Out of Band Update for Flash

Posted 3/23/2016 3:00:57 PM by JAMES ROWNEY, Service Manager of Verismic Software

Out of Band Update for Flash
MS16-036 is a critical out of band update and resolves 20 vulnerabilities in Adobe Flash Player on all supported versions of Windows Server 2012, Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, and Windows 10. 

This bulletin addresses vulnerabilities by updating the Adobe Flash libraries contained within all supported versions of Internet Explorer and Microsoft Edge. We recommend that this update be installed with the highest priority.
A successful attacker will exploit this vulnerability to gain Remote Code Execution giving them full access to the targeted device. The vulnerabilities can be exploited by redirecting users to malicious websites specifically set up for the purpose of attack using Search Engine Poisoning, hacking legitimate websites and email documents, PDF, Word etc. with malicious Flash content. 
This update, in my opinion, should be a business’s highest priority and therefore should be deployed with the utmost urgency. Flash exploits are increasingly becoming the vulnerability of choice, and with the wide spread use of the application, this means we are all exposed. My advice would be to uninstall Flash, Silverlight and Java browser extensions, and test to see if they are really necessary.
Microsoft published on Monday, March 7 that 14 vulnerabilities would be released in this month’s Patch Tuesday updates, but only 13 made it through. MS16-036 was held back at the last minute due to the discovery of CVE-2016-1010. The zero-day vulnerability was discovered by Anton Ivanov of Kaspersky Labs, but no additional details have been released.
In an e-mail, a Kaspersky representative wrote: “Today Adobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system. Kaspersky Lab researchers observed the usage of this vulnerability in a very limited number of targeted attacks. At this time, we do not have any additional details to share on these attacks as the investigation is still ongoing. Even though these attacks are rare, we recommend that everyone get the update from the Adobe site as soon as possible.”
Additional Information

Should you have the need to install any language packs then this update will need to be reapplied, Verismic Software advises that any pending language pack installs are applied prior to installing MS16-036.
Vulnerability Information

This security bulletin addresses the following vulnerabilities which are described in Adobe Security Bulletin APSB16-08: CVE-2015-8652, CVE-2015-8655, CVE-2015-8658, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010
For further information, see Microsoft Knowledge Base Article 3144756.

Read More http://www.cloudmanagementsuite.com/...


About the author: JAMES ROWNEY, Service Manager of Verismic Software

James Rowney is the Service Manager of Verismic Software, a global industry leader providing cloud-based IT management technology and green solutions. His experience in the technology industry spans 15 years, starting as a helpdesk technician, moving onto field service engineer, as well as systems management and security. As Service Manager, Rowney is responsible for making sure that Verismic’s services are delivered as efficiently as possible. Rowney also is the technical writer for Verismic’s website and blog.

Subscribe to App Developer Daily

Latest headlines delivered to you daily.