
====================================================================

                               CERT-Renater

                   Note d'Information No. 2016/VULN160
_____________________________________________________________________

DATE                : 13/04/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Windows versions Vista, Server 2008, 7, 8.1, 10, RT,
                               RT 8.1, Server 2012,
                    running Microsoft .NET Framework, Microsoft Office,
                          Skype for Business, Microsoft Lync.

======================================================================
KB3148522
https://technet.microsoft.com/en-us/library/security/MS16-039
_____________________________________________________________________

Microsoft Security Bulletin MS16-039: Critical Security Update for
Microsoft Graphics Component (3148522)

Bulletin Number: MS16-039

Bulletin Title: Security Update for Microsoft Graphics Component

Severity: Critical

KB Article: 3148522

Version: 1.0

Published Date: April 12, 2016


Executive Summary

This security update resolves vulnerabilities in Microsoft Windows,
Microsoft .NET Framework, Microsoft Office, Skype for Business, and
Microsoft Lync. The most severe of the vulnerabilities could allow
remote code execution if a user opens a specially crafted document or
visits a webpage that contains specially crafted embedded fonts.

This security update is rated Critical for: All supported releases of
Microsoft Windows Affected versions of Microsoft .NET Framework on all
supported releases of Microsoft Windows Affected editions of Skype for
Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010 This
security update is rated Important for all affected editions of
Microsoft Office 2007 and Microsoft Office 2010.


Affected Software

Windows Vista Service Pack 2 (3145739)

Windows Vista x64 Edition Service Pack 2 (3145739)

Windows Server 2008 for 32-bit Systems Service Pack 2 (3145739)

Windows Server 2008 for x64-based Systems Service Pack 2 (3145739)

Windows Server 2008 for Itanium-based Systems Service Pack 2 (3145739)

Windows 7 for 32-bit Systems Service Pack 1 (3145739)

Windows 7 for x64-based Systems Service Pack 1 (3145739)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3145739)

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3145739)

Windows 8.1 for 32-bit Systems (3145739)

Windows 8.1 for x64-based Systems (3145739)

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012 (3145739)

Windows Server 2012 R2 (3145739)

Windows RT 8.1[1] (3145739)

Windows 10 for 32-bit Systems[2](3147461)

Windows 10 for x64-based Systems[2](3147461)

Windows 10 Version 1511 for 32-bit Systems[2](3147458)

Windows 10 Version 1511 for x64-based Systems[2](3147458)

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)(3145739)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation) (3145739)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation) (3145739)

Windows Server 2012 (Server Core installation) (3145739)

Windows Server 2012 R2 (Server Core installation) (3145739)

[1]This update is only available via Windows Update.

[2]Windows 10 updates are cumulative. The monthly security release
includes all security fixes for vulnerabilities that affect Windows 10,
in addition to non-security updates. The updates are available via the
Microsoft Update Catalog.

Microsoft Office 2007 Service Pack 3(3114542)

Microsoft Office 2010 Service Pack 2 (32-bit editions)(3114566)

Microsoft Office 2010 Service Pack 2 (64-bit editions) (3114566)

Microsoft Word Viewer(3114985)

Microsoft .NET Framework 3.0 Service Pack 2(3142041)

Microsoft .NET Framework 3.5.1(3142042)

Microsoft .NET Framework 3.5(3142045)

Microsoft .NET Framework 3.5(3142043)

Graphics Memory Corruption Vulnerability - CVE-2016-0145

Skype for Business 2016 (32-bit editions)(3114960)

Skype for Business Basic 2016 (32-bit editions)(3114960)

Skype for Business 2016 (64-bit editions)(3114960)

Skype for Business Basic 2016 (64-bit editions)(3114960)

Microsoft Lync 2013 Service Pack 1 (32-bit)[1](Skype for Business)(3114944)

Microsoft Lync Basic 2013 Service Pack 1 (32-bit)[1](Skype for Business
Basic)(3114944)

Microsoft Lync 2013 Service Pack 1 (64-bit)[1](Skype for Business)(3114944)

Microsoft Lync Basic 2013 Service Pack 1 (64-bit)[1](Skype for Business
Basic)(3114944)

Microsoft Lync 2010 (32-bit)(3144427)

Microsoft Lync 2010 (64-bit)(3144427)

Microsoft Lync 2010 Attendee[2](user level install)(3144428)

Microsoft Lync 2010 Attendee (admin level install)(3144429)

Microsoft Live Meeting 2007 Console[3](3144432)

[1]Before installing this update, you must have update 2965218 and
security update 3039779 installed. See the Update FAQ for more
information.

[2]This update is available from the Microsoft Download Center only.

[3]An update for the Conferencing Add-in for Microsoft Office Outlook
is also available. For more information and download links, see
Download the Conferencing Add-in for Microsoft Office Outlook.


Vulnerability Information

Multiple Win32k Elevation of Privilege Vulnerabilities

Elevation of privilege vulnerabilities exist when the Windows
kernel-mode driver fails to properly handle objects in memory. An
attacker who successfully exploited the vulnerabilities could run
arbitrary code in kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights.

To exploit the vulnerabilities, an attacker would first have to log on
to the system. An attacker could then run a specially crafted
application that could exploit the vulnerabilities and take control of
an affected system. The update addresses the vulnerabilities by
correcting how the Windows kernel-mode driver handles objects in memory.

The following tables contain links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title   CVE number      Publicly disclosed   Exploited
Win32k Elevation of Privilege
Vulnerability         CVE-2016-0143   No                   No
Win32k Elevation of Privilege
Vulnerability         CVE-2016-0165   No                   Yes
Win32k Elevation of Privilege
Vulnerability         CVE-2016-0167   No                   Yes

Graphics Memory Corruption Vulnerability CVE-2016-0145

A remote code execution vulnerability exists when the Windows font
library improperly handles specially crafted embedded fonts. An
attacker who successfully exploited the vulnerability could install
programs; view, change, or delete data; or create new accounts with
full user rights.

There are multiple ways an attacker could exploit the vulnerability,
such as by convincing a user to open a specially crafted document, or
by convincing a user to visit an untrusted webpage that contains
embedded fonts. The security update addresses the vulnerability by
correcting how the Windows font library handles embedded fonts.

The following tables contain links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title   CVE number      Publicly disclosed   Exploited
Graphics Memory Corruption
Vulnerability         CVE-2016-0145   No                   No


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================