Advisories

MA-651.032017: MyCERT Advisory - Microsoft Ending Support for Windows Vista

  • 21 Mar 2017
  • Advisory
1.0 Introduction
After April 11, 2017, Microsoft is ending support for the Windows Vista operating system.
 
 
2.0 Impact
After this date, this product will no longer receive:
 Security updates,
 Non-security hotfixes,
 Free or paid assisted support options, or
 Online technical content updates from Microsoft.
 
 
3.0 Affected Products
  • Microsoft Windows Vista
 
4.0 Recommendations
Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft's Vista support and product lifecycle articles: 
 
 
 
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
 
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)

Fax: +603 89453442ʉ۬
Mobile: +60 19 2665850 (24x7 call incident reporting)

SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Cyber999 Mobile Apps: IOS Users or Android Users
 
 
5.0 References
Read More

MA-637.092016: MyCERT Advisory - Microsoft Releases September 2016 Security Bulletin

  • 14 Sep 2016
  • Advisory
1.0 Introduction

Microsoft has released 14 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

 

2.0 The list of the Important vulnerabilities are as below:

2.1 Cumulative Security Update for Internet Explorer (3183038)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=823624

2.2 Cumulative Security Update for Microsoft Edge (3183043)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=823625

2.3 Security Update for Microsoft Graphics Component (3185848)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=824814

2.4 Security Update for Microsoft Office (3185852)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=824817

2.5 Security Update for Microsoft Exchange Server (3185883)

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.
Patch: http://go.microsoft.com/fwlink/?LinkId=824829

2.6 Security Update for Silverlight (3182373)

This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website.
Patch: http://go.microsoft.com/fwlink/?LinkId=824768

2.7 Security Update for Windows (3178467) 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.
Patch: http://go.microsoft.com/fwlink/?LinkId=821596

2.8 Security Update for Windows Kernel (3186973)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.
Patch: http://go.microsoft.com/fwlink/?LinkId=825142

2.9 Security Update for Windows Lock Screen (3178469)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.
Patch: http://go.microsoft.com/fwlink/?LinkId=821605

2.10 Security Update for Windows Secure Kernel Mode (3185876)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Patch: http://go.microsoft.com/fwlink/?LinkId=824825

2.11 Security Update for SMBv1 Server (3185879)

This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.
Patch: http://go.microsoft.com/fwlink/?LinkId=824826

2.12 Security Update for Microsoft Windows PDF Library (3188733)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.
Patch: http://go.microsoft.com/fwlink/?LinkId=825727

2.13 Security Update in OLE Automation for VBScript Scripting Engine (3188724)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.
Patch: http://go.microsoft.com/fwlink/?LinkId=825725

2.14 Security Update for Adobe Flash Player (3188128)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Patch: http://go.microsoft.com/fwlink/?LinkId=825603

 

3.0 Recommendation

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.
The how-to perform of the Windows Update is available at the following URL:

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

5.0 References

Read More

MA-631.082016: MyCERT Advisory - Microsoft Releases August 2016 Security Bulletin

  • 11 Aug 2016
  • Advisory
1.0 Introduction
 
Microsoft has released 9 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
 
 
2.0 The list of the Important vulnerabilities are as below:
 
2.1 Cumulative Security Update for Internet Explorer (3177356)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
2.2 Cumulative Security Update for Microsoft Edge (3177358)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
 
2.3 Security Update for Microsoft Graphics Component (3177393)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
 
 
2.4 Security Update for Windows Kernel-Mode Drivers (3178466)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
 
 
2.5 Security Update for Microsoft Office (3177451)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
 
 
2.6 Security Update for Secure Boot (3179577)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot manager and bypasses Windows security features.
 
 
2.7 Security Update for Windows Authentication Methods (3178465)
This security update resolves multiple vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.
 
 
2.8 Security Update for Microsoft Windows PDF Library (3182248)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
2.9 Security Update for ActiveSyncProvider (3182332)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection.
 
