
====================================================================

                                  CERT-Renater

                       Note d'Information No. 2016/VULN161
_____________________________________________________________________

DATE                : 13/04/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Windows versions Vista, Server 2008, 7, 8.1, 10,
                     RT 8.1, Server 2012, Server 2016 Technical Preview.

======================================================================
KB 3148541
https://technet.microsoft.com/en-us/library/security/MS16-040
_____________________________________________________________________

Microsoft Security Bulletin MS16-040: Security Update for Microsoft XML
Core Services (3148541)

Bulletin Number: MS16-040

Bulletin Title: Security Update for Microsoft XML Core Services

Severity: Critical

KB Article: 3148541

Version: 1.0

Published Date: April 12, 2016


Executive Summary

This security update resolves a vulnerability in Microsoft Windows. The
vulnerability could allow remote code execution if a user clicks a
specially crafted link that could allow an attacker to run malicious
code remotely to take control of the user's system. However, in all
cases an attacker would have no way to force a user to click a
specially crafted link. An attacker would have to convince a user to
click the link, typically by way of an enticement in an email or
Instant Messenger message.

This security update is rated Critical for Microsoft XML Core Services
3.0 on all supported releases of Microsoft Windows. For more
information, see the Affected Software section.

The update addresses the vulnerability by correcting how the MSXML
parser processes user input.


Affected Software

Windows Vista Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows Server 2012

Windows Server 2012 R2

Windows RT 8.1[1]

Windows 10 for 32-bit Systems[2]

Windows 10 for x64-based Systems[2]

Windows 10 Version 1511 for 32-bit Systems[2]

Windows 10 Version 1511 for x64-based Systems[2]

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core 
installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

[1]Windows RT 8.1 updates are available only via Windows Update.

[2]Windows 10 updates are cumulative. The monthly security release
includes all security fixes for vulnerabilities that affect Windows 10,
in addition to non-security updates. The updates are available via the
Microsoft Update Catalog.

Note Windows Server 2016 Technical Preview 4 and Windows Server 2016
Technical Preview 5 are affected. Customers running these operating
systems are encouraged to apply the update, which is available via
Windows Update.


Vulnerability Information

MSXML 3.0 Remote Code Execution Vulnerability - CVE-2016-0147

A remote code execution vulnerability exists when the Microsoft XML
Core Services (MSXML) parser processes user input. An attacker who
successfully exploited the vulnerability could run malicious code
remotely to take control of the user's system.

To exploit the vulnerability, an attacker could host a specially-
crafted website that is designed to invoke MSXML through Internet
Explorer. However, an attacker would have no way to force a user to
visit such a website.
Instead, an attacker would typically have to convince a user to either
click a link in an email message or a link in an Instant Messenger
request that would then take the user to the website. When Internet
Explorer parses the XML content, an attacker could run malicious code
remotely to take control of the user's system. The update addresses the
vulnerability by correcting how the MSXML parser processes user input.

The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title      CVE number     Publicly disclosed  Exploited

MSXML Remote Code Execution
Vulnerability            CVE-2016-0147  No                  No


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================