(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Notepad++ DLL Loading Local Code Execution Vulnerability
 
Microsoft Office CVE-2016-3318 Memory Corruption Vulnerability
 
Adobe Experience Manager CVE-2016-4169 Information Disclosure Vulnerability
 
Adobe Experience Manager CVE-2016-4253 Information Disclosure Vulnerability
 
Adobe Experience Manager CVE-2016-4170 Cross Site Scripting Vulnerability
 
Internet Explorer iframe sandbox local file name disclosure vulnerability
 
Nagios NA v2.2.1 XSS
 

Today, Microsoft released a total of 9 security bulletins. 5 of the bulletins are rated critical, the rest are rated important.

You can find our usual summary here: https://isc.sans.edu/mspatchdays.html?viewday=2016-08-09(or via the API in various parsable formats)

Some of the highlights:

MS16-095/096: The usual Internet Explorer and Edge patches. Microsoft addresses nine vulnerabilities for Internet Explorer, and 8 for Edge. Note that there is a lot of overlap. Kind of makes you wonder how much Edge differs from Internet Explorer.

MS16-097: This patches three vulnerabilities in Microsoft Windows Graphics Component. The vulnerabilities can be reached via Skype for Business or Lync.

MS16-098: 4 more privilege escalation flaws in Windows kernel mode drivers.

MS16-099: This update patches five vulnerabilities in Microsoft Office. Note that Office for the Mac is affected as well. So is the Word Viewer.

MS16-100: The patch fixes a vulnerability that would allow bypassing of Secure Boot. Note that this update MAY affect dual boot of systems that use operating systems other than Windows.

MS16-101: Two similar vulnerabilities, affectingKerberos nad Netlogon, are addressed in this update. Exploitation could lead to privilege escalation

MS16-102: In recent versions of Windows, Microsoft started to use its own PDF library. Sadly, it is vulnerable just like any other PDF library, and this update addresses one new vulnerability. Note that Microsoft does provide hints in the bulletin about how to disable rendering of PDFs in Edge. I am not sure if this is a good idea, but something you may want to consider.

MS16-103: This vulnerability only affects the Universal edition of Outlook, and could lead to data leakage.

My Patch Priority:

(I see it as really three groups: 1-5: remote code execution vulnerabilities, 6-7: Privilege Escalation, 8-9: others... Within each group it is difficult to prioritize)

  1. MS16-095 Internet Explorer: Probably the widest history of exploits and largest attack surface
  2. MS16-096 Edge: Just like above, but users typically still prefer Internet Explorer.
  3. MS16-099 Office: Hard to tell users not to open Office documents.
  4. MS16-102 PDF Library: Just like Office documents, it is hard to eliminate PDFs
  5. MS16-097Graphics Component: Not as easy to exploit as the prior components, so I rate it a bit lower.
  6. MS16-101 Authentication Methods: Only a privilege escalation, and not remotely reachable if you lock down your perimeter.
  7. MS16-098 Kernel Mode Drivers: I rate this one lower as it is only a privilege escalation, and there are probably 100s more that have not been patched yet.
  8. MS16-103 Universal Outlook: This one is difficult to exploit and only affects a smaller number of users.
  9. MS16-100 Secure Boot: While this could lead to a full/persistent compromise, the attacker first needs to get to the system, which is why I think you should patch this one last.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Juniper Networks has found and mostly patched a flaw in the way the firmware on its routers process IPv6 traffic, which allowed malicious users to simulate Direct Denial of Service attacks.

The vulnerability, which seems to be common to all devices processing IPv6 address, meant that purposely crafted neighbour discovery packets could be used to flood the routing engine from a remote or unauthenticated source, causing it to stop processing legitimate traffic, and leading to a DDoS condition.

According to Juniper's advisory report:

Read 5 remaining paragraphs | Comments

 
Foxit Reader and Foxit PhantomPDF Use-After-Free Remote Code Execution Vulnerability
 
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities
 
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability
 
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability
 
AirSnort v0.2.7 Stack Corruption DOS
 
Internet Storm Center Infocon Status