6 C
London
Tuesday, November 21, 2017
Home Tags Hyperlink

Tag: Hyperlink

Malware gangs add mouse-hover downloads to their arsenal of social engineering tricks to infect PCs.
Novel infection method doesn't require link to be clicked.
EnlargeBildquelle/ullstein bild via Getty Images reader comments 0 Share this story A federal judge in North Carolina has sentenced Michael Fluckiger, a co-administrator of a notorious Tor-hidden child porn site to 20 years in prison. Fluckiger pleaded guilty to running Playpen in December 2015, after being indicted in March 2015. His two fellow admins, David Lynn Browning, of Kentucky, and Steven Chase, of Florida, who were also prosecuted as part of the same case, and also have plead guilty, have not yet been sentenced. According to prosecutors, the three men who ran the website are among the over 200 Playpen-related prosecutions nationwide.
In order to identify many of the site’s users who were prosecuted, the FBI had to seize and operate the site for 13 days. While doing so, the FBI deployed a “network investigative technique,” or NIT, which many researchers have described as malware, to force the user’s Tor browser to cough up a true IP address. With that in hand, investigators filed subpoenas with the relevant ISPs, which in turn revealed their true names and billing addresses. The effort to take down Playpen has raised questions about proper limits on the government’s ability to hack criminal suspects.

A small handful of alleged Playpen users have successfully challenged the single warrant used to deploy the NIT against them. As Vice Motherboard first reported in March 2016, Browning was first identified by a foreign law enforcement agency, as part of an investigation into yet another child porn website. His IP address was exposed when those overseas cops provided him a “hyperlink to a streaming video.” The file had been configured to go around his Tor browser, which then exposed his true IP.

After realizing it was an American IP address, the foreign agency handed it over to the FBI. The Justice Department said in a Thursday statement: According to admissions made in connection with the plea, Fluckiger acted as the co-administrator of a highly-sophisticated global enterprise dedicated to the sexual exploitation of children, organized via a members-only website that operated on the Tor anonymity network, through which he and more than 150,000 other members authored and viewed tens of thousands of postings relating to sexual abuse of children as young as infants and toddlers. The government also noted that due to the investigation, “at least 48 alleged hands-on abusers have been prosecuted and 49 American children who were subjected to sexual abuse have been successfully identified or rescued.”

Tony Evans from Wick Hill (part of the Nuvias Group) highlights the risks of Wi-Fi and provides some advice for delivering a secure hotspot

The fact that Wi-Fi stands for Wireless Fidelity hints at how long Wi-Fi has been around, but it was only in 1999 that the Wi-Fi Alliance formed as a trade association to hold the Wi-Fi trademark, under which most products are sold.

Today, Wi-Fi is on the top of the list of must-haves for businesses of all types and sizes. People will simply vote with their feet if good and, usually free, Wi-Fi is not available.

But this demand for anytime, anyplace connectivity can mean that some of us are prepared to jump onto Wi-Fi hotspots at cafes, hotel, airports or company guest networks, with only a fleeting consideration of security – a fact that has not gone unnoticed by cyber criminals.

There are over 300,000 videos on YouTube alone explaining how to hack Wi-Fi users with tools easily found online.

Risks from unprotected Wi-Fi:

Wi-Fi Password Cracking
Wireless access points that still use older security protocols such as WEP, make for easy targets because these passwords are notoriously easy to crack. Hotspots that invite us to log in by simply using social network credentials are increasingly popular, as they allow businesses to use demographic information such as age, gender and occupation to target personalised content and advertisements.

Eavesdropping
Without encryption, Wi-Fi users run the risk of having their private communications intercepted, or packet sniffed, by cyber snoops while on an unprotected network.

Rogue Hotspots
Cyber criminals can set up a spoof access point near your hotspot with a matching SSID that invites unsuspecting customers to log in leaving them susceptible to unnoticed malicious code injection.
In fact, it is possible to mimic a hotspot using cheap, portable hardware that fits into a backpack or could even be attached to a drone.

Planting Malware
There are common hacking toolkits to scan a Wi-Fi network for vulnerabilities, and customers who join an insecure wireless network may unwittingly walk away with unwanted malware.

A common tactic used by hackers is to plant a backdoor on the network, which allows them to return at a later date to steal sensitive information.

Data Theft
Joining an insecure wireless network puts users at risk of losing documents that may contain sensitive information.
In retail environments, for example, attackers focus their efforts on extracting payment details such as credit card numbers, customer identities and mailing addresses.

Inappropriate and Illegal Usage
Businesses offering guest Wi-Fi risk playing host to a wide variety of illegal and potentially harmful communications.

Adult or extremist content can be offensive to neighbouring users, and illegal downloads of protected media leave the businesses susceptible to copyright infringement lawsuits.

Bad Neighbours
As the number of wireless users on the network grows, so does the risk of a pre-infected client entering the network. Mobile attacks, such as Android’s Stagefright, can spread from guest to guest, even if the initial victim is oblivious to the threat.

Best practices
There are established best practices to help secure your Wi-Fi network, alongside a drive, from companies such as WatchGuard, to extend well-proven physical network safeguards to the area of wireless, providing better network visibility to avoid blind spots.

Implementing the latest WPA2 Enterprise (802.1x) security protocol and encryption is a must, while all traffic should, at a minimum, be inspected for viruses and malware, including zero day threats and advanced persistent threats.

Application ID and control will monitor and optionally block certain risky traffic, while web content filtering will prevent unsuspecting users from accidentally clicking a hyperlink that invites exploitation, malware and backdoors to be loaded into your network.

The use of strong passwords, which are changed frequently, should be encouraged, along with regular scanning for rogue Access Points (APs) and whitelisting MAC addresses, when possible.

