Zero-Day 2016- Úvod  Graf  Katalog Zranitelností  OWASP  Webové útoky (103)  Vulnerebility  Web Vul.  Top 50 in years  CVE Defination  ATT&CK Matrix for Enterprise


2020  2019  2018  2017  2016  2015  2014  2013  2012  2011  2010  2009


Microsoft Patch Tuesday – December 2016
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the December 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-dec

The following is a breakdown of the issues being addressed this month:

MS16-144 Cumulative Security Update for Internet Explorer (3204059) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202) MS Rating: Critical

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Windows Hyperlink Object Library Information Disclosure Vulnerability (CVE-2016-7278) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

Microsoft Browser – Memory Corruption Vulnerability (CVE-2016-7279) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Security Feature Bypass Vulnerability (CVE-2016-7281) MS Rating: Important

A security bypass vulnerability exists when the Microsoft browser Same Origin Policy fails to properly handle the validation of certain specially crafted documents.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7282) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Information Disclosure Vulnerability (CVE-2016-7284) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287) MS Rating: Critical

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-145 Cumulative Security Update for Microsoft Edge (3204062) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7181) MS Rating: Moderate

A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7206) MS Rating: Important

An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited this issue could run arbitrary code that could lead to an information disclosure.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7279) MS Rating: Important

A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7280) MS Rating: Important

An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited this issue could run arbitrary code that could lead to an information disclosure.

Microsoft Browser Security Feature Bypass (CVE-2016-7281) MS Rating: Important

A security feature bypass vulnerability exists when the Microsoft browser Same Origin Policy fails to properly handle validation of certain specially crafted documents.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7282) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286) MS Rating: Moderate

A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287) MS Rating: Critical

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288) MS Rating: Moderate

A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296) MS Rating: Critical

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297) MS Rating: Critical

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-146 Security Update for Microsoft Graphics Component (3204066) MS Rating: Critical

Windows GDI Information Disclosure Vulnerability (CVE-2016-7257) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7272) MS Rating: Critical

A remote code execution vulnerability exists due to the way the Windows Graphics component handles objects in the memory. An attacker who successfully exploited this issue could take control of the affected system.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7273) MS Rating: Critical

A remote code execution vulnerability exists due to the way the Windows Graphics component handles objects in the memory. An attacker who successfully exploited this issue could take control of the affected system.

MS16-147 Security Update for Microsoft Uniscribe (3204063) MS Rating: Critical

Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274) MS Rating: Critical

A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

MS16-148 Security Update for Microsoft Office (3204068) MS Rating: Critical

Windows GDI Information Disclosure Vulnerability (CVE-2016-7257) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7262) MS Rating: Important

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7263) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7265) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7266) MS Rating: Important

A security feature bypass vulnerability exists when Microsoft Office improperly checks registry settings when an attempt is made to run embedded content.

Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7267) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft Office software when the Office software improperly handles the parsing of file formats.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7268) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office OLE DLL Side Loading Vulnerability (CVE-2016-7275) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading libraries. An attacker who successfully exploited the vulnerability could take control of an affected system.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7290) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7291) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7298) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft (MAU) Office Elevation of Privilege Vulnerability (CVE-2016-7300) MS Rating: Important

A privilege escalation vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them.

MS16-149 Security Update for Microsoft Windows (3205655) MS Rating: Important

Windows Crypto Driver Information Disclosure Vulnerabilityy (CVE-2016-7219) MS Rating: Important

An information disclosure vulnerability exists when a Windows Crypto driver running in kernel mode improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Windows Installer Elevation of Privilege Vulnerability (CVE-2016-7292) MS Rating: Important

A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.

MS16-150 Security Update for Windows Secure Kernel Mode (3205642) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2016-7271) MS Rating: Important

A privilege escalation vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2016-7259) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Win32k Elevation of Privilege Vulnerability (CVE-2016-7260) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

MS16-152 Security Update for Windows Kernel (3199709) MS Rating: Important

Windows Kernel Memory Information Disclosure Vulnerability (CVE-2016-7258) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited the vulnerability could disclose information from one process to another.

MS16-153 Security Update for Common Log File System Driver (3207328) MS Rating: Important

Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2016-7295) MS Rating: Important

An information disclosure vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.

MS16-154 Security Update for Adobe Flash Player (3209498) MS Rating: Critical

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-155 Security Update for .NET Framework (3205640) MS Rating: Important

.NET Framework Information Disclosure Vulnerabiltiy (CVE-2016-7270) MS Rating: Important

A information disclosure vulnerability exists in the .NET 4.6.2 framework which could allow an attacker to access information at rest that should be defended by cryptographic mechanisms.


Microsoft Patch Tuesday – November 2016
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 14 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the November 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-nov

The following is a breakdown of the issues being addressed this month:

MS16-129 Cumulative Security Update for Microsoft Edge (3199057) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7196) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers handle objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7198) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers handle objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203) MS Rating: Important

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7195) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft browsers handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7199) MS Rating: Moderate

An information disclosure vulnerability exist when the Microsoft Browser improperly handles objects in memory.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202) MS Rating: Important

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Edge improperly handle objects in memory. An attacker who successfully exploited this vulnerability could trick a user into allowing access to the user's My Documents folder.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7208) MS Rating: Important

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Spoofing Vulnerability (CVE-2016-7209) MS Rating: Moderate

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7227) MS Rating: Important

An information disclosure vulnerability exist when the Microsoft browser improperly handles objects in memory.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7239) MS Rating: Moderate

An information disclosure vulnerability exists when the Microsoft browser XSS filter is abused to leak sensitive page information. An attacker who successfully exploited the vulnerability could obtain sensitive information from certain web pages.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7241) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7243) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-130 Security Update for Microsoft Windows (3199172) MS Rating: Critical

Windows File Manager Remote Code Execution Vulnerability (CVE-2016-7212) MS Rating: Critical

A remote code execution vulnerability exists when Windows image file loading functionality does not properly handle malformed image files, which could allow an attacker to execute arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to load a malformed image file from either a webpage or an email message.

Windows IME Elevation of Privilege Vulnerability (CVE-2016-7221) MS Rating: Important

An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when Windows Input Method Editor (IME) improperly handles DLL loading. To exploit this vulnerability, a locally authenticated attacker would run a specially crafted application.

Task Scheduler Elevation of Privilege Vulnerability (CVE-2016-7222) MS Rating: Important

This security update addresses an elevation of privilege vulnerability in the Windows Task Scheduler. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit the vulnerability, a locally authenticated attacker could use Windows Task Scheduler to schedule a new task with a malicious UNC path.

MS16-131 Security Update for Microsoft Video Control (3199151) MS Rating: Critical

Microsoft Video Control Remote Code Execution Vulnerability (CVE-2016-7248) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-132 Security Update for Microsoft Graphics Component (3199120) MS Rating: Critical

Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205) MS Rating: Critical

A remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Open Type Font Information Disclosure Vulnerability (CVE-2016-7210) MS Rating: Important

An information disclosure vulnerability exists when the ATMFD component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the user's system.

Media Foundation Memory Corruption Vulnerability (CVE-2016-7217) MS Rating: Important

A memory corruption vulnerability exists when the Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Open Type Font Remote Code Execution Vulnerability (CVE-2016-7256) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.

