What Else Happened on Nov 8th? Patch Day.

Yes November 8th was election day in the USA.

And in the Computer World it is yet another Microsoft Patch Day (2nd Tuesday of month).  So what is so important about yet another patch day?

As a Security pro we must focus on the vulnerabilities that may change our Risk analysis.

So Internet Storm Center tells us that one patch in particular is the most dangerous one – A remote execution vulnerability MS16-132 Graphics componenthttps://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/

ms16-132secbulletin

A remote execution vulnerability can spawn very dangerous malware for all that can be developed by bad actors to infect our machines.

Bad actors take these announcements and develop malware if they so desire.

hackeratmonitor

 

Why would they desire it? To make money of course. So there are programmers every day that are looking for vulnerabilities to make money on unsuspecting users.

If I click on an unknown spam email or from a supposed known business deal this malware will bypass ALL antivirus software and slam you to the ground. This software vulnerability can cause problems at Microsoft:

 

Which Microsoft software?

Let’s make a list:

Windows Vista, Windows Server2008, Windows 7, Windows Server 2008R2, Windows8.1, Windows 2012, WindowsRT8.1, Windows10, Windows Server2016,

Every single operating system had the following;

Critical
Remote Code Execution

 

And finally near the bottom we find the jucy tidbits:

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the ATMFD component handle objects in memory.

There are no mitigating factors only a potential workaround by renaming the atmfd.dll file.   Adobe Type Manager and the description says “Windows NT OpenType/Type 1 Font Driver”

atmfd-dllproperties

This is the current culprit. So prepare and test the patches in your environment before updating your environment.

Contact Us if you need help in Devising a new Risk Assessment.

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.