WatchGuard’s latest cloud-managed wireless access points also have built-in WIPS (Wireless Intrusion Prevention System) technology to defend against unauthorised devices, rogue APs and malicious attacks, with close to zero false positives.

While WIDs (Wireless Intrusion Detection Systems) are common in many Wi-Fi solutions, WIDs require manual intervention to respond to potential threats.

This may be OK for large organisations with IT teams that can manage this, however WIPs is a fully-automated system, which makes it far more attractive to SMEs and organisations such as schools and colleges.

Using patented, Marker Packet wireless detection technology, WatchGuard WIPS differentiates between nearby external access points and rogue access points.
If a rogue access point is detected, all incoming connections to that access point are instantly blocked. WIPS also keeps a record of all clients connecting to the authorised access points, so if a known device attempts to connect to a malicious access point, the connection is instantly blocked. WIPS will also shut down denial-of-service attacks by continuously looking for abnormally high amounts of de-authentication packets.

Wi-Fi as a marketing tool
While Wi-Fi networks have traditionally been viewed as part of the IT infrastructure and the responsibility of the IT department, the latest Wi-Fi systems deliver more than just connectivity, which makes them an attractive proposition for customer services and marketing departments.

For example, the WatchGuard Wi-Fi Cloud provides visibility into marketing data, including insights into footfall and customer demographics and also makes it possible to have direct communication with individual customers in the form of SMS, MMS or social networks.

And with customised splash pages, businesses can personalise the customer Wi-Fi experiences by offering promotional opportunities or surveys and promoting all-important branding.

It is clear that Wi-Fi is here to stay and is becoming much more than simply a way to get online. While the rapid speed of Wi-Fi adoption has led to a disconnect between physical and wireless security, this is now changing and there is no longer any excuse for providing insecure Wi-Fi.

ENDS

About Wick Hill
Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions.

The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.

Wick Hill is particularly focused on providing a wide range of value-added support for its channel partners.

This includes strong lead generation and conversion, technical and consultancy support, and comprehensive training. Wick Hill has its headquarters in the UK and offices in Germany and Austria. Wick Hill also offers services to channel partners in fourteen EMEA countries and worldwide, through its association with Zycko, as part of Nuvias Group, the pan-EMEA, high value distribution business, which is redefining international, specialist distribution in IT.

For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com Wick Hill https://www.wickhill.com

Multiple Information Disclosure Vulnerabilities Information disclosure vulnerabilities exist in the way that the affected components handle objects in memory.

An attacker who successfully exploited these vulnerabilities could obtain information to further compromise a target system. In a web-based attack scenario an attacker could host a website in an attempt to exploit the vulnerabilities.

Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit the vulnerabilities. However, in all cases an attacker would have no way to force users to view attacker-controlled content.
Instead, an attacker would have to convince users to take action.

For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Windows Hyperlink Object Library Information Disclosure Vulnerability CVE-2016-7278 No No Microsoft Browser Information Disclosure Vulnerability CVE-2016-7282 Yes No Internet Explorer Information Disclosure Vulnerability CVE-2016-7284 No No Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Multiple Microsoft Browser Memory Corruption Vulnerabilities Remote code execution vulnerabilities exist when Microsoft Browsers improperly accesses objects in memory.

These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.
If the current user is logged on with administrative user rights, the attacker could take control of an affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Microsoft browsers, and then convince a user to view the website.

The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit these vulnerabilities.
In all cases, however, an attacker would have no way to force users to view the attacker-controlled content.
Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The update addresses these vulnerabilities by modifying how Internet Explorer handles objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Browser – Memory Corruption Vulnerability CVE-2016-7279 No No Internet Explorer Memory Corruption Vulnerability CVE-2016-7283 No No Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Microsoft Browser Security Feature Bypass Vulnerability A security feature bypass vulnerability exists when the Microsoft browsers fail to correctly apply Same Origin Policy for scripts running inside Web Workers. An attacker could trick a user into loading a page with malicious content.

To exploit this vulnerability, an attacker would need to trick a user into loading a page or visiting a site.

The page could also be injected into a compromised site or ad network. The update addresses the vulnerability by correcting the Same Origin Policy check for scripts running inside Web Workers. The following table contains links to the standard entry for the vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Browser Security Feature Bypass Vulnerability CVE-2016-7281 Yes No Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. Workarounds Microsoft has not identified any workarounds for this vulnerability. Multiple Scripting Engine Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers.

The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.
If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilities through a Microsoft browser and then convince a user to view the website.

An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the Edge rendering engine.

The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements.

