CVE-2016-0011 was discovered by Andrey Kovalev and Gregory Trykher of the Google security team. The vulnerability exists within the Windows implementation of the Group Policy extension API. When a user clicks on a link in a Microsoft Word, Excel, or PowerPoint document, the extension API can be used to download and execute code on the targeted system. The security risk of this remote code execution vulnerability is estimated to be high when exploited. Successful exploitation may lead to system-level compromise.
Microsoft released security bulletin MS16-076 to address this vulnerability. End users running Windows 10 and Windows 10 Mobile are advised to update their systems. Users running Windows 7 and Windows 8.1 are advised to apply the patch provided by Microsoft. The good news is that all versions of Windows 10, Windows 10 Mobile, Windows 7, and Windows 8.1 are currently being actively monitored for the patch. Achieving a stable installation of the patch is most likely by now, though there is no way to ensure it.
Microsoft Windows Update for April 2016
Microsoft released security bulletin MS16-076 to address CVE-2016-0011, a vulnerability that could be exploited by malicious actors to execute arbitrary code in the context of the current user. As per Microsoft’s recommendation, all users are recommended to install the patch provided by Microsoft. If you have an affected system, Microsoft recommends installing Windows 10 and Windows 10 Mobile on April 12th, 2016 or later.
Lastly, if you use managed service providers (MSPs), they will automatically apply patches for your systems without any manual intervention required. They will also provide patches for older operating systems and new releases as they become available.
Microsoft Windows 10 Patch
Microsoft released the security bulletin MS16-076 to address CVE-2016-0011. This vulnerability is considered a high severity risk when exploited. Microsoft has released a patch for all versions of Windows 10, Windows 10 Mobile, and Windows 7 that includes this vulnerability update. The good news is that all versions of Windows 10, Windows 10 Mobile, and Windows 7 are actively being monitored for the patch. Achieving a stable installation of this patch should be very easy by now, but there's no way to guarantee it at this time.
How did Microsoft software become a target for hackers?
The Microsoft security bulletin describes three scenarios where attackers could exploit this vulnerability:
- A user who is tricked into clicking a malicious link in a document or email attachment.
- A user who visits a compromised website that contains a vulnerable document.
- An attacker who can run code on the system with access to the Group Policy extension API.
The security bulletin also mentions that attackers may use these vulnerabilities to compromise systems protected by BitLocker and Device Encryption, which makes it critical for users to apply the patch as soon as possible.
Installing the KB Update on Windows 10, Windows 7 and Windows 8.1
For Windows 10, the patch can be installed through the update service, though it will not update all applications automatically.
For Windows 7 and Windows 8.1 systems, they can manually install the update through the KMS service or by using an ISO file.