 
3.0 Recommendation
Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.
The how-to perform of the Windows Update is available at the following URL:
 
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Cyber999 Mobile Apps:  IOS Users or Android Users
 
4.0 References
Read More

MA-624.072016: MyCERT Advisory - Microsoft Releases Security Updates

  • 13 Jul 2016
  • Advisory



1.0 Introduction

Microsoft has released 11 updates to address vulnerabilities in Microsoft software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS16-084 through MS16-094 and apply the necessary updates.


2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3169991)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=808143

 

2.2    Cumulative Security Update for Microsoft Edge (3169999)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=808148

 

2.3   Cumulative Security Update for JScript and VBScript (3169996)
This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkID=808144

 

2.4    Security Update for Windows Print Spooler Components (3170005)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.
Patch: http://go.microsoft.com/fwlink/?LinkId=808150

 

2.5    Security Update for Microsoft Office (3170008)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=808151

 

2.6    Security Update for Windows Secure Kernel Mode (3170050)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Patch: http://go.microsoft.com/fwlink/?LinkID=808157

 

2.7    Security Update for Windows Kernel-Mode Drivers (3171481)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Patch: http://go.microsoft.com/fwlink/?LinkId=808590

 

2.8    Security Update for .NET Framework (3170048)
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.
Patch: http://go.microsoft.com/fwlink/?LinkId=808156

 

2.9   Security Update for Windows Kernel (3171910)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.
Patch: http://go.microsoft.com/fwlink/?LinkId=808706

 

2.10 Security Update for Adobe Flash Player (3174060)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10.
Patch: http://go.microsoft.com/fwlink/?LinkId=809010

 

2.11 Security Update for Secure Boot (3177404)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.
Patch: http://go.microsoft.com/fwlink/?LinkId=817339

 

3.0    Recommendation

MyCERT highly recommends users and administrators to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-618.062016: MyCERT Advisory - Microsoft Releases June 2016 Security Bulletin

  • 16 Jun 2016
  • Advisory

 

1.0 Introduction

Microsoft has released 16 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

 

2.0 The list of the Important vulnerabilities are as below:

2.1 Cumulative Security Update for Internet Explorer (3163649)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=798510

 

2.2 Cumulative Security Update for Microsoft Edge (3163656)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=798511

 

2.3 Cumulative Security Update for JScript and VBScript (3163640)

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=798411

 

2.4 Security Update for Microsoft Office (3163610)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=798377

 

2.5 Security Update for Microsoft Windows DNS Server (3164065)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

Patch: http://go.microsoft.com/fwlink/?LinkId=798516

 

2.6 Security Update for Group Policy (3163622)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

Patch: http://go.microsoft.com/fwlink/?LinkId=798378

 

2.7 Security Update for Windows Kernel-Mode Drivers (3164028)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Patch: http://go.microsoft.com/fwlink/?LinkId=798502

 

2.8 Security Update for Microsoft Graphics Component (3164036)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.

Patch: http://go.microsoft.com/fwlink/?LinkId=798504

 

2.9 Security Update for Windows SMB Server (3164038)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

Patch: http://go.microsoft.com/fwlink/?LinkId=798505

 

2.10 Security Update for Netlogon (3167691)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

Patch: http://go.microsoft.com/fwlink/?LinkId=798506

 

2.11 Security Update for WPAD (3165191)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

Patch: http://go.microsoft.com/fwlink/?LinkId=798850

 

2.12 Security Update for Windows Diagnostic Hub (3165479)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Patch: http://go.microsoft.com/fwlink/?LinkId=799136

 

2.13 Security Update for Microsoft Exchange Server (3160339)

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.

Patch: http://go.microsoft.com/fwlink/?LinkId=787067

 

2.14 Security Update for Microsoft Windows PDF (3164302)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.

Patch: http://go.microsoft.com/fwlink/?LinkId=798620

 

2.15 Security Update for Active Directory (3160352)

This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

Patch: http://go.microsoft.com/fwlink/?LinkId=798515

 

2.16 Security Update for Microsoft Windows Search Component (3165270)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application.