MS16-133 Security Update for Microsoft Office (3199168) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7213) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7228) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7229) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7230) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7232) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-7233) MS Rating: Important

An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7234) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7235) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7236) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Denial of Service Vulnerability (CVE-2016-7244) MS Rating: Important

A denial of service vulnerability exists in Microsoft Office when a specially crafted file is opened in Microsoft Office. An attacker who successfully exploited the vulnerability could cause Office to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate their user rights.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7245) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-134 Security Update for Common Log File System Driver (3193706) MS Rating: Important

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-0026) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3332) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3333) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3334) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3335) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3338) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3340) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3342) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-3343) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2016-7184) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

MS16-135 Security Update for Kernel-Mode Drivers (3199135) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2016-7214) MS Rating: Important

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

Win32k Elevation of Privilege Vulnerability (CVE-2016-7215) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Windows Bowser.sys Information Disclosure Vulnerability (CVE-2016-7218) MS Rating: Important

An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. To exploit this vulnerability, an authenticated attacker would run a specially crafted application.

Win32k Elevation of Privilege Vulnerability (CVE-2016-7246) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-7255) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

MS16-136 Security Update for SQL Server (3199641) MS Rating: Important

SQL RDBMS Engine EoP vulnerability (CVE-2016-7249) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database.

SQL RDBMS Engine EoP vulnerability (CVE-2016-7250) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database.

SQL RDBMS Engine EoP vulnerability (CVE-2016-7254) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database.

MDS API XSS Vulnerability (CVE-2016-7251) MS Rating: Important

An XSS vulnerability exists in SQL Server MDS that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. The vulnerability is caused when the SQL Server MDS does not properly validate a request parameter on the SQL Server site. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

SQL Analysis Services Information Disclosure Vulnerability (CVE-2016-7252) MS Rating: Moderate

An information Disclosure vulnerability exists in Microsoft SQL Analysis Services when it improperly checks filestream path. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database. An attacker who successfully exploited this vulnerability could gain additional database and file information.

SQL Server Agent Elevation of Privilege Vulnerability (CVE-2016-7253) MS Rating: Moderate

An elevation of privilege vulnerability exists in Microsoft SQL Server Engine when SQL Server Agent incorrectly check ACLs on atxcore.dll. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database.

MS16-137 Security Update for Windows Authentication Methods (3199173) MS Rating: Important

Virtual Secure Mode Information Disclosure Vulnerability (CVE-2016-7220) MS Rating: Important

An information disclosure vulnerability exists when Windows Virtual Secure Mode improperly handles objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system.

Local Security Authority Subsystem Service Denial of Service Vulnerability (CVE-2016-7237) MS Rating: Important

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an attacker sends a specially crafted request. A remote, but authenticated, attacker who successfully exploited this vulnerability could cause a denial of service on a target system.

Windows NTLM Elevation of Privilege Vulnerability (CVE-2016-7238) MS Rating: Important

This security update corrects a local elevation of privilege that exists when Windows fails to properly handle NTLM password change requests. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator.

MS16-138 Security Update to Microsoft Virtual Hard Drive (3199647) MS Rating: Important

VHDFS Driver Elevation of Privilege Vulnerability (CVE-2016-7223) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows VHDMP kernel driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.

VHDFS Driver Elevation of Privilege Vulnerability (CVE-2016-7224) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows VHDMP kernel driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.

VHDFS Driver Elevation of Privilege Vulnerability (CVE-2016-7225) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows VHDMP kernel driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.

VHDFS Driver Elevation of Privilege Vulnerability (CVE-2016-7226) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows VHDMP kernel driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.

MS16-139 Security Update for Windows Kernel (3199720) MS Rating: Important

Windows Kernel Elevation of Privilege Vulnerability (CVE-2016-7216) MS Rating: Important

Local elevation of privilege can occur when a Windows Kernel API improperly allows a user to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.

MS16-140 Security Update For Boot Manager (3193479) MS Rating: Important

Secure Boot Component Vulnerability (CVE-2016-7247) MS Rating: Important

A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.

MS16-141 Security Update for Adobe Flash Player (3202790) MS Rating: Critical

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-142 Cumulative Security Update for Internet Explorer (3198467) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7195) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7196) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7198) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7241) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7199) MS Rating: Moderate

An information disclosure vulnerability exists when Microsoft browsers improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser window state from a different domain.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7227) MS Rating: Important

An information disclosure vulnerability exists when Microsoft browsers improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser window state from a different domain.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7239) MS Rating: Moderate

An information disclosure vulnerability exists when the Microsoft browser XSS filter is abused to leak sensitive page information. An attacker who successfully exploited the vulnerability could obtain sensitive information from certain web pages.To exploit the vulnerability, an attacker would have to know what information that the attacker is seeking, identify a page that is susceptible to the attack, and then craft a special script to gather the information from the web pages.


Microsoft Patch Tuesday – October 2016
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 10 security bulletins, five of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the October 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-oct

The following is a breakdown of the issues being addressed this month:

MS16-118 Cumulative Security Update for Internet Explorer (3192887) MS Rating: Critical

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3267) MS Rating: Moderate

An information disclosure vulnerability exists when the Microsoft Browser improperly handles objects in memory.

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2016-3387) MS Rating: Important

A Privilege Escalation Vulnerability exists when Internet Explorer or Edge fails to properly secure private namespace.

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2016-3388) MS Rating: Important

A Privilege Escalation Vulnerability exists when Internet Explorer or Edge fails to properly secure private namespace.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3384) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3390) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3391) MS Rating: Moderate

An information disclosure vulnerability exists in Microsoft Browsers that leaves credential data in memory. An attacker who successfully exploited this vulnerability could harvest credentials from a memory dump of the browser process.

Internet Explorer Information Disclosure Vulnerability (CVE-2016-3298) MS Rating: Moderate

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3331) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3382) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3383) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3385) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-119 Cumulative Security Update for Microsoft Edge (3192890) MS Rating: Critical

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2016-3387) MS Rating: Important

A Privilege Escalation Vulnerability exists when Internet Explorer or Edge fails to properly secure private namespace.

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2016-3388) MS Rating: Important

A Privilege Escalation Vulnerability exists when Internet Explorer or Edge fails to properly secure private namespace.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3267) MS Rating: Moderate

An information disclosure vulnerability exists when the Microsoft Browser improperly handles objects in memory.

Scripting Engine Memory Corruption Vulnerability (CCVE-2016-3389) MS Rating: Critical

A remote code execution vulnerability exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3390) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3391) MS Rating: Moderate

An information disclosure vulnerability exists in Microsoft Browsers that leaves credential data in memory. An attacker who successfully exploited this vulnerability could harvest credentials from a memory dump of the browser process.

Microsoft Browser Security Feature Bypass Vulnerability (CVE-2016-3392) MS Rating: Moderate

A security bypass vulnerability exists when the Edge Content Security Policy fails to properly handle validation of certain specially crafted documents.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7194) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3331) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3382) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft Browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Remote Code Execution Vulnerability (CVE-2016-7189) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-7190) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge.

