MS16-085: Cumulative Security Update for Microsoft Edge (3169999)

high Nessus Plugin ID 92016
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 9.4

Synopsis

The remote host has a web browser installed that is affected by multiple vulnerabilities.

Description

The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3169999. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists due to a failure to properly implement Address Space Layout Randomization (ASLR). An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website that hosts crafted content, to bypass the ASLR security feature, resulting in the ability to predict memory offsets in a call stack. (CVE-2016-3244)

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, via a crafted website or email, to corrupt memory, resulting in the execution of arbitrary code within the context of the current user. (CVE-2016-3246, CVE-2016-3264)

- Multiple remote code execution vulnerabilities exist in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document that hosts the Edge rendering engine, to corrupt memory, resulting in the execution of arbitrary code within the context of the current user.
(CVE-2016-3248, CVE-2016-3259, CVE-2016-3260, CVE-2016-3265, CVE-2016-3269)

- An information disclosure vulnerability exists in VBScript due to improper disclosure of the contents of its memory. An unauthenticated, remote attacker who has knowledge of the memory address where an object was created can exploit this issue to disclose potentially sensitive information. (CVE-2016-3271)

- An information disclosure vulnerability exists in the Microsoft Browser XSS Filter due to improper validation of content. An unauthenticated, remote attacker can exploit this, via a website that hosts content with specially crafted JavaScript, to disclose potentially sensitive information. (CVE-2016-3273)

- Multiple spoofing vulnerabilities exist due to improper parsing of HTTP or HTML content. An unauthenticated, remote attacker can exploit these to redirect a user to a malicious website having spoofed contents.
(CVE-2016-3274, CVE-2016-3276)

- An unspecified information disclosure vulnerability exists due to improper handling of objects in memory that allows an unauthenticated, remote attacker to disclose potentially sensitive information.
(CVE-2016-3277)

Solution

Microsoft has released a set of patches for Windows 10.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-085

Plugin Details

Severity: High

ID: 92016

File Name: smb_nt_ms16-085.nasl

Version: 1.14

Type: local

Agent: windows

Published: 7/12/2016

Updated: 11/19/2019

Dependencies: smb_hotfixes.nasl, ms_bulletin_checks_possible.nasl

Risk Information

Risk Factor: High

VPR Score: 9.4

CVSS Score Source: CVE-2016-3269

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:edge

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/12/2016

Vulnerability Publication Date: 7/12/2016

Reference Information

CVE: CVE-2016-3244, CVE-2016-3246, CVE-2016-3248, CVE-2016-3259, CVE-2016-3260, CVE-2016-3264, CVE-2016-3265, CVE-2016-3269, CVE-2016-3271, CVE-2016-3273, CVE-2016-3274, CVE-2016-3276, CVE-2016-3277

BID: 91573, 91576, 91578, 91580, 91581, 91586, 91591, 91593, 91595, 91596, 91598, 91599, 91602

MSFT: MS16-085

MSKB: 3172985, 3163912