These websites could contain specially crafted content that could exploit the vulnerabilities. The security update addresses the vulnerabilities by modifying how the affected Microsoft scripting engines handle objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 Yes No Scripting Engine Memory Corruption Vulnerability CVE-2016-7287 No No Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. Workarounds Microsoft has not identified any workarounds for these vulnerabilities.
The following tables list the bulletins in order of major software category and severity.Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation.
If a software program or component is listed, then the severity rating of the software update is also listed.Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system. Windows Vista Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows Vista Service Pack 2 Internet Explorer 9 (3203621)(Critical)Microsoft Windows Hyperlink Object Library(3208481)(Critical) Not applicable Windows Vista Service Pack 2(3204724)(Important)Windows Vista Service Pack 2(3205638)(Critical) Windows Vista Service Pack 2(3196348)(Critical) Windows Vista Service Pack 2(3204808)(Important)Windows Vista Service Pack 2(3196726)(Important) Windows Vista x64 Edition Service Pack 2 Internet Explorer 9 (3203621)(Critical)Microsoft Windows Hyperlink Object Library(3208481)(Critical) Not applicable Windows Vista x64 Edition Service Pack 2(3204724)(Important)Windows Vista x64 Edition Service Pack 2(3205638)(Critical) Windows Vista x64 Edition Service Pack 2(3196348)(Critical) Windows Vista x64 Edition Service Pack 2(3204808)(Important)Windows Vista x64 Edition Service Pack 2(3196726)(Important) Windows Server 2008 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate None Critical Critical Important Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 (3203621)(Moderate)Microsoft Windows Hyperlink Object Library(3208481)(Moderate) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2(3204724)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2(3205638)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2(3196348)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2(3204808)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2(3196726)(Important) Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 9 (3203621)(Moderate)Microsoft Windows Hyperlink Object Library(3208481)(Moderate) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(3204724)(Important)Windows Server 2008 for x64-based Systems Service Pack 2(3205638)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2(3196348)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2(3204808)(Important)Windows Server 2008 for x64-based Systems Service Pack 2(3196726)(Important) Windows Server 2008 for Itanium-based Systems Service Pack 2 Not applicable Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2(3204724)(Important)Windows Server 2008 for Itanium-based Systems Service Pack 2(3205638)(Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2(3196348)(Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2(3204808)(Important)Windows Server 2008 for Itanium-based Systems Service Pack 2(3196726)(Important) Windows 7 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows 7 for 32-bit Systems Service Pack 1Security Only Internet Explorer 11(3205394)(Critical) Not applicable                    Windows 7 for 32-bit Systems Service Pack 1(3205394)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3205394)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3205394)(Important) Windows 7 for 32-bit Systems Service Pack 1Monthly Rollup Internet Explorer 11(3207752)(Critical) Not applicable Windows 7 for 32-bit Systems Service Pack 1(3207752)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3207752)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3207752)(Important) Windows 7 for x64-based Systems Service Pack 1Security Only Internet Explorer 11(3205394)(Critical) Not applicable Windows 7 for x64-based Systems Service Pack 1(3205394)(Critical) Windows 7 for x64-based Systems Service Pack 1(3205394)(Critical) Windows 7 for x64-based Systems Service Pack 1(3205394)(Important) Windows 7 for x64-based Systems Service Pack 1Monthly Rollup Internet Explorer 11(3207752)(Critical) Not applicable Windows 7 for x64-based Systems Service Pack 1(3207752)(Critical) Windows 7 for x64-based Systems Service Pack 1(3207752)(Critical) Windows 7 for x64-based Systems Service Pack 1(3207752)(Important) Windows Server 2008 R2 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate None Critical Critical Important Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Only Internet Explorer 11(3205394)(Moderate) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1Monthly Rollup Internet Explorer 11(3207752)(Moderate) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Security Only Not applicable Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Monthly Rollup Not applicable Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Important) Windows 8.1 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows 8.1 for 32-bit SystemsSecurity Only Internet Explorer 11(3205400)(Critical) Not applicable Windows 8.1 for 32-bit Systems(3205400)(Critical) Windows 8.1 for 32-bit Systems(3205400)(Critical) Windows 8.1 for 32-bit Systems(3205400)(Important) Windows 8.1 for 32-bit SystemsMonthly Rollup Internet Explorer 11(3205401)(Critical) Not applicable Windows 8.1 for 32-bit Systems(3205401)(Critical) Windows 8.1 for 32-bit Systems(3205401)(Critical) Windows 8.1 for 32-bit Systems(3205401)(Important) Windows 8.1 for x64-based SystemsSecurity Only Internet Explorer 11(3205400)(Critical) Not applicable Windows 8.1 for x64-based Systems(3205400)(Critical) Windows 8.1 for x64-based Systems(3205400)(Critical) Windows 8.1 for x64-based Systems(3205400)(Important) Windows 8.1 for x64-based SystemsMonthly Rollup Internet Explorer 11(3205401)(Critical) Not applicable Windows 8.1 for x64-based Systems(3205401)(Critical) Windows 8.1 for x64-based Systems(3205401)(Critical) Windows 8.1 for x64-based Systems(3205401)(Important) Windows Server 2012 and Windows Server 2012 R2 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate None Critical Critical Important Windows Server 2012Security Only Internet Explorer 10(3205408)(Moderate) Not applicable Windows Server 2012(3205408)(Critical) Windows Server 2012(3205408)(Critical) Windows Server 2012(3205408)(Important) Windows Server 2012Monthly Rollup Internet Explorer 10(3205409)(Moderate) Not applicable Windows Server 2012(3205409)(Critical) Windows Server 2012(3205409)(Critical) Windows Server 2012(3205409)(Important) Windows Server 2012 R2Security Only Internet Explorer 11(3205400)(Moderate) Not applicable Windows Server 2012 R2(3205400)(Critical) Windows Server 2012 R2(3205400)(Critical) Windows Server 2012 R2(3205400)(Important) Windows Server 2012 R2Monthly Rollup Internet Explorer 11(3205401)(Moderate) Not applicable Windows Server 2012 R2(3205401)(Critical) Windows Server 2012 R2(3205401)(Critical) Windows Server 2012 R2(3205401)(Important) Windows RT 8.1 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows RT 8.1Monthly Rollup Internet Explorer 11(3205401)(Critical) Not applicable Windows RT 8.1(3205401)(Critical) Windows RT 8.1(3205401)(Critical) Windows RT 8.1(3205401)(Important) Windows 10 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical Critical Critical Critical Important Windows 10 for 32-bit Systems Internet Explorer 11(3205383)(Critical) Microsoft Edge(3205383)(Critical) Windows 10 for 32-bit Systems(3205383)(Critical) Windows 10 for 32-bit Systems(3205383)(Critical) Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for x64-based Systems Internet Explorer 11(3205383)(Critical) Microsoft Edge(3205383)(Critical) Windows 10 for x64-based Systems(3205383)(Critical) Windows 10 for x64-based Systems(3205383)(Critical) Windows 10 for x64-based Systems(3205383)(Important) Windows 10 Version 1511 for 32-bit Systems Internet Explorer 11(3205386)(Critical) Microsoft Edge(3205386)(Critical) Windows 10 Version 1511 for 32-bit Systems(3205386)(Critical) Windows 10 Version 1511 for 32-bit Systems(3205386)(Critical) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems Internet Explorer 11(3205386)(Critical) Microsoft