MS16-120 Security Update for Microsoft Graphics Component (3192884) MS Rating: Critical

GDI+ Information Disclosure Vulnerability (CVE-2016-3209) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3270) MS Rating: Important

A Privilege Escalation Vulnerability exists in Windows when the Windows kernel fails to properly handle objects in memory.

GDI+ Remote Code Execution Vulnerability (CVE-2016-3396) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.

True Type Font Parsing Elevation of Privilege Vulnerability (CVE-2016-7182) MS Rating: Critical

A Privilege Escalation Vulnerability exists in Windows when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

GDI+ Information Disclosure Vulnerability (CVE-2016-3262) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.

GDI+ Information Disclosure Vulnerability (CVE-2016-3263) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.

GDI+ Remote Code Execution Vulnerability (CVE-2016-3393) MS Rating: Critical

A Remote Code Execution vulnerability exists due to the way the Windows GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

MS16-121 Security Update for Microsoft Office (3194063) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2016-7193) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files.

MS16-122 Security Update for Microsoft Video Control (3195360) MS Rating: Critical

Microsoft Video Control Remote Code Execution Vulnerability (CVE-2016-0142) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-123 Security Update for Windows Kernel-Mode Drivers (3192892) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2016-3266) MS Rating: Important

A Privilege Escalation Vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3341) MS Rating: Important

A Privilege Escalation Vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

Win32k Elevation of Privilege Vulnerability (CVE-2016-7211) MS Rating: Important

A Privilege Escalation Vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3376) MS Rating: Important

A Privilege Escalation Vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-7185) MS Rating: Important

A Privilege Escalation Vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

MS16-124 Security Update for Windows Registry (3193227) MS Rating: Important

Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2016-0070) MS Rating: Important

A Privilege Escalation Vulnerability exists in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. To exploit the vulnerabilities, a locally authenticated attacker would need to run a specially crafted application.

Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2016-0073) MS Rating: Important

A Privilege Escalation Vulnerability exists in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. To exploit the vulnerabilities, a locally authenticated attacker would need to run a specially crafted application.

Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2016-0075) MS Rating: Important

A Privilege Escalation Vulnerability exists in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. To exploit the vulnerabilities, a locally authenticated attacker would need to run a specially crafted application.

Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2016-0079) MS Rating: Important

A Privilege Escalation Vulnerability exists in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. To exploit the vulnerabilities, a locally authenticated attacker would need to run a specially crafted application.

MS16-125 Security Update for Diagnostics Hub (3193229) MS Rating: Important

Windows Diagnostics Hub Elevation of Privilege (CVE-2016-7188) MS Rating: Important

A Privilege Escalation Vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecure library loading behavior.

MS16-126 Security Update for Microsoft Internet Messaging API (3196067) MS Rating: Moderate

Internet Explorer Information Disclosure Vulnerability (CVE-2016-3298) MS Rating: Moderate

An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.

MS16-127 Security Update for Adobe Flash Player (3194343) MS Rating: Critical

Security updates available for Flash Player MS Rating: Critical

Multiple security vulnerabilities exists in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


Microsoft Patch Tuesday – September 2016
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor released 13 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the September 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-sep

The following is a breakdown of the issues being addressed this month:

MS16-104 Cumulative Security Update for Internet Explorer (3183038) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3247) MS Rating: Important

A remote code execution vulnerability exists in the way that Internet Explorer accesses objects in memory. This vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3291) MS Rating: Moderate

An information disclosure vulnerability exists in the way that affected Microsoft browser handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all of the web pages in the affected browser.

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2016-3292) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3295) MS Rating: Critical

A remote code execution vulnerability exists in the way that Internet Explorer accesses objects in memory. This vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3297) MS Rating: Important

A remote code execution vulnerability exists in the way that Internet Explorer accesses objects in memory. This vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3325) MS Rating: Important

An information disclosure vulnerability exists in the way that Internet Explorer handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3351) MS Rating: Important

An information disclosure vulnerability exists in the way that Internet Explorer handles objects in memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise a target system.

Internet Explorer Security Feature Bypass (CVE-2016-3353) MS Rating: Important

A security feature bypass opportunity exists in the way that Internet Explorer handles files from the Internet zone.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3375) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

MS16-105 Cumulative Security Update for Microsoft Edge (3183043) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3247) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3291) MS Rating: Moderate

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all of the web pages in the affected browser.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3295) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3297) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3325) MS Rating: Important

An information disclosure vulnerability exists in the way that certain functions handle objects in memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise a target system.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3330) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3350) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3351) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

PDF Library Information Disclosure Vulnerability (CVE-2016-3370) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Microsoft Edge Information Disclosure Vulnerability (CVE-2016-3374) MS Rating: Important

An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3377) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-106 Security Update for Microsoft Graphics Component (3185848) MS Rating: Critical

Win32k Elevation of Privilege Vulnerability (CVE-2016-3348) MS Rating: Important

An elevation of privilege vulnerability exists in the way that certain Windows kernel-mode drivers handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3349) MS Rating: Important

An elevation of privilege vulnerability exists in the way that certain Windows kernel-mode drivers handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

GDI Information Disclosure Vulnerability (CVE-2016-3354) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.

GDI Elevation of Privilege Vulnerability (CVE-2016-3355) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

GDI Remote Code Execution Vulnerability (CVE-2016-3356) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

MS16-107 Security Update for Office (3185852) MS Rating: Critical

Microsoft APP-V Security Feature Bypass Vulnerability (CVE-2016-0137) MS Rating: Important

An information disclosure vulnerability exists in the way that the Click-to-Run (C2R) components handle objects in memory, which could lead to an Address Space Layout Randomization (ASLR) bypass.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-0141) MS Rating: Important

An information disclosure vulnerability exists when Visual Basic macros in Office improperly exports a user's private key from the certificate store while saving a document. An attacker who successfully exploited the vulnerability could potentially gain access to the user's private key.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3357) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3361) MS Rating: Moderate

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3363) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3365) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Spoofing Vulnerability (CVE-2016-3366) MS Rating: Important

A spoofing vulnerability exists when Microsoft Outlook does not strictly adhere to RFC2046 and improperly identifies the end of a MIME attachment. An improper MIME attachment ending may cause antivirus or antispam scanning to not work as intended.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3381) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-108 Security Update for Microsoft Exchange Server (3185883) MS Rating: Critical

Microsoft Exchange Information Disclosure Vulnerability (CVE-2016-0138) MS Rating: Important

An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications.

Microsoft Exchange Open Redirect Vulnerability (CVE-2016-3378) MS Rating: Moderate

An open redirect vulnerability exists in Microsoft Exchange that could lead to Spoofing. To exploit the vulnerability, an attacker can send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials.

Microsoft Exchange Elevation of Privilege Vulnerability (CVE-2016-3379) MS Rating: Important

An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests. To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user.

MS16-109 Security Update for Silverlight (3182373) MS Rating: Important

Microsoft Silverlight Memory Corruption Vulnerability (CVE-2016-3367) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Silverlight improperly allows applications to access objects in memory. The vulnerability could corrupt system memory, which could allow an attacker to execute arbitrary code.

MS16-110 Security Update for Windows (3178467) MS Rating: Important

Windows Permissions Enforcement Elevation of Privilege Vulnerability (CVE-2016-3346) MS Rating: Important

An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. A locally-authenticated attacker who successfully exploited this vulnerability could run arbitrary code as a system administrator.

