Patch/Configuration Management, Vulnerability Management

Microsoft’s Patch Tuesday updates led by rare print spooler bug

Microsoft's July Patch Tuesday offering includes 11 security updates with six rated critical covering almost 50 individual bugs.

MS16-084, MS16-085, MS16-086, MS16-087, MS16-088 and MS16-093 were all given a critical rating by Microsoft with MS16-087 being specifically called out by several industry experts as particularly interesting. This bulletin contains CVE-2016-3238 and CVE-2016-3239, which if exploited could allow an attacker to execute a man-in-the-middle attack on a workstation or print server allowing remote code execution.

“One of the new appearances this month is Windows Print Spooler, we haven't seen a bulletin related to it in 3 years. Luckily, many enterprises will already have printers installed on their images, which should help to mitigate risk from this,” said Tyler Reguly, manager of Tripwire's Vulnerability and Exposure Research Team, told SCMagazine.com in an email.

Bobby Kuzma, CISSP, systems engineer at Core Security, agreed the risk of exposure from this particular vulnerability was low, but cited a different reason than Reguly.

“It's been a while since we've seen remote code execution in the print spooler of all places. It fails to validate printer drivers, so an attacker would need to be in a position to coerce users into installing the drivers, and the users would need permissions to do so,” Kuzma wrote in an email to SCMagazine.com.

However, Günter Ollmann, CSO of Vectra Networks, said in an emailed statement to SCMagazine.com, that this vulnerability makes printers a prime threat vector.

“This makes printers one of the most powerful threat vectors on a network,” Ollmann said. “Rather than infecting users individually, an attacker can effectively turn one printer into a watering hole that will infect every Windows device that touches it.”

 Amol Sarwate,  director of engineering and head of vulnerability research at Qualys, pointed out M16-084, MS16-085 and MS16-088 as requiring immediate attention as all three will allow remote code execution and he pointed out that MS16-093 referred to dozens of vulnerabilities related to Adobe's Flash Player. Adobe today issued fixes for these problems

“This update affects Windows, Mac, Linux and ChromeOS. As many vulnerabilities fixed by the update allow attackers to take complete control of the victim machine we recommend applying the Flash and Reader update immediately,” he wrote in a blog.

The five bulletins rated as important by Microsoft contain vulnerabilities that can allow elevation of privilege, information disclosure, security feature bypass and remote code execution if exploited.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.