Edge(3205386)(Critical) Windows 10 Version 1511 for x64-based Systems(3205386)(Critical) Windows 10 Version 1511 for x64-based Systems(3205386)(Critical) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11(3206632)(Critical) Microsoft Edge(3206632)(Critical) Windows 10 Version 1607 for 32-bit Systems(3206632)(Critical) Windows 10 Version 1607 for 32-bit Systems(3206632)(Critical) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems Internet Explorer 11(3206632)(Critical) Microsoft Edge(3206632)(Critical) Windows 10 Version 1607 for x64-based Systems(3206632)(Critical) Windows 10 Version 1607 for x64-based Systems(3206632)(Critical) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows Server 2016 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate Moderate Critical Critical Important Windows Server 2016 for x64-based Systems Internet Explorer 11(3206632)(Moderate) Microsoft Edge(3206632)(Moderate) Windows Server 2016 for x64-based Systems(3206632)(Critical) Windows Server 2016 for x64-based Systems(3206632)(Critical) Windows Server 2016 for x64-based Systems(3206632)(Important) Server Core installation option Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating None None Critical Critical Important Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation) Not applicable Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3204724)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3205638)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3196348)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3204808)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3196726)(Important) Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) Not applicable Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3204724)(Important)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3205638)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3196348)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3204808)(Important)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3196726)(Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)Security Only Not applicable Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Monthly Rollup Not applicable Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Important) Windows Server 2012(Server Core installation)Security Only Not applicable Not applicable Windows Server 2012 (Server Core installation)(3205408)(Critical) Windows Server 2012 (Server Core installation)(3205408)(Critical) Windows Server 2012 (Server Core installation)(3205408)(Important) Windows Server 2012(Server Core installation)Monthly Rollup Not applicable Not applicable Windows Server 2012 (Server Core installation)(3205409)(Critical) Windows Server 2012 (Server Core installation)(3205409)(Critical) Windows Server 2012 (Server Core installation)(3205409)(Important) Windows Server 2012 R2(Server Core installation)Security Only Not applicable Not applicable Windows Server 2012 R2 (Server Core installation)(3205400)(Critical) Windows Server 2012 R2 (Server Core installation)(3205400)(Critical) Windows Server 2012 R2 (Server Core installation)(3205400)(Important) Windows Server 2012 R2(Server Core installation)Monthly Rollup Not applicable Not applicable Windows Server 2012 R2 (Server Core installation)(3205401)(Critical) Windows Server 2012 R2 (Server Core installation)(3205401)(Critical) Windows Server 2012 R2 (Server Core installation)(3205401)(Important) Windows Server 2016 for x64-based Systems(Server Core installation) Not applicable Not applicable Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Critical) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Critical) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Vista Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows Vista Service Pack 2 Not applicable Windows Vista Service Pack 2(3204723)(Important) Not applicable Windows Vista Service Pack 2(3203838)(Important) Not applicable Windows Vista x64 Edition Service Pack 2 Not applicable Windows Vista x64 Edition Service Pack 2(3204723)(Important) Not applicable Windows Vista x64 Edition Service Pack 2(3203838)(Important) Not applicable Windows Server 2008 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows Server 2008 for 32-bit Systems Service Pack 2 Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2(3204723)(Important) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2(3203838)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(3204723)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(3203838)(Important) Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2 Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2(3204723)(Important) Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2(3203838)(Important) Not applicable Windows 7 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows 7 for 32-bit Systems Service Pack 1Security Only Not applicable Windows 7 for 32-bit Systems Service Pack 1(3205394)(Important) Not applicable                    Windows 7 for 32-bit Systems Service Pack 1(3205394)(Important) Not applicable Windows 7 for 32-bit Systems Service Pack 1Monthly Rollup Not applicable Windows 7 for 32-bit Systems Service Pack 1(3207752)(Important) Not applicable Windows 7 for 32-bit Systems Service Pack 1(3207752)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1Security Only Not applicable Windows 7 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1Monthly Rollup Not applicable Windows 7 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Only Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1Monthly Rollup Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Security Only Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Monthly Rollup Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Important) Not applicable Windows 8.1 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important Critcal Windows 8.1 for 32-bit SystemsSecurity Only Not applicable Windows 8.1 for 32-bit Systems(3205400)(Important) Not applicable Windows 8.1 for 32-bit Systems(3205400)(Important) Adobe Flash Player(3209498)(Critical) Windows 8.1 for 32-bit SystemsMonthly Rollup Not applicable Windows 8.1 for 32-bit Systems(3205401)(Important) Not applicable Windows 8.1 for 32-bit Systems(3205401)(Important) Not applicable Windows 8.1 for x64-based SystemsSecurity Only Not applicable Windows 8.1 for x64-based Systems(3205400)(Important) Not applicable Windows 8.1 for x64-based Systems(3205400)(Important) Adobe Flash Player(3209498)(Critical) Windows 8.1 for x64-based SystemsMonthly Rollup Not applicable Windows 8.1 for x64-based Systems(3205401)(Important) Not applicable Windows 8.1 for x64-based Systems(3205401)(Important) Not applicable Windows Server 2012 and Windows Server 2012 R2 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important Moderate Windows Server 2012Security Only Not applicable Windows Server 2012(3205408)(Important) Not applicable Windows Server 2012(3205408)(Important) Adobe Flash Player(3209498)(Moderate) Windows Server 2012Monthly Rollup Not applicable Windows Server 2012(3205409)(Important) Not applicable Windows Server 2012(3205409)(Important) Not applicable Windows Server 2012 R2Security Only Not applicable Windows Server 2012 R2(3205400)(Important) Not applicable Windows Server 2012 R2(3205400)(Important) Adobe Flash Player(3209498)(Moderate) Windows Server 2012 R2Monthly Rollup Not applicable Windows Server 2012 R2(3205401)(Important) Not applicable Windows Server 2012 R2(3205401)(Important) Not applicable Windows RT 8.1 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important Critical Windows RT 8.1Monthly Rollup Not applicable Windows RT 8.1(3205401)(Important) Not applicable Windows RT 8.1(3205401)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating Important Important Important Important Critical Windows 10 for 32-bit Systems Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for 32-bit Systems(3205383)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 for x64-based Systems Windows 10 for x64-based Systems(3205383)(Important) Windows 10 for x64-based Systems(3205383)(Important) Windows 10 for x64-based Systems(3205383)(Important) Windows 10 for x64-based Systems(3205383)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Adobe Flash Player(3209498)(Critical) Windows