Microsoft Information Disclosure Vulnerability (CVE-2016-3352) MS Rating: Important

An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user's NTLM password hash.

Windows Remote Code Execution Vulnerability (CVE-2016-3368) MS Rating: Important

A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.

Windows Denial of Service Vulnerability (CVE-2016-3369) MS Rating: Important

A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges.

MS16-111 Security Update for Windows Kernel (3186973) MS Rating: Important

Windows Session Object Elevation of Privilege Vulnerability (CVE-2016-3305) MS Rating: Important

A Windows session object elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.

Windows Session Object Elevation of Privilege Vulnerability (CVE-2016-3306) MS Rating: Important

A Windows session object elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2016-3371) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could gain access to information that is not intended for the user.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2016-3372) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

Windows Elevation of Privilege Vulnerability (CVE-2016-3373) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user.

MS16-112 Security Update for Windows Lock Screen (3178469) MS Rating: Important

Windows Lock Screen Elevation of Privilege Vulnerability (CVE-2016-3302) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user's computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user's computer. An attacker who successfully exploited the vulnerability could potentially execute code on a user's locked computer.

MS16-113 Security Update for Windows Secure Kernel Mode (3185876) MS Rating: Important

Windows Secure Kernel Mode Information Disclosure Vulnerability (CVE-2016-3344) MS Rating: Important

An information disclosure vulnerability exists in Windows when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker could attempt to exploit the vulnerability by running a specially crafted application on a targeted system. The information disclosure vulnerability alone would not be sufficient for an attacker to compromise a system, but would have to be combined with additional vulnerabilities to further exploit the system.

MS16-114 Security Update for Windows SMBv1 Server (3185879) MS Rating: Important

Windows SMB Authenticated Remote Code Execution Vulnerability (CVE-2016-3345) MS Rating: Important

A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) Server when an authenticated attacker sends specially crafted packets to the SMBv1 server, because the SMBv1 Server implementation improperly handles certain requests.

MS16-115 Security Update for Microsoft Windows PDF Library (3188733) MS Rating: Important

Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3370) MS Rating: Important

A remote code execution vulnerability exists in the way that the Windows PDF Library handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3374) MS Rating: Important

A remote code execution vulnerability exists in the way that the Windows PDF Library handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

MS16-116 Security Update in OLE Automation for VBScript Scripting Engine (3188724) MS Rating: Critical

Scripting Engine Information Disclosure Vulnerability (CVE-2016-3375) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.


Microsoft Patch Tuesday – August 2016
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the August 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-aug

The following is a breakdown of the issues being addressed this month:

MS16-095 Cumulative Security Update for Internet Explorer (3177356) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3288) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3289) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3290) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3293) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3322) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3326) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3327) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3329) MS Rating: Moderate

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

MS16-096 Cumulative Security Update for Microsoft Edge (3177358) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3289) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3293) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3296) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3322) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3326) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3327) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3329) MS Rating: Moderate

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

MS16-097 Security Update for Microsoft Graphics Component (3177393) MS Rating: Critical

Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3303) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

MS16-098 Security Update for Kernel-Mode Drivers (3178466) MS Rating: Important

Microsoft Win32k Elevation of Privilege Vulnerability (CVE-2016-3308) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Microsoft Win32k Elevation of Privilege Vulnerability (CVE-2016-3309) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Microsoft Win32k Elevation of Privilege Vulnerability (CVE-2016-3310) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Microsoft Win32k Elevation of Privilege Vulnerability (CVE-2016-3311) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

MS16-099 Security Update for Office (3177451) MS Rating: Critical

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft OneNote Information Disclosure Vulnerability (CVE-2016-3315) MS Rating: Important

An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3317) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-100 Security Update for Secure Boot (3179577) MS Rating: Important

Microsoft Secure Boot Security Feature Bypass Vulnerability (CVE-2016-3320) MS Rating: Important

A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.

MS16-101 Security Update for Windows Authentication Methods (3178465) MS Rating: Critical

Microsoft Kerberos Elevation of Privilege Vulnerability (CVE-2016-3237) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when Kerberos improperly handles a password change request and falls back to NTLM as the default authentication protocol.

Microsoft NetLogon Elevation of Privilege Vulnerability (CVE-2016-3300) MS Rating: Important

An elevation of privilege vulnerability exists when Windows Netlogon improperly establishes a secure communications channel to a domain controller. An attacker who successfully exploited the vulnerability could run a specially crafted application on a domain-joined system.

MS16-102 Security Update for Microsoft Windows PDF Library (3182248) MS Rating: Critical

Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

MS16-103 Security Update for ActiveSyncProvider (3182332) MS Rating: Important

Microsoft Universal Outlook Information Disclosure Vulnerability (CVE-2016-3312) MS Rating: Important

An information disclosure vulnerability exists when Universal Outlook fails to establish a secure connection. An attacker could use this vulnerability to obtain the username and password of a user. The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords.


Microsoft Patch Tuesday – July 2016
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 11 bulletins, five of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the July 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-jul

The following is a breakdown of the issues being addressed this month:

MS16-084 Cumulative Security Update for Internet Explorer (3169991) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3204) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3240) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3241) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3242) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3243) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Security Feature Bypass Vulnerability (CVE-2016-3245) MS Rating: Moderate

A security bypass vulnerability exists for Internet Explorer. An attacker could take advantage of the vulnerability to trick a user into connecting to a remote system.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3248) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3259) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3260) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Internet Explorer Information Disclosure Vulnerability (CVE-2016-3261) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Browser improperly handles objects in memory.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3264) MS Rating: Critical

A remote code execution vulnerability exist when Microsoft Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3273) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Browser XSS Filter does not properly validate content under specific conditions.

Microsoft Browser Spoofing Vulnerability (CVE-2016-3274) MS Rating: Moderate

A spoofing vulnerability exists when a Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.

Microsoft Browser Spoofing Vulnerability (CVE-2016-3276) MS Rating: Important

A spoofing vulnerability exists when the Microsoft Browser in reader mode does not properly parse HTML content. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3277) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Browser improperly handles objects in memory.

MS16-085 Cumulative Security Update for Microsoft Edge (3169999) MS Rating: Critical

Microsoft Edge Security Feature Bypass (CVE-2016-3244) MS Rating: Important

A security bypass vulnerability exists when Microsoft Edge does not properly implement Address Space Layout Randomization (ASLR).

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3246) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3248) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3259) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3260) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3264) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3265) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3269) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

Scripting Engine Information Disclosure Vulnerability (CVE-2016-3271) MS Rating: Critical

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3273) MS Rating: Moderate

An information disclosure vulnerability exists when the Microsoft Browser XSS Filter does not properly validate content under specific conditions.

Microsoft Browser Spoofing Vulnerability (CVE-2016-3274) MS Rating: Moderate

A spoofing vulnerability exists when a Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.

Microsoft Browser Spoofing Vulnerability (CVE-2016-3276) MS Rating: Important

A spoofing vulnerability exists when the Microsoft Browser in reader mode does not properly parse HTML content. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website.

Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3277) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Browser improperly handles objects in memory.

