CVE-2016-0049 vulnerability was identified in February 2016. The vulnerability, also called the Remote Evil Butler bypasses Windows authentication and controls remote computers. A demo of the Remote Evil Butler was made in the recent Black Hat USA 2016 Security Conference.
To address this vulnerability, Microsoft released the Security Update in MS16-014 (Windows Kerberos Security Feature Bypass – CVE-2016-0049) last February 2016. BigFix, in turn, has released Fixlets for MS6-014. This fix might not be easily recognizable for the Remote Evil Butler vulnerability, as it is called ‘Windows Kerberos Security Feature Bypass’ in the Microsoft bulletin.
The fix also addresses the Evil Maid vulnerability.
List of Fixlets under MS16-014:
313517401 MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016, MS16-017, MS16-018: Cumulative update for Windows 10 - Windows 10 - KB3135174 (Superseded)
313517403 MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016, MS16-017, MS16-018: Cumulative update for Windows 10 - Windows 10 - KB3135174 (x64) (Superseded)
313517305 MS16-009, MS16-011, MS16-013, MS16-014, MS16-016, MS16-018: Cumulative update for Windows 10 Version 1511 - Windows 10 Version 1511 - KB3135173 (Superseded)
313517307 MS16-009, MS16-011, MS16-013, MS16-014, MS16-016, MS16-018: Cumulative update for Windows 10 Version 1511 - Windows 10 Version 1511 - KB3135173 (x64) (Superseded)
1601437 MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution - Windows 7 SP1 - KB3126593 (Superseded)
1601433 MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution - Windows 7 SP1 - KB3126593 (x64) (Superseded)
1601405 MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution - Windows Server 2008 R2 SP1 - KB3126593 (x64) (Superseded)
1601415 MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution - Windows Server 2012 Gold - KB3126593 (x64)
312604105 MS16-014: Security Update for Windows 8.1 - Windows 8.1 Gold - KB3126041
312604107 MS16-014: Security Update for Windows 8.1 - Windows 8.1 Gold - KB3126041 (x64)
312604113 MS16-014: Security Update for Windows Server 2008 - Windows Server 2008 SP2 - KB3126041
312604103 MS16-014: Security Update for Windows Server 2008 - Windows Server 2008 SP2 - KB3126041 (x64)
312604115 MS16-014: Security Update for Windows Server 2012 R2 - Windows Server 2012 R2 Gold - KB3126041 (x64)
312604101 MS16-014: Security Update for Windows Vista - Windows Vista SP2 - KB3126041
312604111 MS16-014: Security Update for Windows Vista - Windows Vista SP2 - KB3126041 (x64)
Open the attached PDF file to get the extended list of released Fixlets.
To know more about CVE-2016-0049, see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0049.
To know more about MS16-014, see URL:Microsoft Security Bulletin MS16-014 - Important | Microsoft Learn.
To see the video demo, see the Sofpedia site: Remote Evil Butler Attack Threatens Windows Computers.
Application Engineering Team
BigFix Patches for Windows
Fixlets-MS16-014.pdf (18.6 KB)