Server 2016 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating Important Important Important Important Moderate Windows Server 2016 for x64-based Systems Windows Server 2016 for x64-based Systems(3206632)(Important) Windows Server 2016 for x64-based Systems(3206632)(Important) Windows Server 2016 for x64-based Systems(3206632)(Important) Windows Server 2016 for x64-based Systems(3206632)(Important) Adobe Flash Player(3209498)(Moderate) Server Core installation Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating Important Important Important Important None Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3204723)(Important) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3203838)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3204723)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3203838)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)Security Only Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Monthly Rollup Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Important) Not applicable Windows Server 2012(Server Core installation)Security Only Not applicable Windows Server 2012 (Server Core installation)(3205408)(Important) Not applicable Not applicable Not applicable Windows Server 2012(Server Core installation)Monthly Rollup Not applicable Windows Server 2012 (Server Core installation)(3205409)(Important) Not applicable Not applicable Not applicable Windows Server 2012 R2(Server Core installation)Security Only Not applicable Windows Server 2012 R2 (Server Core installation)(3205400)(Important) Not applicable Windows Server 2012 R2 (Server Core installation)(3205400)(Important) Not applicable Windows Server 2012 R2(Server Core installation)Monthly Rollup Not applicable Windows Server 2012 R2 (Server Core installation)(3205401)(Important) Not applicable Windows Server 2012 R2 (Server Core installation)(3205401)(Important) Not applicable Windows Server 2016 for x64-based Systems(Server Core installation) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Not applicable This bulletin spans more than one software category.
See other tables in this section for additional affected software. Microsoft .NET Framework Windows Vista and Windows Server 2008Microsoft .NET Framework Updates for 2.0, 4.5.2, 4.6 (KB3210142) Windows Vista Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Vista for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows Vista for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows Server 2008 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows 7 and Windows Server 2008 R2Microsoft .NET Framework Updates for 3.5.1, 4.5.2, 4.6/4.6.1, 4.6.2 (KB3205402) Windows 7 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows Server 2008 R2 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important) Windows Server 2012Microsoft .NET Framework Updates for 3.5, 4.5.2, 4.6/4.6.1, 4.6.2 (KB3205403) Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2012 Microsoft .NET Framework 3.5(3210130)(Important)Microsoft .NET Framework 4.5.2(3210138)(Important)Microsoft .NET Framework 4.6/4.6.1(3210133)(Important)Microsoft .NET Framework 4.6.2(3205377)(Important) Windows 8.1 and Windows Server 2012 R2Microsoft .NET Framework Updates for 3.5, 4.5.2, 4.6/4.6.1, 4.6.2 (KB3205404) Windows 8.1 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows 8.1 for 32-bit Systems Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows 8.1 for x64-based Systems Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows Server 2012 R2 Windows Server 2012 R2 Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows 10 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows 10 Version 1607 for 32-bit Systems(3206632) Microsoft .NET Framework 4.6.2(Important) Windows 10 Version 1607 for x64-based Systems(3206632) Microsoft .NET Framework 4.6.2(Important) Windows Server 2016 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2016 for x64-based Systems(3206632) Microsoft .NET Framework 4.6.2(Important) Server Core installation option Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5(3210130)(Important)Microsoft .NET Framework 4.5.2(3210138)(Important)Microsoft .NET Framework 4.6/4.6.1(3210133)(Important)Microsoft .NET Framework 4.6.2(3205377)(Important) Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows Server 2016 for x64-based Systems (Server Core installation)(3206632) Microsoft .NET Framework 4.6.2(Important) This bulletin spans more than one software category.
See other tables in this section for additional affected software. Microsoft Office 2007 Bulletin Identifier MS16-148 Aggregate Severity Rating Critical Microsoft Office 2007 Service Pack 3 Microsoft Excel 2007 Service Pack 3(3128019)(Important)Microsoft Word 2007 Service Pack 3(3128025)(Important)Microsoft Office 2007 Service Pack 3(2883033)(Critical)Microsoft Office 2007 Service Pack 3(3128020)(Important) Microsoft Office 2010 Bulletin Identifier MS16-148 Aggregate Severity Rating Critical Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions)(3128032)(Important)Microsoft Office 2010 Service Pack 2 (32-bit editions)(3118380)(Important)Microsoft Office 2010 Service Pack 2 (32-bit editions)(2889841)(Critical)Microsoft Excel 2010 Service Pack 2 (32-bit editions)(3128037)(Important)Microsoft Publisher 2010 Service Pack 2 (32-bit editions)(3114395)(Important)Microsoft Word 2010 Service Pack 2 (32-bit editions)(3128034)(Important) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions)(3128032)(Important)Microsoft Office 2010 Service Pack 2 (64-bit editions)(3118380)(Important)Microsoft Office 2010 Service Pack 2 (64-bit editions)(2889841)(Critical)Microsoft Excel 2010 Service Pack 2 (64-bit editions)(3128037)(Important)Microsoft Publisher 2010 Service Pack 2 (64-bit editions)(3114395)(Important)Microsoft Word 2010 Service Pack 2 (64-bit editions)(3128034)(Important) Microsoft Office 2013 Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions)(3128008)(Important)Microsoft Office 2013 Service Pack 1 (32-bit editions)(3127968)(Important) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions)(3128008)(Important)Microsoft Office 2013 Service Pack 1 (64-bit editions)(3127968)(Important) Microsoft Office 2013 RT Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 RT Service Pack 1(3128008)(Important)Microsoft Office 2013 RT Service Pack 1(3127968)(Important) Microsoft Office 2016 Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2016 (32-bit edition) Microsoft Excel 2016 (32-bit edition)(3128016)(Important)Microsoft Office 2016 (32-bit edition)(3127986)(Important)Microsoft Office 2016 (32-bit edition)(Important)[1] Microsoft Office 2016 (64-bit edition) Microsoft Excel 2016 (64-bit edition)(3128016)(Important)Microsoft Office 2016 (64-bit edition)(3127986)(Important)Microsoft Office 2016 (64-bit edition)(Important)[1] Microsoft Office for Mac 2011 Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office for Mac 2011(3198808)(Important)Microsoft Excel for Mac 2011(3198808)(Important)Microsoft Word for Mac 2011(3198808)(Important) Microsoft Office 2016 for Mac Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2016 for Mac(3198800)(Important)Microsoft Excel 2016 for Mac(3198800)(Important) Other Office for Mac Software Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Auto Updater for Mac Microsoft Auto Updater for Mac[2](Important) Other Office Software Bulletin Identifier MS16-148 Aggregate Severity Rating Critical Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Compatibility Pack Service Pack 3(3128022)(Important)Microsoft Office Compatibility Pack Service Pack 3(3128024)(Important) Microsoft Excel Viewer Microsoft Excel Viewer(3128023)(Important) Microsoft Word Viewer Microsoft Word Viewer(3128044)(Important)Microsoft Word Viewer(3127995)(Critical) [1]This entry references the Click-to-Run (C2R) version only.This bulletin spans more than one software category.
See other tables in this section for additional affected software.This bulletin spans more than one software category.
See other tables in this section for additional affected software.
Criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection. Researchers with Cisco Talos spotted the shifting tactic last week when it began tracking the latest Cerber (5.0.1) ransomware variant.

