2016: Bad USB sticks, evil webpages, booby-trapped font files still menace Windows PCs

So update your software – now!


Patch Tuesday Microsoft has published the March edition of its monthly security updates, addressing security flaws in Internet Explorer, Edge and Windows, while Adobe has issued updates for Digital Editions, Acrobat and Reader.

Microsoft released 13 sets of patches for you to install as soon as possible:

  • MS16-023 A cumulative update for Internet Explorer 9 through to 11 addressing 13 CVE-listed vulnerabilities, including remote code execution flaws. Visiting a booby-trapped webpage using IE can trigger the execution of malicious code and malware on the system.
  • MS16-024 A cumulative update for Microsoft Edge that addresses 10 CVE-listed memory corruption vulnerabilities and one information disclosure flaw.
  • MS16-025 An update for a single remote code execution vulnerability in Windows. This flaw only affects Windows Vista, Server 2008 and Server Core. "A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain libraries," says Redmond. "An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
  • MS16-026 Two CVE-listed vulnerabilities in Windows Vista to Windows 10, one causing denial of service and another allowing remote code execution. If an attacker convinces "a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts," then malicious code will execute on their system.
  • MS16-027 Two CVE-listed vulnerabilities in Windows Media Parsing on Windows 7 to 10, both potentially allowing remote code execution. Visiting a webpage with a booby-trapped video embedded in it can exploit the bug to hijack the PC.
  • MS16-028 Two flaws in the Windows PDF Library on Windows 8 and 10 that allow for remote code execution if you open a maliciously crafted document.
  • MS16-029 An update for Office 2007 to 2016 for Mac addressing two memory corruption flaws and one security feature bypass vulnerability. Opening a document laced with bad code will trigger the bugs.
  • MS16-030 An update for two remote code execution vulnerabilities in Windows OLE in Vista to Windows 10. "An attacker must convince a user to open either a specially crafted file or a program from either a webpage or an email message," noted Microsoft. After that, code execution is possible.
  • MS16-031 An elevation of privilege vulnerability in Windows Vista to Server 2008 R2: applications can abuse handles in memory to gain administrator-level access.
  • MS16-032 An elevation of privilege vulnerability in the Windows Secondary Logon Service: again, applications on Windows Vista to Windows 10 can abuse handles in memory to gain administrator-level access.
  • MS16-033 An update to address a flaw in the Windows USB Mass Storage Class Driver that could allow attackers to gain administrator privileges with a specially crafted USB drive. This affects Windows Vista to Windows 10.
  • MS16-034 A collection of four elevation of privilege flaws in the Windows Kernel-Mode Drivers: applications on Windows Vista to Windows 10 can exploit these to execute malicious code at the kernel level.
  • MS16-035 A fix for one security feature bypass flaw in the .NET framework.

Adobe, meanwhile, has issued two updates for its products:

  • Digital Editions for Windows, OS X, iOS and Android has been updated to patch a remote code execution vulnerability.
  • Acrobat and Reader for Windows and OS X have been updated to address three CVE-listed remote code execution flaws.
  • Users should also expect an update for unspecified vulnerabilities in Flash Player "in the coming days." ®

Other stories you might like

  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading
  • A peek into Gigabyte's GPU Arm for AI, HPC shops
    High-performance platform choices are going beyond the ubiquitous x86 standard

    Arm-based servers continue to gain momentum with Gigabyte Technology introducing a system based on Ampere's Altra processors paired with Nvidia A100 GPUs, aimed at demanding workloads such as AI training and high-performance compute (HPC) applications.

    The G492-PD0 runs either an Ampere Altra or Altra Max processor, the latter delivering 128 64-bit cores that are compatible with the Armv8.2 architecture.

    It supports 16 DDR4 DIMM slots, which would be enough space for up to 4TB of memory if all slots were filled with 256GB memory modules. The chassis also has space for no fewer than eight Nvidia A100 GPUs, which would make for a costly but very powerful system for those workloads that benefit from GPU acceleration.

    Continue reading
  • GitLab version 15 goes big on visibility and observability
    GitOps fans can take a spin on the free tier for pull-based deployment

    One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

    Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

    GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

    Continue reading

Biting the hand that feeds IT © 1998–2022