Towards a safer cyber space without incidents

JPCERT Coordination Center

Powered by Yahoo! JAPAN

  • Search this site
  • Search the web

Microsoft Security Bulletin for December 2016 (including 6 critical patches)

last update: 2016-12-14 
                                                   JPCERT-AT-2016-0049
                                                             JPCERT/CC
                                                            2016-12-14
                                                     
                  <<< JPCERT/CC Alert 2016-12-14 >>>

            Microsoft Security Bulletin for December 2016
                 (including 6 critical patches)

      https://www.jpcert.or.jp/english/at/2016/at160049.html


I. Overview

  Microsoft has released its security bulletin for December 2016.
This bulletin contains six (6) updates that are rated as "critical".
Remote attackers leveraging these vulnerabilities may be able to
execute arbitrary code.

  Details on the vulnerabilities can be found at the following URL:

    Microsoft Security Bulletin Summary for December 2016
    https://technet.microsoft.com/en-us/library/security/ms16-Dec

  [Security updates rated as "critical"]

    MS16-144
    Cumulative Security Update for Internet Explorer (3204059)
    https://technet.microsoft.com/en-us/library/security/MS16-144

    MS16-145
    Cumulative Security Update for Microsoft Edge (3204062)
    https://technet.microsoft.com/en-us/library/security/MS16-145

    MS16-146
    Security Update for Microsoft Graphics Component (3204066)
    https://technet.microsoft.com/en-us/library/security/MS16-146

    MS16-147
    Security Update for Microsoft Uniscribe(3204063)
    https://technet.microsoft.com/en-us/library/security/MS16-147

    MS16-148
    Security Update for Microsoft Office(3204068)
    https://technet.microsoft.com/en-us/library/security/MS16-148

    MS16-154
    Security Update for Adobe Flash Player(3209498)
    https://technet.microsoft.com/en-us/library/security/MS16-154

  According to Microsoft, Security Bulletin MS16-154 (Critical) 
addresses the vulnerabilities which are described in Adobe Security
Bulletin APSB16-39. According to Adobe Systems, Adobe is aware of a
report that an exploit for CVE-2016-7892 exists in the wild, and is
being used in limited, targeted attacks against users running Internet
Explorer (32-bit) on Windows. JPCERT/CC has observed attacks leveraging
this vulnerability (CVE-2016-7892).

  Please apply the security update programs as soon as possible.


II. Solution

  Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.

    Microsoft Update
    http://www.update.microsoft.com/

    Windows Update
    http://windowsupdate.microsoft.com/

    Microsoft Update Catalog
    https://catalog.update.microsoft.com/


III. References

    Microsoft
    Microsoft Security Bulletin Summary for December 2016
    https://technet.microsoft.com/en-us/library/security/ms16-Dec

    Microsoft
    Microsoft Security Information for December 2016 (Monthly) MS16-144 - MS16-155 (Japanese)
    https://blogs.technet.microsoft.com/jpsecurity/2016/12/14/201612-security-bulletin/

    Adobe Systems
    Security updates available for Adobe Flash Player
    https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

    JPCERT/CC
    Vulnerabilities in Adobe Flash Player (APSB16-39)
    https://www.jpcert.or.jp/english/at/2016/at160048.html

    JVNVU#90937983
    Use-after-free vulnerability in Adobe Flash Player (Japanese)
    https://jvn.jp/vu/JVNVU90937983/


  If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/

Alerts&Advisories

What's new