The technique defies Cerber’s typical attack strategy of spam campaigns, malicious attachments and well written, professional looking emails, according to Talos researchers. “This campaign looked different in that the messages didn’t contain an attachment and were extremely short and basic,” wrote Cisco Talos researchers in a report posted Monday.

According Talos, the Cerber spam campaign resembled something more closely associated with Locky ransomware, which relies heavily on script-based file extensions used to download the Locky executable. Talos describes this latest Cerber campaign as a “potential next evolution for ransomware distribution” that relies heavily on the Tor network and Dark Web to obfuscate the attacker’s activity and thwart mitigation efforts. According to Talos, the Cerber 5.0.1 variant forgoes the use of malicious attachments in exchange for emails that contain hyperlinks.

Targets are enticed to click hyperlinks that are disguised as various files of potential interest to recipients such as pictures, order details, transaction logs and loan acceptance letters. “When a victim clicks on a hyperlink they are taken to a Google redirect that points (the browser) to a malicious Word document hosted on the Dark Web.

But because you need a Tor browser to access the Dark Web, attackers use the Google redirect service to connect targets to a Tor2Web proxy service first,” said Nick Biasini, researcher with the Cisco Talos team. Use of the Tor2Web proxy service allows adversaries to host files on the Dark Web, making it extremely difficult to know where files are hosted and shut down the offending server, Biasini said. “Using proxy services like Tor2Web enables access to the Tor network without requiring a Tor client to be installed locally on the victim’s system,” researchers point out. “We have seen Tor used in ransomware quite a bit.

But it has been used primarily for command-and-control communications and retrieving ransom notes for the victims to get Bitcoin wallets. What makes this most recent Cerber (5.0.1) variant so interesting to researchers is the fact the hosting of all the malicious activity is on Tor,” Biasini said. That’s not so say earlier incarnations and techniques associated with Cerber ransomware have been abandoned.
Still the bulk of Cerber, Biasini said, is distributed using traditional techniques such as the RIG exploit kit and malicious attachments sent via spam campaigns. “The reason this campaign is important is because it signals an evolution for Cerber adversaries,” Biasini said. Cerber, which is best known for its high-creep factor in using text-to-speech to “speak” its ransom note to victims, was first spotted in the wild in February.
Its typical distribution method was via exploit kits, with Magnitude and Nuclear Pack exploiting a zero day in Adobe Flash Player (CVE-2016-1019).
In May, researchers at FireEye reported, Cerber was part spam campaigns linked to Dridex botnets.
In August, researchers reported a new Cerber variant, dubbed Cerber 2, they said was part of a ransomware-as-a-service ring. “Cerber has continued to shift its tactics and evolve rapidly over just the past several months,” Biasini said. In this most recent campaign, once the initial redirection and Tor2Web proxying occurs, the victim’s system will download a malicious Word document.
If a potential victim chooses to open the file attachment they are prompted via a Word document to “enable content” or the macro. “If the victim opens the malicious MS Word document and enables macros, the downloader will use the Windows Command Processor to invoke Powershell which will then download (using Tor2Web) and execute the actual Cerber PE32 executable,” Talos describes. This version of Cerber demands 1.4 bitcoins ($1,000).
If the ransom demand is not met within five days the ransom payment amount doubles. “This latest distribution campaign highlights how ransomware based threats are continuing to evolve and mature over time, and shows an increasingly sophisticated infection process as attackers continue to implement new methods to attempt to evade detection and make analysis more difficult,” Talos researchers wrote. Talos recommends that all Tor2Web and Tor traffic be blocked in organization as the most effective way to mitigate risk to this latest Cerber threat. “Organizations need to decide if the business case for allowing Tor and Tor2Web on the network outweighs the potential risks to its users,” Cisco Talos wrote.
Application Guard aims to defeat malware served up from web sites Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data. Known as Windows Defender Application Guard, the feature is set to become a part of Windows 10 Enterprise edition next year, and uses virtualisation to isolate untrusted web pages in a sandbox from where any malicious code cannot escape onto the corporate network. Detailing the new capability on its Edge Developer Blog, Microsoft claimed that over 90 per cent of modern attacks use a hyperlink to initiate an attack in order to steal credentials, install malware, or exploit vulnerabilities. Many of these get inside the corporate defence perimeter through social engineering, whereby an attacker creates a carefully crafted email to a known employee, fooling them into clicking a link to read an important document. To combat this threat vector, Application Guard integrates with the Edge browser in Windows 10 and Microsoft’s Hyper-V virtualisation technology to isolate dodgy web pages. Essentially, when an employee browses to a website that is not recognised or whitelisted by the system administrator as a trusted site, Application Guard steps in and shunts the session into an isolated sandbox, as explained by Microsoft on its blog: Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge.