Patch: http://go.microsoft.com/fwlink/?LinkId=799040

 

3.0 Recommendation

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

4.0 References

Read More

MA-603.052016: MyCERT Advisory - Microsoft Releases May 2016 Security Bulletin

  • 11 May 2016
  • Advisory


1.0 Introduction

Microsoft has released 16 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the following Microsoft Security Bulletins MS16-051 through MS16-067 and apply the necessary updates.


2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3155533)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=785873

2.2    Cumulative Security Update for Microsoft Edge (3155538)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=785874

2.3   Cumulative Security Update for JScript and VBScript (3156764)
This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=786478

2.4    Security Update for Microsoft Office (3155544)
This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=785875

2.5    Security Update for Microsoft Graphics Component (3156754)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=786471

2.6    Security Update for Windows Journal (3156761)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=786477

2.7    Security Update for Windows Shell (3156987)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=786534

2.8    Security Update for Windows IIS (3141083)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=746884

2.9   Security Update for Windows Media Center (3150220)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=786468

2.10 Security Update for Windows Kernel (3154846)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=785239

2.11 Security Update for Microsoft RPC (3155520)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.
Patch: http://go.microsoft.com/fwlink/?LinkId=785871

2.12 Security Update for Windows Kernel-Mode Drivers (3158222)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=786923

2.13 Security Update for Adobe Flash Player (3157993)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Patch: http://go.microsoft.com/fwlink/?LinkId=789066

2.14 Security Update for .NET Framework (3156757)
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.
Patch: http://go.microsoft.com/fwlink/?LinkId=786473

2.15 Security Update for Virtual Secure Mode (3155451)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.
Patch: http://go.microsoft.com/fwlink/?LinkId=785792

2.16 Security Update for Volume Manager Driver (3155784)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.
Patch: http://go.microsoft.com/fwlink/?LinkId=786475

 

3.0    Recommendation

MyCERT highly recommends users and administrators to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-595.042016: MyCERT Advisory - Microsoft Releases April 2016 Security Bulletin

  • 14 Apr 2016
  • Advisory

 

1.0 Introduction
Microsoft has released thirteen updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

 

2.0 The list of the Important vulnerabilities are as below:

2.1 Cumulative Security Update for Internet Explorer (3148531) 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=746891

 

2.2 Cumulative Security Update for Microsoft Edge (3148532
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=746894

 

2.3 Security Update for Microsoft Graphics Component (3148522)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

Patch: http://go.microsoft.com/fwlink/?LinkId=746883

 

2.4 Security Update for Microsoft XML Core Services (3148541)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Patch: http://go.microsoft.com/fwlink/?LinkId=746897

 

2.5 Security Update for .NET Framework (3148789)
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.

Patch: http://go.microsoft.com/fwlink/?LinkId=746929

 

2.6 Security Update for Microsoft Office (3148775)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Patch: http://go.microsoft.com/fwlink/?LinkId=746928

 

2.7 Security Update for Windows OLE (3146706)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Patch: http://go.microsoft.com/fwlink/?LinkId=747040

 

2.8 Security Update for Windows Hyper-V (3143118)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Patch: http://go.microsoft.com/fwlink/?LinkId=733440 

 

2.9 Security Update for Secondary Logon (3148538)
This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Patch: http://go.microsoft.com/fwlink/?LinkId=746896

 

2.10 Security Update for SAM and LSAD Remote Protocols (3148527)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.

Patch: http://go.microsoft.com/fwlink/?LinkId=746885 

 

2.11 Security Update for CSRSS (3148528)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.

Patch: http://go.microsoft.com/fwlink/?LinkId=746886

 

2.12 Security Update for HTTP.sys (3148795)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

Patch: http://go.microsoft.com/fwlink/?LinkId=746932

 

2.13 Security Update for Adobe Flash Player (3154132)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Patch: http://go.microsoft.com/fwlink/?LinkId=785154

 

3.0 Recommendation

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.
The how-to perform of the Windows Update is available at the following URL:

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail : [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

4.0 References

Read More

MA-584.032016: MyCERT Advisory - Microsoft Releases March 2016 Security Bulletin

  • 09 Mar 2016
  • Advisory


1.0 Introduction

Microsoft has released 13 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS16-023 through MS16-035 and apply the necessary updates.