MS16-086 Cumulative Security Update for JScript and VBScript (3169996) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3204) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9 and VBScript engines render when handling objects in memory in Internet Explorer.

MS16-087 Security Update for Windows Print Spooler Components (3170005) MS Rating: Critical

Microsoft Print Spooler Remote Code Execution Vulnerability (CVE-2016-3238) MS Rating: Critical

A remote code execution vulnerability exists in Windows when the Print Spooler service does not properly validate print drivers while installing a printer from servers.

Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2016-3239) MS Rating: Important

An elevation of privilege vulnerability exists when the Microsoft Windows Print Spooler service improperly allows arbitrary writing to the file system.

MS16-088 Security Update for Microsoft Office (3170008) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3278) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Remote Code Execution Vulnerability (CVE-2016-3279) MS Rating: Important

A vulnerability exists when Microsoft Office fails to properly handle XLA files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3280) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3281) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3282) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3283) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3284) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-089 Security Update for Windows Secure Kernel Mode (3170050) MS Rating: Important

Windows Secure Kernel Mode Information Disclosure Vulnerability (CVE-2016-3256) MS Rating: Important

An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system.

MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2016-3249) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3250) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

GDI Component Information Disclosure Vulnerability (CVE-2016-3251) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3252) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3254) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3286) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode.

MS16-091 Security Update for .NET Framework (3170048) MS Rating: Important

.NET Information Disclosure Vulnerability (CVE-2016-3255) MS Rating: Important

An information disclosure vulnerability exists when .NET Framework improperly parses XML input containing a reference to an external entity.

MS16-092 Security Update for Windows Kernel (3171910) MS Rating: Important

Windows File System Security Feature Bypass Vulnerability (CVE-2016-3258) MS Rating: Important

A security bypass vulnerability exists in the Windows kernel that could allow an attacker to exploit time of check time of use (TOCTOU) issues in file path-based checks from a low integrity application.

Windows Kernel Information Disclosure Vulnerability (CVE-2016-3272) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited this vulnerability could disclose information from one process to another.

MS16-093 Security Update for Adobe Flash Player (3173337) MS Rating: Critical

Security updates available for Flash Player MS Rating: Critical

Multiple security vulnerabilities exist in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

MS16-094 Security Update for Secure Boot (3175677) MS Rating: Important

Secure Boot Security Feature Bypass Vulnerability (CVE-2016-3287) MS Rating: Important

A security bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device.


Microsoft Patch Tuesday – June 2016
ms-tuesday-patch-key-concept-white-light 2_12.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 16 bulletins, five of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the June 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-jun

The following is a breakdown of the issues being addressed this month:

MS16-063 Cumulative Security Update for Internet Explorer (3163649)

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-3211) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3202) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer XSS Filter Vulnerability (CVE-2016-3212) MS Rating: Important

A remote code execution vulnerability exists when the Internet Explorer XSS Filter does not properly validate JavaScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user).

WPAD Elevation of Privilege Vulnerability (CVE-2016-3213) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.

MS16-068Cumulative Security Update for Microsoft Edge (3163656)

Microsoft Edge Security Feature Bypass (CVE-2016-3198) MS Rating: Important

A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3202) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3214) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3222) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Windows PDF Information Disclosure Vulnerability (CVE-2016-3201) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.

Windows PDF Information Disclosure Vulnerability (CVE-2016-3215) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.

Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.

MS16-069 Cumulative Security Update for Jscript and VBScript (3163640)

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207) MS Rating: Critical

A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-070 Security Update for Microsoft Office (3163610)

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. To exploit the vulnerability, an attacker could craft a special document file, and then convince the victim to open it.

Microsoft Office OLE DLL Side Loading Vulnerability (CVE-2016-3235) MS Rating: Important

A remote code execution vulnerability exists when Windows improperly validates input before loading libraries. An attacker who successfully exploited the vulnerability could take control of an affected system.

MS16-071 Security Update for Microsoft Windows DNS Server (3164065)

Windows DNS Server Use After Free Vulnerability (CVE-2016-3227) MS Rating: Critical

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

MS16-072 Security Update for Group Policy (3163622)

Group Policy Elevation of Privilege Vulnerability (CVE-2016-3223) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.

MS16-073 Security Update for Windows Kernel Mode Drivers (3164028)

Win32k Elevation of Privilege Vulnerability (CVE-2016-3218) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3221) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows Virtual PCI Information Disclosure Vulnerability (CVE-2016-3232) MS Rating: Important

An information disclosure vulnerability exists when the Windows Virtual PCI (VPCI) virtual service provider (VSP) fails to properly handle uninitialized memory. An attacker who successfully exploited this vulnerability could potentially disclose contents of memory to which they should not have access.

MS16-074 Security Update for Microsoft Graphics Component (3164036)

Information Disclosure Vulnerability (CVE-2016-3216) MS Rating: Important

An information disclosure vulnerability exists when the Windows Graphics Device Interface (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities.

Win32k Elevation of Privilege Vulnerability (CVE-2016-3219) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows Graphic Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

ATMFD.DLL Elevation of Privilege Vulnerability (CVE-2016-3220) MS Rating: Important

An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-075 Security Update for Windows SMB Server (3164038)

Windows SMB Server Elevation of Privilege Vulnerability (CVE-2016-3225) MS Rating: Important

An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) when an attacker forwards an authentication request intended for another service running on the same machine. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions.

MS16-076 Security Update for Netlogon (3167691)

Windows NetLogon Memory Corruption Remote Code Execution Vulnerability (CVE-2016-3228) MS Rating: Important

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a remote code execution when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. To exploit the vulnerability, a domain-authenticated attacker could make a specially crafted NetLogon request to a domain controller.

MS16-077 Security Update for Web Proxy Autodiscovery (WPAD) (3165191)

WPAD Elevation of Privilege Vulnerability (CVE-2016-3213) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.

Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability (CVE-2016-3236) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Windows improperly handles certain proxy discovery scenarios using the Web Proxy Auto Discovery (WPAD) protocol method. An attacker who successfully exploited the vulnerability could potentially access and control network traffic for which the attacker does not have sufficient privileges.

MS16-078 Security Update for Windows Diagnostic Hub (3165479)

Windows Diagnostics Hub Elevation of Privilege Vulnerability (CVE-2016-3231) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an insecure library loading behavior. An attacker who successfully exploited this vulnerability could could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-079 Security Update for Microsoft Exchange (3160339)

Microsoft Exchange Information Disclosure Vulnerability (CVE-2016-0028) MS Rating: Important

An email filter bypass that could allow information disclosure exists in the way that Microsoft Exchange parses HTML messages. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online. An attacker could also combine this vulnerability with another one, such as a Cross-Site Request Forgery (CSRF), to amplify their attack.

MS16-080 Security Update for Microsoft Windows PDF (3164302)

Windows PDF Information Disclosure Vulnerability (CVE-2016-3201) MS Rating: Important

An Information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.

Windows PDF Information Disclosure Vulnerability (CVE-2016-3215) MS Rating: Important

An Information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.

Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.

MS16-081 Security Update for Active Directory (3164063)

Active Directory Denial of Service Vulnerability (CVE-2016-3226) MS Rating: Important

A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive.