The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment. From this sandbox, Application Guard blocks access to memory, local storage and other applications on the same system, as well as the rest of the corporate network, so any malware will be unable to access any sensitive resources. However, Microsoft claims that users will not be inconvenienced if the non-trusted website turns out to be perfectly innocuous.

They will be able to browse as normal, copy and paste content to other apps via the Windows clipboard, and print content from a sandboxed website. Microsoft said that Windows Defender Application Guard will be rolled out to testers on its Windows Insider early access programme in the coming months, with general availability as part of Windows 10 Enterprise slated for next year. ®
Enlargereader comments 1 Share this story An overseas hacker from the group Kosovo Hacker's Security was handed a 20-year term Friday.

This is the nation's first prosecution of a hacker trying to carry out an act of terrorism. Kosovo citizen Ardit Ferizi, a 20-year-old with the online handle Th3Dir3ctorY, was arrested in Malaysia in 2015.
In a Virginia federal court earlier this year, he pleaded guilty to stealing data on US military personnel by hacking undisclosed US corporate computers and then providing that data to the Islamic State (ISIS) terror group. "This case represents the first time we have seen the very real and dangerous national security cyber threat that results from the combination of terrorism and hacking," said US Assistant Attorney General John Carlin. "This was a wake-up call not only to those of us in law enforcement but also to those in private industry." The defendant admitted (PDF) to forwarding the data to Junaid Hussain, an Islamic State hacker killed in August by a military airstrike.

Days before his death, Hussain tweeted, "NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!" The tweet contained a hyperlink that included the "names, e-mail addresses, e-mail passwords, locations, and phone numbers for approximately 1,351 US military and other government personnel (PDF)," the government said. According to federal prosecutors, that linked document also said, in part, that "we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!'" Nobody on the list was believed to have been attacked because of the hack.
EnlargeSSPL/Getty Images reader comments 54 Share this story BT is taking legal action in the US against games company Valve for allegedly infringing on four of the UK telecoms giant's patents. A BT spokesperson told Ars: "BT can confirm that it has commenced legal proceedings against Valve Corporation by filing a claim with the US District Court of Delaware for patent infringement.

The patents in question relate to online computer or video gaming platforms, digital distribution services, and personalised access to online services and content." Ars has contacted Valve for its comment on BT's move, but has not yet received a response. The complaint document, filed by British Telecommunications (BT), provides more background to the legal action.

BT says that it notified Valve of the alleged infringements "on multiple occasions," but that "Valve has failed to respond to BT’s correspondence." The complaint also details the four BT patents involved, which were mostly filed in 1998, and granted between 2001 and 2007.

The patents all concern techniques used widely in the online world. Here they are in detail: The Gittins Patent (US Patent No. 6,578,079): relates generally to providing users with content that originates from multiple subscription services and delivering it through a single portal where a customer may access content for which it has access rights.

The user requests content directly from the portal instead of requesting content separately from each of the subscription services. BT claims Valve infringes on this patent because "Steam locally stores third-party content, such as video games, and, through the Steam platform, makes them accessible to users who have access rights, precisely as claimed." The Newton Patent (US Patent No. 6,334,142): relates generally to a method for delivering structured messages comprised of information and data parts to an intended audience in a reliable and predictable manner. Messages are stored as files at a server for retrieval by the intended clients.

Each client transmits requests for messages to the server at automatic and periodic intervals. Valve is infringing on this patent, BT says, because "Valve’s Steam Chat delivers messages to users comprised of information and data parts." The Beddus Patent (US Patent No. 6,694,375): relates generally to a communications system in which a user is provided with different communication mechanisms and each mechanism is associated with a call control protocol.

The user’s status is monitored, and when the user is determined to be logged out of the system, persistent communication mechanisms are available and at least one non-persistent communication mechanism is unavailable. According to BT, it is Valve's Steam Messaging that falls foul of this patent: "users are provided with different communications mechanisms (e.g., text chat and VoIP calls), and each mechanism is associated with a call control protocol.

A user’s status is monitored, and when the user is determined to be logged out of the system, text chat (here, a persistent communication mechanism) is available and VoIP calls are disabled." Finally, there is the Buckley Patent (US Patent No. 7,167,142) which: relates to a multi-user display system and method for controlling a communal display that includes at least two independent workstations and an interface server for connection to a data network. The problem here, BT claims, is that "Steam Broadcasting controls a communal display that allows a game player to share a streaming video of their game play with one or more second users.
Steam Broadcasting also uses an interface server that manages the users and their requests." Clearly, the patents involved are extremely general, and would seem to apply to many other companies and popular online services. Ars asked BT why Valve alone had been singled out for legal action.

