JPCERT-AT-2016-0046
JPCERT/CC
2016-11-09
<<< JPCERT/CC Alert 2016-11-09 >>>
Microsoft Security Bulletin for November 2016
(including 6 critical patches)
https://www.jpcert.or.jp/english/at/2016/at160046.html
I. Overview
Microsoft has released its security bulletin for November 2016.
This bulletin contains six (6) updates that are rated as "critical".
Remote attackers leveraging these vulnerabilities may be able to
execute arbitrary code.
Details on the vulnerabilities can be found at the following URL:
Microsoft Security Bulletin Summary for November 2016
https://technet.microsoft.com/en-us/library/security/ms16-Nov
[Security updates rated as "critical"]
MS16-129
Cumulative Security Update for Microsoft Edge (3199057)
https://technet.microsoft.com/en-us/library/security/MS16-129
MS16-130
Security Update for Microsoft Windows (3199172)
https://technet.microsoft.com/en-us/library/security/MS16-130
MS16-131
Security Update for Microsoft Video Control (3199151)
https://technet.microsoft.com/en-us/library/security/MS16-131
MS16-132
Security Update for Microsoft Graphics Component (3199120)
https://technet.microsoft.com/en-us/library/security/MS16-132
MS16-141
Security Update for Adobe Flash Player (3202790)
https://technet.microsoft.com/en-us/library/security/MS16-141
MS16-142
Cumulative Security Update for Internet Explorer (3198467)
https://technet.microsoft.com/en-us/library/security/MS16-142
According to Microsoft, attacks leveraging the vulnerabilities which
are addressed in MS16-132 (Critical), MS16-135 (Important) and
MS16-142 (Critical) have been observed in the wild. The vulnerabilities
in Adobe Flash and Windows Kernel disclosed by Goodle on October 31 2016
have been addressed in MS16-135 (Windows Kernel vulnerability) and
MS16-128 (Adobe Flash vulnerability Adobe SecurityBulletin APSB16-36),
respectively.
Please apply the security update programs as soon as possible.
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update
http://www.update.microsoft.com/
Windows Update
http://windowsupdate.microsoft.com/
Microsoft Update Catalog
http://catalog.update.microsoft.com/
Microsoft has released the following note regarding MS16-137 (Important).
- Users may experience an issue when you try to change domain account
passwords in multi-computer setups if Kerberos is configured
incorrectly. The Security Update for the Windows Vista and Windows
Server 2008 will be affected. This issue may occur if there are
configuration issues that resemble the known issue described in
the "Known issue 1" section of KB 3167679. See the "Workaround"
section for "Known issue 1" in KB 3167679 for more information
about how to work around this issue.
MS16-101: Description of the security update for Windows authentication methods: August 9, 2016
https://support.microsoft.com/en-us/kb/3167679
III. References
Microsoft
Microsoft Security Bulletin Summary for November 2016
https://technet.microsoft.com/en-us/library/security/ms16-Nov
Microsoft
Microsoft Security Information for November 2016 (Monthly) MS16-129 - MS16-142 (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2016/11/09/201611-security-bulletin/
Microsoft
MS16-137: Description of the security update for Windows authentication methods: November 8, 2016
https://support.microsoft.com/en-us/kb/3198510
Microsoft
Our Commitment to Our Customers Security (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2016/11/04/our-commitment-to-our-customers-security/
Google
Disclosing vulnerabilities to protect users
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Securityweek
Microsoft Patches Windows Zero-Day Exploited by Russian Hackers
http://www.securityweek.com/microsoft-patches-windows-zero-day-exploited-russian-hackers
Adobe Systems
Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top