MS16-082 Security Update for Microsoft Windows StructuredQuery Component (3165270)

Windows StructuredQuery Denial of Service Vulnerability (CVE-2016-3230) MS Rating: Important

This vulnerability occurs when the Windows StructuredQuery component fails to properly handle certain objects in memory. An attacker who successfully exploited this vulnerability could cause server performance to degrade sufficiently to cause a denial of service condition. An attacker could use this vulnerability to cause a denial of service attack and disrupt server availability.


Microsoft Patch Tuesday – May 2016
ms-tuesday-patch-key-concept-white-light 2_11.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 16 bulletins, eight of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the May 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-may

The following is a breakdown of the issues being addressed this month:

MS16-051 Cumulative Security Update for Internet Explorer (3155533) MS Rating: Critical

Internet Explorer Security Feature Bypass (CVE-2016-0188) MS Rating: Important

A security bypass vulnerability for Internet Explorer exists in the User Mode Code Integrity (UMCI) component of Device Guard when it improperly validates code integrity.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187) MS Rating: Critical

A remote code execution vulnerability exist in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189) MS Rating: Critical

A remote code execution vulnerability exist in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0192) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Information Disclosure Vulnerability (CVE-2016-0194) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly handle files, which could allow an attacker to disclose the contents of arbitrary files on the user's computer.

MS16-052 Cumulative Security Update for Microsoft Edge (3155538) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0186) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0191) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0192) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge

MS16-053 Security Update for JScript and VBScript (3156764) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187) MS Rating: Critical

A remote code execution vulnerability exist in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189) MS Rating: Critical

A remote code execution vulnerability exist in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer

MS16-054 Security Update for Microsoft Office (3148775) MS Rating: Critical

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0198) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-055 Security Update for Microsoft Graphics Component (3156754) MS Rating: Critical

Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168) MS Rating: Important

An Information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the user’s system.

Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169) MS Rating: Important

An Information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise the user’s system.

Windows Graphics Component RCE Vulnerability (CVE-2016-0170) MS Rating: Critical

A remote code execution vulnerability exists when the Windows GDI component fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system.

Direct3D Use After Free Vulnerability (CVE-2016-0184) MS Rating: Critical

A remote code execution vulnerability exists when the Windows GDI component fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system.

Direct3D Use After Free Vulnerability (CVE-2016-0195) MS Rating: Critical

A remote code execution vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

MS16-056 Security Update for Windows Journal (3156761) MS Rating: Critical

Windows Journal Memory Corruption Vulnerability (CVE-2016-0182) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.

MS16-057 Security Update for Windows Shell (3156987) MS Rating: Critical

Windows Shell Remote Code Execution Vulnerability (CVE-2016-0179) MS Rating: Critical

A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

MS16-058 Security Update for Windows IIS (3141083) MS Rating: Important

Windows DLL Loading Remote Code Execution Vulnerability (CVE-2016-0152) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain libraries. An attacker who successfully exploited this vulnerability could take control of an affected system.

MS16-059 Security Update for Windows Media Center (3150220) MS Rating: Important

Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185) MS Rating: Important

A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system.

MS16-060 Security Update for Windows Kernel (3154846) MS Rating: Important

Windows Kernel Elevation of Privilege Vulnerability (CVE-2016-0180) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions.

MS16-061 Security Update for Microsoft RPC (3155520) MS Rating: Important

RPC Network Data Representation Engine Elevation of Privilege Vulnerability (CVE-2016-0178) MS Rating: Important

An elevation of privilege vulnerability exists in the way that Microsoft Windows handles specially crafted Remote Procedure Call (RPC) requests. A privilege elevation can occur when the RPC Network Data Representation (NDR) Engine improperly frees memory.

MS16-062 Security Update for Windows Kernel-Mode Drivers (3158222) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2016-0171) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-0173) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2016-0174) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Win32k Information Disclosure Vulnerability (CVE-2016-0175) MS Rating: Important

A security feature bypass vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability (CVE-2016-0176) MS Rating: Important

An elevation of privilege vulnerability exists when the DirectX Graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory.

Win32k Elevation of Privilege Vulnerability (CVE-2016-0196) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability (CVE-2016-0197) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory.

MS16-064 Security Update for Adobe Flash Player (3157993) MS Rating: Critical

Security updates available for Flash Player MS Rating: Critical

Multiple security vulnerabilities exist in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

MS16-065 Security Update for .NET Framework (3156757) MS Rating: Important

Windows OLE Remote Code Execution Vulnerability (CVE-2016-0149) MS Rating: Important

An information disclosure vulnerability exists in the TLS/SSL protocol, implemented in the encryption component of Microsoft .NET Framework. An attacker who successfully exploited this vulnerability could decrypt encrypted SSL/TLS traffic.

MS16-066 Security Update for Virtual Secure Mode (3155451) MS Rating: Important

Hypervisor Code Integrity Security Feature Bypass (CVE-2016-0181) MS Rating: Important

A security feature bypass vulnerability exists when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enabled.

MS16-067 Security Update for SAM and LSAD Remote Protocols (3148527) MS Rating: Important

Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability (CVE-2016-0190) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol (RDP) through Microsoft RemoteFX is not correctly tied to the session of the mounting user.


Microsoft Patch Tuesday – April 2016
ms-tuesday-patch-key-concept-white-light 2_10.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 13 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the April 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-apr

The following is a breakdown of the issues being addressed this month:

MS16-037 Cumulative Security Update for Internet Explorer (3148531)

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0154) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0159) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0160) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0162) MS Rating: Moderate

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0164) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0166) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-038 Cumulative Security Update for Microsoft Edge (3148532)

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0154) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0155) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0156) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0157) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Elevation of Privilege Vulnerability (CVE-2016-0158) MS Rating: Critical

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0161) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing a script to be run with elevated privileges. In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability.

MS16-039 Security Update for Microsoft Graphics Component (3148522)

Win32k Elevation of Privilege Vulnerability (CVE-2016-0143) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Win32k Elevation of Privilege Vulnerability (CVE-2016-0165) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Win32k Elevation of Privilege Vulnerability (CVE-2016-0167) MS Rating: Critical

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Graphics Memory Corruption Vulnerability (CVE-2016-0145) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-040 Security Update for Microsoft XML Core Service (3148541)

MSXML Remote Code Execution Vulnerability (CVE-2016-0147) MS Rating: Critical

A remote code execution vulnerability exists when the Microsoft XML Core Services (MSXML) parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user's system.

MS16-041 Security Update for .NET Framework (3148789)

.NET Framework Remote Code Execution Vulnerability (CVE-2016-0148) MS Rating: Important

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-042 Security Update for Microsoft Office (3148775)

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0122) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0127) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0136) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0139) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-044 Security Update for Windows OLE (3146706)

Windows OLE Remote Code Execution Vulnerability (CVE-2016-0153) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

MS16-045 Security Update for Windows Hyper-V (3143118)

Hyper-V Remote Code Execution Vulnerability (CVE-2016-0088) MS Rating: Important

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Hyper-V Information Disclosure Vulnerability (CVE-2016-0089) MS Rating: Important

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected.

Hyper-V Information Disclosure Vulnerability (CVE-2016-0090) MS Rating: Important

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected.

MS16-046 Security Update for Secondary Logon (3148538)

Secondary Logon Elevation of Privilege Vulnerability (CVE-2016-0135) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527)

Windows RPC Downgrade Vulnerability (CVE-2016-0128) MS Rating: Important

An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect the RPC channel adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database.

MS16-048 Security Update for CSRSS (3148528)

Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft Windows when the Client-Server Run-time Subsystem (CSRSS) fails to properly manage process tokens in memory.

MS16-049 Security Update for HTTP.sys (3148795)

HTTP.sys Denial of Service Vulnerability (CVE-2016-0150) MS Rating: Important

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.

MS16-050 Security Update for Adobe Flash Player (3154132)

.NET XML Validation Security Feature Bypass (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, and CVE-2016-1019) MS Rating: Critical

Multiple security vulnerabilities exist in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.


Microsoft Patch Tuesday – March 2016
ms-tuesday-patch-key-concept-white-light 2_9.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 13 bulletins, five of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the March 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-mar

The following is a breakdown of the issues being addressed this month:

MS16-023 Cumulative Security Update for Internet Explorer (3142015)

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0102) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0103) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0104) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0105) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0107) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0108) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0109) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0110) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0111) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0112) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0113) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0114) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-024 Cumulative Security Update for Microsoft Edge (3142019)

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0102) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0105) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0109) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0110) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0111) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0116) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0123) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0124) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Information Disclosure Vulnerability (CVE-2016-0125) MS Rating: Moderate

An information disclosure vulnerability exists when Microsoft Edge improperly handles the referrer policy. An attacker who successfully exploited the vulnerability could gain information about the request context or browsing history of a user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0129) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0130) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-025 Security Update for Windows Library Loading to Address Remote Code Execution (3140709)

Library Loading Input Validation Remote Code Execution Vulnerability (CVE-2016-0100) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain libraries. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

MS16-026 Security Update for Graphic Fonts to Address Remote Code Execution (3143148)

OpenType Font Parsing Vulnerability (CVE-2016-0120) MS Rating: Moderate

A denial of service vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

OpenType Font Parsing Vulnerability (CVE-2016-0121) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted fonts.

MS16-027 Security Update for Windows Media to Address Remote Code Execution (3143146)

Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0098) MS Rating: Critical

A remote code execution vulnerability exist in Microsoft Windows. This vulnerability could allow remote code execution if a user opens specially crafted media content that is hosted on a website.

Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101) MS Rating: Critical

A remote code execution vulnerability exist in Microsoft Windows. This vulnerability could allow remote code execution if a user opens specially crafted media content that is hosted on a website.

MS16-028 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)

Remote Code Execution Vulnerability (CVE-2016-0117) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.

Remote Code Execution Vulnerability (CVE-2016-0118) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.

MS16-029 Security Update for Microsoft Office to Address Remote Code Execution - Important (3141806)

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0021) MS Rating: Important

A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-0057) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft Office software due to an invalidly signed binary. An attacker who successfully exploited the vulnerability could use a similarly configured binary to host malicious code.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0134) MS Rating: Important

A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-030 Security Update for Windows OLE to Address Remote Code Execution (3143136)

Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091) MS Rating: Important

A remote code execution vulnerability exist when Microsoft Windows OLE fails to properly validate user input. An attacker could use the vulnerability to execute malicious code.

Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092) MS Rating: Important

A remote code execution vulnerability exist when Microsoft Windows OLE fails to properly validate user input. An attacker could use the vulnerability to execute malicious code.

MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)

Windows Elevation of Privilege Vulnerability (CVE-2016-0087) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System.

MS16-032 Security Update for Secondary Logon to Address Elevation of Privilege (3143141)

Secondary Logon Elevation of Privilege Vulnerability (CVE-2016-0099) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

MS16-033 Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)

USB Mass Storage Elevation of Privilege Vulnerability (CVE-2016-0133) MS Rating: Important

An elevation of privilege vulnerability in Microsoft Windows when the Windows USB Mass Storage Class driver fails to properly validate objects in memory.

MS16-034 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)

Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0093) MS Rating: Important

An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0094) MS Rating: Important

An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0095) MS Rating: Important

An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0096) MS Rating: Important

An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

MS16-035 Security Update for .NET Framework to Address Security Feature Bypass (3141780)

.NET XML Validation Security Feature Bypass (CVE-2016-0132) MS Rating: Important

A security feature bypass vulnerability exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.


Microsoft Patch Tuesday – February 2016
ms-tuesday-patch-key-concept-white-light 2_8.pngt

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 13 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-feb

The following is a breakdown of the issues being addressed this month:

MS16-009 Cumulative Security Update for Internet Explorer (3134220)

DLL Loading Remote Code Execution Vulnerability (CVE-2016-0041) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system.

Internet Explorer Information Disclosure Vulnerability (CVE-2016-0059) MS Rating: Important

An information disclosure vulnerability exists in Internet Explorer when the Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0060) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0061) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0062) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0064) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0067) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2016-0068) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2016-0069) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0071) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0072) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Spoofing Vulnerability (CVE-2016-0077) MS Rating: Moderate

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

MS16-011 Cumulative Security Update for Microsoft Edge (3134225)

Internet Explorer Memory Corruption Vulnerability (CVE-2016-0060) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0061) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0062) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0084) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Spoofing Vulnerability (CVE-2016-0077) MS Rating: Moderate

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Microsoft Edge ASLR Bypass (CVE-2016-0080) MS Rating: Important

A security feature bypass vulnerability for Microsoft Edge exists as a result of how exceptions are handled when dispatching certain window messages, allowing an attacker to probe the layout of the address space and thereby bypassing Address Space Layout Randomization (ASLR). By itself, the ASLR bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.

MS16-012 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)

Microsoft Windows Reader Vulnerability (CVE-2016-0046) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when a specially crafted file is opened in Windows Reader. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.

Microsoft PDF Library Buffer Overflow Vulnerability (CVE-2016-0058) MS Rating: Critical

A vulnerability exists in the Microsoft Windows PDF Library when it improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user's system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-013 Security Update to Windows Journal to Address Remote Code Execution (3134811)

Windows Journal Memory Corruption vulnerability (CVE-2016-0038) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.

MS16-014 Security update for Microsoft Windows to Address Remote Code Execution (3134228)

Windows Elevation of Privilege Vulnerability (CVE-2016-0040) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows DLL Loading Remote Code Execution Vulnerability (CVE-2016-0041) MS Rating: Important

A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system.

Windows DLL Loading Remote Code Execution Vulnerability (CVE-2016-0042) MS Rating: Important

A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system.

Windows DLL Loading Denial of Service Vulnerability (CVE-2016-0044) MS Rating: Important

A denial of service vulnerability exists in Windows when Microsoft Sync Framework processes specially crafted input that uses the "change batch" structure. An attacker who successfully exploited the vulnerability could cause the target system to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate their user rights. However, it could prevent authenticated users from logging on through Remote Desktop.

Windows Kerberos Security Feature Bypass Vulnerability (CVE-2016-0049) MS Rating: Important

A security feature bypass exists in Windows when Kerberos fails to check the password change of a user signing into a workstation. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker.

MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226)

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0022) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0052) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0053) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0054) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0055) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0056) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft SharePoint XSS Vulnerability (CVE-2016-0039) MS Rating: Important

An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim.

MS16-016 Security Update for WebDAV to Address Elevation of Privilege (3136041)

WebDAV Elevation of Privilege Vulnerability (CVE-2016-0051) MS Rating: Important

An elevation of privilege vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client when WebDAV improperly validates input. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions.

MS16-017 Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)

Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability (CVE-2016-0036) MS Rating: Important

An elevation of privilege vulnerability exists in the Remote Desktop Protocol (RDP) when an attacker logs on to the target system using RDP and sends specially crafted data over the authenticated connection. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-018 Security Update for Windows Kernel-Mode Driver to Address Elevation of Privilege (3136082)

Win32k Elevation of Privilege Vulnerability (CVE-2016-0048) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-019 Security Update for .NET Framework to Address Denial of Service (3137893)

.NET Framework Stack Overflow Denial of Service Vulnerability (CVE-2016-0033) MS Rating: Important

A denial of service vulnerability exists when .NET Framework fails to properly handle certain Extensible Stylesheet Language Transformations (XSLT). An attacker who successfully exploited this vulnerability could cause server performance to degrade significantly enough to cause a denial of service condition.

Windows Forms Information Disclosure Vulnerability (CVE-2016-0047) MS Rating: Important

An information disclosure vulnerability exists in Microsoft .NET Framework that is caused when .NET's Windows Forms (WinForms) improperly handles icon data. An attacker who successfully exploited the vulnerability could send specially crafted icon data to a .NET service. The icon data could capture information that is then returned to the attacker within the icon's data.

MS16-020 Security Update for Active Directory to Address Denial of Service (3134222)

Microsoft Active Directory Federation Services Denial of Service Vulnerability (CVE-2016-0037) MS Rating: Important

A denial of service vulnerability exists when Active Directory Federation Services (ADFS) attempts to process certain input during forms-based authentication. An attacker who successfully exploits this vulnerability by sending certain input during forms-based authentication could cause the server to become nonresponsive.

MS16-021 Security Update for Network Policy Server RADIUS implemenation to Address Denial of Service (3133043)

Network Policy Server RADIUS Implementation Denial of Service Vulnerability (CVE-2016-0050) MS Rating: Important

A denial of service vulnerability exists when a Network Policy Server (NPS) improperly handles a Remote Authentication Dial-In User Service (RADIUS) authentication request. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted username strings to a Network Policy Server (NPS) causing a denial of service condition for RADIUS authentication on the NPS.

MS16-022 Security Update for Adobe Flash Player (3135782)

Adobe Flash Player and AIR CVE-2016-0985 Type Confusion Remote Code Execution Vulnerability (CVE-2016-0037) MS Rating: Critical

These updates resolve a type confusion vulnerability that could lead to code execution.

Adobe Flash Player and AIR APSB16-04 Multiple Use After Free Remote Code Execution Vulnerabilities (CVE-2016-0037) MS Rating: Critical

These updates resolve use-after-free vulnerabilities that could lead to code execution.

Adobe Flash Player and AIR CVE-2016-0971 Unspecified Heap Buffer Overflow Vulnerability (CVE-2016-0037) MS Rating: Critical

These updates resolve a heap buffer overflow vulnerability that could lead to code execution.

Adobe Flash Player and AIR APSB16-04 Multiple Memory Corruption Vulnerabilities (CVE-2016-0037) MS Rating: Critical

These updates resolve memory corruption vulnerabilities that could lead to code execution.

More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.


Microsoft Patch Tuesday – January 2016
ms-tuesday-patch-key-concept-white-light 2_7.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the January 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-jan

The following is a breakdown of the issues being addressed this month:

MS16-001 Cumulative Security Update for Internet Explorer (3124903)

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2016-0005) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. The update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Internet Explorer.

MS16-002 Cumulative Security Update for Microsoft Edge (3124904)

Microsoft Edge Memory Vulnerability (CVE-2016-0003) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0024) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS16-003 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)

Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer.

MS16-004 Security Update for Microsoft Office to Address Remote Code Execution (3124585)

Microsoft SharePoint Security Feature Bypass (CVE-2016-0011) MS Rating: Important

A security feature bypass exists in Microsoft SharePoint when Access Control Policy (ACP) configuration settings are not enforced correctly.

Microsoft SharePoint Security Feature Bypass (CVE-2015-6117) MS Rating: Important

A security feature bypass exists in Microsoft SharePoint when Access Control Policy (ACP) configuration settings are not enforced correctly.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0010) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

Microsoft Office ASLR Bypass (CVE-2016-0012) MS Rating: Important

A security feature bypass exists when Microsoft Office fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack.

Microsoft Office Memory Corruption Vulnerability (CVE-2016-0035) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

MS16-005 Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)

Windows GDI32.dll ASLR Bypass Vulnerability (CVE-2016-0008) MS Rating: Important

A security feature bypass vulnerability exists in the way that the Windows graphics device interface handles objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass.

Win32k Remote Code Execution Vulnerability (CVE-2016-0009) MS Rating: Critical

A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code on a target system.

MS16-006 Security Update for Silverlight to Address Remote Code Execution (3126036)

Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Silverlight decodes strings using a malicious decoder that can return negative offsets that cause Silverlight to replace unsafe object headers with contents provided by an attacker.

MS16-007 Security Update for Microsoft Windows to Address Remote Code Execution (3124901)

DLL Loading Elevation of Privilege Vulnerability (CVE-2016-0014) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could elevate their privileges on a targeted system.

DirectShow Heap Corruption Remote Code Execution Vulnerability (CVE-2016-0015) MS Rating: Important

A remote code execution vulnerability exists when DirectShow improperly validates user input. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

DLL Loading Remote Code Execution Vulnerability (CVE-2016-0016) MS Rating: Important

A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

DLL Loading Remote Code Execution Vulnerability (CVE-2016-0018) MS Rating: Important

A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Windows Remote Desktop Protocol Security Bypass Vulnerability (CVE-2016-0019) MS Rating: Important

A security feature bypass vulnerability exists in Windows Remote Desktop Protocol (RDP) that is caused when Windows 10 hosts running RDP services fail to prevent remote logon to accounts that have no passwords set. An attacker who successfully exploited this vulnerability could gain access to the remote host as another user, possibly with elevated privileges.

MAPI DLL Loading Elevation of Privilege Vulnerability (CVE-2016-0020) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could elevate their privileges on a targeted system.

MS16-008 Security Update for Kernel to Address Elevation of Privilege (3124605)

Windows Mount Point Elevation of Privilege Vulnerability (CVE-2016-0006) MS Rating: Important

A vulnerability exists in Windows while validating reparse points being set by sandbox applications. An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows Mount Point Elevation of Privilege Vulnerability (CVE-2016-0007) MS Rating: Important

A vulnerability exists in Windows while validating reparse points being set by sandbox applications. An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-010 Security Update for Exchange server to Address Spoofing (3124557)

Exchange Spoofing Vulnerability (CVE-2016-0029) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Exchange Spoofing Vulnerability (CVE-2016-0030) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Exchange Spoofing Vulnerability (CVE-2016-0031) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Exchange Spoofing Vulnerability (CVE-2016-0032) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.