13 December 2016
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2933 Microsoft Security Bulletin MS16-146: Security Update for Microsoft Graphics Component (3204066) 13 December 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Graphics Component Publisher: Microsoft Operating System: Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows RT 8.1 Windows 10 Windows Server 2016 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-7273 CVE-2016-7272 CVE-2016-7257 Original Bulletin: https://technet.microsoft.com/en-us/library/security/MS16-146 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Bulletin MS16-146: Security Update for Microsoft Graphics Component (3204066) Published Date: December 14, 2016 Version: 1.0 Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section. This security update addresses the vulnerabilities by correcting how the Windows GDI component handles objects in memory. Affected Software Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8.1 Windows Server 2012 and Windows Server 2012 R2 Windows RT 8.1 Windows 10 Windows Server 2016 Vulnerability Information Windows GDI Information Disclosure Vulnerability CVE-2016-7257 An Information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. Vulnerability title CVE number Publicly disclosed Exploited Windows GDI Information Disclosure Vulnerability CVE-2016-7257 No No Multiple Remote Code Execution Vulnerabilities Multiple Remote Code Executionvulnerabilities exists due to the way the WindowsGraphics componenthandles objects in the memory. An attacker who successfully exploited these vulnerabilities could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit these vulnerabilities. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows Graphics component handles objects in the memory. Vulnerability title CVE number Publicly disclosed Exploited Windows Graphics Remote Code Execution CVE-2016-7272 No No Vulnerability Windows Graphics Remote Code Execution CVE-2016-7273 No Yes Vulnerability - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWFCY1Ix+lLeg9Ub1AQhl5RAAnoy+QYL3ubGoSPahG2erftpKFkxxq6bJ qjw+SrExdcDhFvgrpduxJ7Kv4NoNfyeQrc6/EY7Cr8fZpUeFsy2XgRVfMyYXhqc/ a3Ul3EQhewiFS2ouozLdF0UfddL/4Aznjwx0WRU0P+nyPIGSw+Rsg1+3blR9SQb8 ARLjQrzSmDYtyReE5k6Yq9xijBjnAnP18i/fZLEUJapyyXJOTuN79GOb4awf/wso dvnPENn2UJZ7uJ6Ti7UDzQ1SA1b2JgHJQDUiMMLCTLQOcDAydUsMuhmSF0vKFlf3 QZExIifJrjs9Vjph6Gx0dgDOQAI7los1Q2wwec5ghu0Iv4gsZt4RIfkDKlWRoblD q80XPlMCDgfgSUWoYt7M/FFu/QZCoySvA16HvtWSqpNiYBw5EO0OTlxRRqEXyHh7 cCToRfKOrLHPx6hccSl1KlYTfCjpChXYkBp1tDe6mdDOaIMz1qV1uBWXGDVRFiKh T7Mym9GgGBxDkNL53bOPiE3Js4DPC/RIJGp8uWu4XitouWVsDBb6YoV11dj5WpgX AIYusSFR9PY2txBmaQyqsReS3lU/6mqzfKCSo+i935xzYAABpIr8+WLUj9uY8RU5 eo38sOvseUHOwMz6eqhXBreZQ1qbjgRYkXC7OmnMltFq9Vg1EhIwYZftibT6bTDQ 0AsJnTLMx4k= =fMaS -----END PGP SIGNATURE-----