A BT spokesperson said: "This is simply about protecting BT’s intellectual property rights.

The patents in question cover technologies which Valve has built services upon." Moreover, BT does not rule out similar moves against other companies: "We will continue to consider all of the options available to protect BT’s intellectual property rights and our investment in innovation." Ars also asked BT why it was suing in the US court of Delaware.

The BT spokesperson told us: "Valve is based in the US and these patents are registered there, so it makes sense to seek a ruling in a US court." However, that does not explain why Delaware in particular was chosen. An article on the website of the US law firm McCarter & English offers no less than five reasons why the US District Court for Delaware is a popular choice for litigating patent infringement cases, including the following: Delaware again ranks in the top ten among district courts with respect to trial success for patentees and median damages awarded.

The advantage of these rankings are obvious in that a patentee is more likely to prevail in Delaware and be awarded more money damages. In addition, patentees should expect to benefit in settlement negotiations by being in Delaware .

As only about 10 percent of patent cases actually go to trial, the majority settle. By virtue of being in Delaware, which has a 62.5 percent patentee trial success rate and a median damage award of over $8 million, a patentee's negotiating power in obtaining a favorable settlement is naturally enhanced. If BT is successful with its claim against Valve, it seems likely that it would then approach many other major online companies seeking licensing fees. It is worth noting, though, that BT's previous efforts to claim control over basic Internet technologies using patents didn't go so well. In 2000, BT sued Prodigy, the oldest ISP in the US, over alleged infringement of a patent that BT said covered the basic hyperlink technology underlying the Web. On that occasion the court decided that BT's patent did not apply. This post originated on Ars Technica UK
John Skewesreader comments 8 Share this story Turns out the FBI isn't the only agency to take over a child pornography website and bust some of its participants. Australian authorities have apparently employed similar tactics against Americans—revealing at least 30 targets. According to Vice Motherboard, which first reported the story on Monday, Queensland Police Service’s Task Force Argos identified the owner of a Tor-hidden child porn site called “The Love Zone.” Queensland Police posed as The Love Zone for several months in 2014. (The Love Zone's Australian owner, Shannon McCoole, is currently serving a 35-year sentence.) Once they had control, Aussie cops seem to have sent out a child porn video file as bait to users of the site. As was explained in a court filing in a July 2015 case involving a North Carolina man named David Lynn Browning: When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video file from an external website. If the user chose to open the file, a video file containing images of child pornography began to play, and the [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file. FLA configured the video file to open an Internet connection outside of the Network software, thereby allowing FLA to capture the user’s actual IP address, as well as a session identifier to tie the IP address to the activity of a particular user account. Australian authorities obtaining a warrant to target Americans is potentially problematic from a legal perspective. If the situations were reversed, however, US judges have ruled that the Fourth Amendment does not apply overseas, and thus a warrant as defined by probable cause is not necessary. The Aussie investigation into The Love Zone is distinct from the 135 US cases currently being prosecuted as a result of the FBI’s investigation of the Tor-hidden child pornography site known as “Playpen.” As Ars reported before, those cases involved the FBI deploying a "network investigative technique" (NIT) in order to breach the security normally afforded by Tor. In a related case prosecuted out of New York, an FBI search warrant affidavit described both the pornography available to Playpen’s 150,000 members and the NIT's capabilities. In May 2016, a federal judge in Tacoma, Washington, threw out evidence in US v. Michaud. The judge found that the warrant originally issued by a magistrate judge in Virginia went too far. This was at least the third judge who has reached this conclusion. These judges, who ruled in favor of the defendants, found that a Virginia magistrate's warrants to search the defendants' computers does not have force of law in other states. The warrants, according to the judges, are in violation of federal judicial procedure. Other judges, meanwhile, have said that the warrants are also invalid, but they did not go so far as to suppress evidence. FBI spokesman Christopher Allen did not immediately respond to Ars' request for comment, but he told the following to Vice Motherboard: The FBI, led by its Legal Attaches in numerous countries around the world, seeks to foster strategic partnerships with foreign law enforcement, intelligence, and security services as well as with other US government agencies by sharing knowledge, experience, capabilities and by exploring joint operational opportunities.
'Guccifer 2.0' claimed responsibility for the breach at the Democratic National Committee, then leaked stolen documents about Donald Trump to prove it. Investigators pinned this week's Democratic National Committee data breach on two Russian state-sponsored advanced threat groups, Cozy Bear and Fancy Bear. Yet, shortly thereafter, an anonymous actor, going by the name "Guccifer 2.0," claimed individual responsibility for the DNC attack, and supported their claim by releasing what appeared to be documents stolen from the DNC, reported Ars Technica.   Much is unknown about Guccifer's involvement or relationships with the advanced threat actors or the Kremlin; but what does seem clear is Guccifer's Russian heritage. Private security researcher PwnAllTheThings highlighted evidence, reports Ars Technica. The researcher says the first clue is in the computer name Феликс Эдмундович obtained from the metadata inside the hacker’s Word document.

This indicates the computer was configured to use Russian language.

Translated, this name is Felix Dzerzhinsky who was founder of the Soviet secret police. The second suggestion, says PwnAllTheThings, comes from the leaked Donald Trump Word document which carries a break in a link displaying the message “Error! Hyperlink reference not valid.” This document, when converted to a PDF file by Guccifer 2.0 and posted on Gawker, carries this same message, but in Russian.  The third hint is the use of ))) in Guccifer 2.0’s blog post, which, says PwnAllTheThings, is a smiley used by people in Eastern Europe and Russia. PwnAllTheThings adds clues suggest the hacker may not be native English speaking and also thinks the culprit is unlikely to be a nation-state. For more details, read here. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights