Finally, MS16-140 addresses a scenario that requires an attacker to be physically present at the target system.
According to the bulletin, the patch updates Windows NTLM to harden the password change cache, changes the way LSASS handles specially crafted requests, and corrects how Windows Virtual Secure Mode handles objects in memory.
This sounds like fixes that could potentially help prevent “Pass the Hash” style attacks, which would be fantastic if true. Hopefully Microsoft will eventually provide more information about this fix.
The final two Important bulletins warrant a little extra attention.
MS16-137 addresses issues in Windows authentication methods.
A mere 135 bulletins were released in 2015 as compared to the 142 already released through November of this year.
It will be interesting to see if Microsoft – and other vendors patching at record levels – can maintain this level of output.
The next patch Tuesday falls on December 13, and we’ll be back with more details then.
Follow us on Twitter to see the latest and greatest coming from the ZDI program.
This is Microsoft’s rating indicating exploitation is more likely for these issues.
While generally considered more secure than IE, it appears exploit hunters are finding issues within Edge now too.
The fix is unusual though and will look different for different people.