160339)
(Impact: Information Disclosure; Restart Requirement: Maybe; Severity: Important; CVSS Score: 4.3)

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.

MS16-080 — Security Update for Microsoft Windows PDF (3164302)
(Impact: Remote Code Execution; Restart Requirement: Maybe; Severity: Important; CVSS Score: N/A)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted pdf file.

MS16-081 — Security Update for Active Directory (3160352)
(Impact: Denial of Service; Restart Requirement: Requires restart; Severity: Important; CVSS Score: 4.0)

This security update resolves vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain. 

MS16-082 — Security Update for Microsoft Windows Search Component (3165270)
(Impact: Denial of Service; Restart Requirement: Requires restart; Severity: Important; CVSS Score: N/A)

This security update resolves vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application.

Robert Brown is the director of services at Verismic, a global leader in cloud IT management technology, green solutions and business network software systems. Prior to his experience at Verismic, Brown developed competencies in SQL Server, Oracle and many Microsoft operating system platforms at FrontRange Solutions (UK) Limited.