ADVISORY: Update Windows for vulnerabilities in Microsoft Graphics Component

Wednesday, November 9, 2016

This message is intended for U-M IT staff who are responsible for university machines running Windows. It was sent to the IT Security Community, Frontline Notify, and Windows Admins groups on November 9, 2016.

Summary

Multiple vulnerabilities have been discovered in Microsoft Graphics Component, which is part of Windows. These could allow for remote code execution. Apply the updates from Microsoft as soon as possible after appropriate testing.

Problem

The vulnerabilities exist when the Windows font library improperly handles specially crafted embedded fonts. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Threats

There are reports of CVE-2016-7256 being exploited in the wild.

Affected Versions

  • Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008 and 2008 R2 (Including Server Core Installations)
  • Microsoft Windows Server 2012 and 2012 R2 (including Server Core Installations)
  • Microsoft Windows Server 2016 (including Server Core Installations)

Action Items

Technical Details

Multiple vulnerabilities have been discovered in Microsoft Graphics Component, the most severe of which could allow for remote code execution:

  • A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. (CVE-2016-7256)
  • A remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory. (CVE-2016-7205)
  • A memory corruption vulnerability exists when the Windows Media Foundation improperly handles objects in memory. (CVE-2016-7217)
  • An information disclosure vulnerability exists when the ATMFD component (a Windows font driver) improperly discloses the contents of its memory. (CVE-2016-7210)

Information for Users

MiWorkspace machines will be patched as soon as possible. If you have a computer of your own running Windows that is not managed by the university, please make sure you have set it for automatic updates. See Microsoft's Windows Update: FAQ for information and instructions.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Suspicious Email, Instructions for Securing Your Devices and Data, and Use a Secure Internet Connection on the U-M Safe Computing website.

Questions, Concerns, Reports

Please contact [email protected].