Vulnerability Summary for the Week of February 8, 2016

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

Multiple Vulnerabilities in Microsoft Products

Original Issue Date: February 10, 2016

Severity Rating: High

Systems Affected

 Windows Vista x64 Edition Service Pack 2  Windows 7 for 32-bit and x64 based Systems Service Pack 1  Windows Server 2008 for 32-bit, x64 based & Itanium-based Systems Service Pack 2  Windows Server 2008 R2 for x64-based Systems Service Pack 1  Windows Server 2008 R2 for Systems Service Pack 2  Windows 8.1 for 32-bit and x64 based Systems  Windows Server 2008 for 32-bit, x64-based & Itanium-based Systems SP 2  Windows Server 2008 for 32-bit and x64-based Systems SP 2 (Server Core installation)  Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation)  Windows 10 for 32-bit and x64 based Systems  Windows 10 Version 1511 for 32-bit and x64 based Systems  Windows Server 2012  Windows Server 2012 (Server Core installation)  Windows Server 2012 R2 (Server Core installation)  Microsoft Office 2007 SP 3  Microsoft Office 2010 SP 2 (32-bit editions and 64-bit editions)  Microsoft Excel 2013 SP 1 (32-bit editions and 64-bit editions)  Microsoft Excel 2013 RT SP1  Microsoft Word 2013 RT SP1  Microsoft Excel 2016 (32-bit edition and 64-bit editions)  Microsoft Excel for Mac 2011  Microsoft Word for Mac 2011  Microsoft Excel 2016 for Mac  Microsoft Word 2016 for Mac  Microsoft Office Compatibility Pack SP3  Microsoft Excel Viewer  Microsoft Word Viewer  Excel Services on Microsoft SharePoint Server 2007 SP3 (32-bit editions and 64-bit editions)  Excel Services on Microsoft SharePoint Server 2010 SP2  Excel Services on Microsoft SharePoint Server 2013 SP1  Word Automation Services on Microsoft SharePoint Server 2013 SP1  Microsoft Office Web Apps 2010 SP2  Microsoft Office Web Apps Server 2013 SP1  Microsoft SharePoint Server 2013 SP1  Microsoft SharePoint Foundation 2013 SP1  Adobe Flash Player for Microsoft Edge and Internet Explorer 11  Adobe Flash Player Desktop Runtime  AIR Desktop Runtime

Overview

Multiple Vulnerabilities have been reported in various components of Microsoft Products.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin Severity CERT-In Vulnerability Notes

MS16-009:Cumulative Security Update for High CIVN-2016-0035 Internet Explorer Multiple Vulnerabilities in Microsoft Internet Explorer

MS16-011:Cumulative Security Update for High CIVN-2016-0036 Microsoft Edge Multiple Vulnerabilities in Microsoft Edge

MS16-012:Security Update for Microsoft High CIVN-2016-0037 Windows PDF Library to Address Remote Multiple vulnerabilities in Microsoft Code Execution Windows Reader and PDF Library

MS16-013:Security Update for Windows High CIVN-2016-0038 Journal to Address Remote Code Execution Microsoft Windows Journal Remote Code Execution Vulnerability

MS16-014:Security Update for Microsoft High CIVN-2016-0039 Windows to Address Remote Code Execution Multiple vulnerabilities in Microsoft Windows

MS16-015:Security Update for Microsoft High CIVN-2016-0040 Office to Address Remote Code Execution Multiple Vulnerabilities in Microsoft Office

MS16-016:Security Update for WebDAV to High CIVN-2016-0041 Address Elevation of Privilege Microsoft Windows WebDAV Privilege Escalation Vulnerability

MS16-017:Security Update for Remote High CIVN-2016-0042 Desktop Display Driver to Address Elevation Microsoft Windows Remote Desktop of Privilege Protocol Privilege Escalation Vulnerability

MS16-018:Security Update for Windows Medium CIVN-2016-0043 Kernel-Mode Drivers to Address Elevation of Microsoft Windows Kernel-Mode Driver Privilege Privilege Escalation Vulnerability

MS16-019:Security Update for .NET Medium CIVN-2016-0044 Framework to Address Denial of Service Multiple Vulnerabilities in Microsoft .Net Framework

MS16-020:Security Update for Active Medium CIVN-2016-0045 Directory Federation Services to Address Denial of Service Vulnerability in Active Denial of Service Directory Federation Services

MS16-021:Security Update for NPS RADIUS Medium CIVN-2016-0046 Server to Address Denial of Service Denial of Service Vulnerability in Microsoft Windows NPS RADIUS Server

MS16-022:Security Update for Adobe Flash High CIVN-2016-0047 Player Multiple Vulnerabilities in Adobe Flash Player

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin February 2016 https://technet.microsoft.com/en-us/library/security/ms16-feb.aspx

• Sources: Microsoft Corporation https://technet.microsoft.com/en-us/library/security/ms16-feb.aspx

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT