Microsoft February 2016 Patch Tuesday - SANS Internet Storm Center

Overview of the February 2016 Microsoft patches and their status.

#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	ISC rating(*)
#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	clients	servers
MS16-009	Cumulative Security Update for Internet Explorer (Replaces MS16-001 )
MS16-009	Internet Explorer CVE-2016-0041, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077	KB 3134220	no.	Severity:Critical Exploitability: 1,2,1,1,1,1,1,1,1,3,4,1,3	Critical	Critical
MS16-010	MS16-010 was published as part of the January update. (Security Update in Microsoft Exchange Server to Address Spoofing (3124557))
MS16-011	Cumulative Security Update for Microsoft Edge (Replaces KB3124266 )
MS16-011	Microsoft Edge CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084	KB 3134225	no.	Severity:Critical Exploitability: 1,1,1,3,1,1	Critical	Critical
MS16-012	Remote Code Execution in PDF Library
MS16-012	Microsoft Windows PDF Library CVE-2016-0058 CVE-2016-0046	KB 3138938	no.	Severity:Critical Exploitability: 2,1	Critical	Critical
MS16-013	Remote Code Execution in Windows Journal (Replaces MS15-114 )
MS16-013	Windows Journal CVE-2016-0038	KB 3134811	no.	Severity:Critical Exploitability: 2	Critical	Critical
MS16-014	Remote Code Execution in Microsoft Windows (Replaces MS16-007 )
MS16-014	DLL Loading / Kerberos CVE-2016-0040 CVE-2016-0041 CVE-2016-0042 CVE-2016-0044 CVE-2016-0049	KB 3134228	no.	Severity:Important Exploitability: 2,2,1,3,2	Critical	Important
MS16-015	Remote Code Execution in Microsoft Office (Replaces MS16-004 )
MS16-015	Microsoft Office CVE-2016-0022 CVE-2016-0052 CVE-2016-0053 CVE-2016-0054 CVE-2016-0055 CVE-2016-0056	KB 3134226	no.	Severity:Critical Exploitability: 1,3,1,1,1,1,1	Critical	Important
MS16-016	Elevation of Privilege Vulnerability in WebDAV (Replaces MS16-004 )
MS16-016	WebDAV CVE-2016-0051	KB 3136041	no.	Severity:Important Exploitability: 2	Important	Important
MS16-017	Elevation of Privilege in Remote Desktop Display Driver (Replaces MS15-067 MS15-030 )
MS16-017	Remote Desktop CVE-2016-0036	KB 3134700	no.	Severity:Important Exploitability: 2	Important	Important
MS16-018	Elevation of Privilege Vulnerability in Kernel Mode Drivers (Replaces MS16-005 )
MS16-018	Kernel Mode Drivers CVE-2016-0048	KB 3136082	no.	Severity:Important Exploitability: 1	Important	Important
MS16-019	Denial of Service in .Net Framework (Replaces MS12-025 )
MS16-019	.Net Framework CVE-2016-0033 CVE-2016-0047	KB 3137893	no.	Severity:Important Exploitability: 3,2	Important	Important
MS16-020	Denial of Service Vulnerability in Active Directory Federation Service (Replaces MS12-040 )
MS16-020	Active Directory Federation Serivce CVE-2016-0037	KB 3134222	no.	Severity:Important Exploitability: 3	Important	Important
MS16-021	Denial of Service Vulnerability in NPS RADIUS Server (Replaces MS15-007 )
MS16-021	Network Policy Server CVE-2016-0050	KB 3133043	no.	Severity:Important Exploitability: 3	Important	Important

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022

Johannes

4504 Posts
ISC Handler

Feb 9th 2016

PoC for the MS16-016 (CVE-2016-0051) https://github.com/koczkatamas/CVE-2016-0051

MD

11 Posts

Quick note: MS has decided to list out the Adobe Flash updates as a separate security release.

Instead of being buried under KB2755801 then getting another KB from there, it's now listed as part of patch Tuesday, this month: MS16-022

Ed

4 Posts

You seem to have missed MS16-022
http://technet.microsoft.com/library/security/ms16-022
(about Adobe Flash)

Paul Szabo

14 Posts

MS16-014 supersedes both MS16-007 and MS16-008

Paul Szabo
1 Posts

I have a question: if someone has a 2008 R2 server that still has IE8 and IE8 is *not* being used for browsing the Internet, is it still critical for security reasons to get that system to IE11? Is it still vulnerable? Any references would be welcome.

Paul Szabo
22 Posts

Quoting Anonymous:I have a question: if someone has a 2008 R2 server that still has IE8 and IE8 is *not* being used for browsing the Internet, is it still critical for security reasons to get that system to IE11? Is it still vulnerable? Any references would be welcome.

MSHTML.DLL (and other parts of IE) are used by quite some Windows components (and 3rd party applications too): the most prominent example is Windows HTML help.
All these components and 3rd party applications can be (ab)used to exploit the unfixed vulnerabilities in MSHTML.DLL and the other parts of IE<11.
So: YES, it's critical!

Anonymous

MS16-016 does not replace MS16-004, must be a copy-paste error from the previous row (MS16-015).

My MS16-016 is a built-in Windows kernel driver while MS16-004 is an Office vulnerability.

koczkatamas

1 Posts