Vulnerability Summary for the Week of February 8, 2016
Please Note:
• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.
• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.
• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.
Multiple Vulnerabilities in Microsoft Products
Original Issue Date: February 10, 2016
Severity Rating: High
Systems Affected
Windows Vista x64 Edition Service Pack 2 Windows 7 for 32-bit and x64 based Systems Service Pack 1 Windows Server 2008 for 32-bit, x64 based & Itanium-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Systems Service Pack 2 Windows 8.1 for 32-bit and x64 based Systems Windows Server 2008 for 32-bit, x64-based & Itanium-based Systems SP 2 Windows Server 2008 for 32-bit and x64-based Systems SP 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation) Windows 10 for 32-bit and x64 based Systems Windows 10 Version 1511 for 32-bit and x64 based Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Microsoft Office 2007 SP 3 Microsoft Office 2010 SP 2 (32-bit editions and 64-bit editions) Microsoft Excel 2013 SP 1 (32-bit editions and 64-bit editions) Microsoft Excel 2013 RT SP1 Microsoft Word 2013 RT SP1 Microsoft Excel 2016 (32-bit edition and 64-bit editions) Microsoft Excel for Mac 2011 Microsoft Word for Mac 2011 Microsoft Excel 2016 for Mac Microsoft Word 2016 for Mac Microsoft Office Compatibility Pack SP3 Microsoft Excel Viewer Microsoft Word Viewer Excel Services on Microsoft SharePoint Server 2007 SP3 (32-bit editions and 64-bit editions) Excel Services on Microsoft SharePoint Server 2010 SP2 Excel Services on Microsoft SharePoint Server 2013 SP1 Word Automation Services on Microsoft SharePoint Server 2013 SP1 Microsoft Office Web Apps 2010 SP2 Microsoft Office Web Apps Server 2013 SP1 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Foundation 2013 SP1 Adobe Flash Player for Microsoft Edge and Internet Explorer 11 Adobe Flash Player Desktop Runtime AIR Desktop Runtime
Overview
Multiple Vulnerabilities have been reported in various components of Microsoft Products.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
Microsoft Security Bulletin Severity CERT-In Vulnerability Notes
MS16-009:Cumulative Security Update for High CIVN-2016-0035 Internet Explorer Multiple Vulnerabilities in Microsoft Internet Explorer
MS16-011:Cumulative Security Update for High CIVN-2016-0036 Microsoft Edge Multiple Vulnerabilities in Microsoft Edge
MS16-012:Security Update for Microsoft High CIVN-2016-0037 Windows PDF Library to Address Remote Multiple vulnerabilities in Microsoft Code Execution Windows Reader and PDF Library
MS16-013:Security Update for Windows High CIVN-2016-0038 Journal to Address Remote Code Execution Microsoft Windows Journal Remote Code Execution Vulnerability
MS16-014:Security Update for Microsoft High CIVN-2016-0039 Windows to Address Remote Code Execution Multiple vulnerabilities in Microsoft Windows
MS16-015:Security Update for Microsoft High CIVN-2016-0040 Office to Address Remote Code Execution Multiple Vulnerabilities in Microsoft Office
MS16-016:Security Update for WebDAV to High CIVN-2016-0041 Address Elevation of Privilege Microsoft Windows WebDAV Privilege Escalation Vulnerability
MS16-017:Security Update for Remote High CIVN-2016-0042 Desktop Display Driver to Address Elevation Microsoft Windows Remote Desktop of Privilege Protocol Privilege Escalation Vulnerability
MS16-018:Security Update for Windows Medium CIVN-2016-0043 Kernel-Mode Drivers to Address Elevation of Microsoft Windows Kernel-Mode Driver Privilege Privilege Escalation Vulnerability
MS16-019:Security Update for .NET Medium CIVN-2016-0044 Framework to Address Denial of Service Multiple Vulnerabilities in Microsoft .Net Framework
MS16-020:Security Update for Active Medium CIVN-2016-0045 Directory Federation Services to Address Denial of Service Vulnerability in Active Denial of Service Directory Federation Services
MS16-021:Security Update for NPS RADIUS Medium CIVN-2016-0046 Server to Address Denial of Service Denial of Service Vulnerability in Microsoft Windows NPS RADIUS Server
MS16-022:Security Update for Adobe Flash High CIVN-2016-0047 Player Multiple Vulnerabilities in Adobe Flash Player
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin February 2016 https://technet.microsoft.com/en-us/library/security/ms16-feb.aspx
• Sources: Microsoft Corporation https://technet.microsoft.com/en-us/library/security/ms16-feb.aspx
Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT