Security Update for Windows OLE to Address Remote Code Execution (MS16-030)

ITS Advisory Number: 
2016-046
Date(s) Issued: 
Tuesday, March 8, 2016
Subject: 
Security Update for Windows OLE to Address Remote Code Execution (MS16-030)
Overview: 

Multiple vulnerabilities have been discovered in Microsoft Windows OLE, which could allow remote code execution. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
  • Microsoft Windows 2008 R2
  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 10
  • Microsoft Server Core Installation Option
    • Microsoft Windows Server 2008 32bit SP2
    • Microsoft Windows Server 2008 64bit SP2
    • Microsoft Windows Server 2008 R2
    • Microsoft Windows Server 2012
    • Microsoft Windows Server 2012 R2
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple Windows OLE memory remote code execution vulnerabilities have been discovered. The details are as follows:

Remote code execution vulnerabilities exist when Microsoft Windows OLE fails to properly validate user input. An attacker could use the vulnerabilities to execute malicious code. To exploit the vulnerabilities, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message. [CVE-2016-0091 and CVE-2016-0092]

An attacker who successfully exploits these vulnerabilities at worst, could take control of an affected system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • After appropriate testing, apply appropriate patches provided by Microsoft to vulnerable systems, immediately.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.