 

2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3142015)  
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=733245

2.2    Cumulative Security Update for Microsoft Edge (3142019)
This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=733246

2.3   Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local system with the ability to execute a malicious application.
Patch: http://go.microsoft.com/fwlink/?LinkId=733940

2.4    Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
 
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts.
Patch: http://go.microsoft.com/fwlink/?LinkId=733471

2.5    Security Update for Windows Media to Address Remote Code Execution (3143146)
 This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website.
Patch: http://go.microsoft.com/fwlink/?LinkId=733470

2.6    Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file.
Patch: http://go.microsoft.com/fwlink/?LinkId=733419

2.7    Security Update for Microsoft Office to Address Remote Code Execution (3141806)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=733083

2.8    Security Update for Windows OLE to Address Remote Code Execution (3143136)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
Patch: http://go.microsoft.com/fwlink/?LinkId=733465

2.9   Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker is able to log on to a target system and run a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=733466

2.10 Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory.
Patch: http://go.microsoft.com/fwlink/?LinkId=733467

2.11 Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.
Patch: http://go.microsoft.com/fwlink/?LinkId=733468

2.12 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=733469

2.13 Security Update for .NET Framework to Address Security Feature Bypass (3141780)
This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
Patch: http://go.microsoft.com/fwlink/?LinkId=730728

3.0    Recommendation

MyCERT highly recommends users and administrators to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-576.022016: MyCERT Advisory - Microsoft Releases Update for EMET

  • 24 Feb 2016
  • Advisory

 

1.0 Introduction

The Enhanced Mitigation Experience Toolkit (EMET) is designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software.

MyCERT is aware of a vulnerability in Microsoft Enhanced Mitigation Experience Toolkit (EMET) versions prior to 5.5.

 

2.0 Impact

Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET to take control of an affected system. 

 

3.0 Affected Products

  • EMET  versions prior to 5.5

 

4.0 Recommendation

Users are recommended to perform the update immediately. Users can download latest EMET from this URL:

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users

 

5.0 References

Read More

MA-556.012016: MyCERT Advisory - Microsoft Releases January 2016 Security Bulletin

  • 15 Jan 2016
  • Advisory

 

1.0 Introduction

Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS16-001 through MS16-010 and apply the necessary updates.

2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3124903)  
This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?linkid=717999

2.2    Cumulative Security Update for Microsoft Edge (3124904)
This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?linkid=718002

2.3   Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?linkid=718004

2.4    Security Update for Microsoft Office to Address Remote Code Execution (3124585)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?linkid=717998

2.5    Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.
Patch: http://go.microsoft.com/fwlink/?LinkId=690559

2.6    Security Update for Silverlight to Address Remote Code Execution (3126036)
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the attacker's website.
Patch: http://go.microsoft.com/fwlink/?linkid=717994

2.7    Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?linkid=718006

2.8    Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?linkid=718007

2.9   Security Update in Microsoft Exchange Server to Address Spoofing (3124557)
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Patch: http://go.microsoft.com/fwlink/?linkid=717997

3.0    Recommendation

Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4


Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users


 4.0     References

•    Microsoft Releases January 2016 Security Bulletin: https://www.us-cert.gov/ncas/current-activity/2016/01/12/Microsoft-Releases-January-2016-Security-Bulletin

•    Microsoft Security Bulletin Summary for January 2016: https://technet.microsoft.com/en-us/library/security/ms16-jan

•    Adobe, Microsoft Push Reader, Windows Fixes:
https://krebsonsecurity.com/tag/microsoft-patch-tuesday-january-2016/
Read More
Showing 61-70 of 165 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
Popular Advisories
Archives