Security Advisory - November 08, 2016

Zscaler protects against 30 new vulnerabilities for Microsoft Edge, Windows, Office, Graphics Component, Internet Explorer, Kernel-Mode Drivers, Common Log File System Driver, SQL Server, and Virtual Hard Drive

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 30 vulnerabilities included in the November 2016 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.

MS16-129 – Cumulative Security Update for Microsoft Edge

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Severity: Critical 
Affected Software

  • Microsoft Edge

CVE-2016-7200 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7201 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7202 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7203 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7204 – Microsoft Edge Information Disclosure Vulnerability
CVE-2016-7240 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7242 – Scripting Engine Memory Corruption Vulnerability

MS16-130 – Security Update for Microsoft Windows

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

Severity: Critical 
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2 and Windows Server 2008 R2 SP1
  • Windows 7 SP1
  • Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016

 

CVE-2016-7212 – Windows File Manager Remote Code Execution Vulnerability
CVE-2016-7221 – Windows IME Elevation of Privilege Vulnerability

MS16-132 – Security Update for Microsoft Graphics Component

This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. 

Severity: Critical 
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2 and Windows Server 2008 R2 SP1
  • Windows 7 SP1
  • Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016

CVE-2016-7205 – Windows Animation Manager Memory Corruption Vulnerability
CVE-2016-7217 – Microsoft Edge Memory Corruption Vulnerability

MS16-133 – Security Update for Microsoft Office

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Severity: Important 
Affected Software

  • Microsoft Word 2007 SP3
  • Microsoft Office 2010 SP2
  • Microsoft Office 2013 SP1
  • Microsoft Office 2013 SP1 RT
  • Microsoft Office 2016
  • Microsoft Office for Mac 2011
  • Microsoft Office for Mac 2016
  • Microsoft Office Compatibility Pack SP3

CVE-2016-7228 – Microsoft Office Memory Corruption Vulnerability
CVE-2016-7245 – Microsoft Office Memory Corruption Vulnerability

MS16-134 – Security Update for Common Log File System Driver

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context. 

Severity: Important 
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 R2 SP1
  • Windows 7 SP1
  • Windows 8.1 and Windows 8.1 RT
  • Windows Server 2012 and Windows Server 2012 RT
  • Windows 10
  • Windows Server 2016

CVE-2016-0026 – Windows CLFS Elevation of Privilege
CVE-2016-3333 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3334 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3335 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3338 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3342 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

MS16-135 – Security Update for Kernel-Mode Drivers

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Severity: Important 
Affected Software

  • Windows Vista SP2
  • Windows Server 2008 SP2 and Windows Server 2008 R2 SP1
  • Windows 7 SP1
  • Windows 8.1 and Windows RT 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows 10
  • Windows Server 2016

CVE-2016-7214 – Win32k Information Disclosure Vulnerability
CVE-2016-7215 – Win32k Elevation of Privilege Vulnerability
CVE-2016-7218 – Bowser.sys Information Disclosure Vulnerability
CVE-2016-7246 – Win32k Elevation of Privilege Vulnerability
CVE-2016-7255 – Win32k Elevation of Privilege Vulnerability

MS16-136 – Security Update for SQL Server

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

Severity: Important 
Affected Software

  • SQL Server 2012 SP2 and SP3
  • SQL Server 2014 SP1 and SP2
  • SQL Server 2016

 

CVE-2016-7250 – SQL RDBMS Engine Elevation of Privilege Vulnerability

MS16-138 – Security Update to Microsoft Virtual Hard Drive

This security update resolves vulnerabilities in Microsoft Windows. The Windows VHDMP kernel driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

Severity: Important 
Affected Software

  • Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2016

CVE-2016-7224 – VHDFS Driver Elevation of Privilege Vulnerability
CVE-2016-7226 – VHDFS Driver Elevation of Privilege Vulnerability

MS16-142 – Cumulative Security Update for Internet Explorer

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Severity: Critical 
Affected Software

  • Internet Explorer 9-11

CVE-2016-7196 – Microsoft Browser Memory Corruption Vulnerability
CVE-2016-7198 – Microsoft Browser Memory Corruption Vulnerability
CVE-2016-7241 – Microsoft Browser Remote Code Execution Vulnerability