Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 13 bulletins, five of which are rated Critical.
-
MS16-023 Cumulative Security Update for Internet Explorer (3142015)
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0102) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0103) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0104) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0105) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0107) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0108) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0109) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0110) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0111) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0112) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0113) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0114) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
-
MS16-024 Cumulative Security Update for Microsoft Edge (3142019)
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0102) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0105) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0109) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0110) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0111) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0116) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0123) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0124) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Information Disclosure Vulnerability (CVE-2016-0125) MS Rating: Moderate
An information disclosure vulnerability exists when Microsoft Edge improperly handles the referrer policy. An attacker who successfully exploited the vulnerability could gain information about the request context or browsing history of a user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0129) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0130) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
-
MS16-025 Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
Library Loading Input Validation Remote Code Execution Vulnerability (CVE-2016-0100) MS Rating: Important
A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain libraries. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
-
MS16-026 Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
OpenType Font Parsing Vulnerability (CVE-2016-0120) MS Rating: Moderate
A denial of service vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
OpenType Font Parsing Vulnerability (CVE-2016-0121) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted fonts.
-
MS16-027 Security Update for Windows Media to Address Remote Code Execution (3143146)
Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0098) MS Rating: Critical
A remote code execution vulnerability exist in Microsoft Windows. This vulnerability could allow remote code execution if a user opens specially crafted media content that is hosted on a website.
Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101) MS Rating: Critical
A remote code execution vulnerability exist in Microsoft Windows. This vulnerability could allow remote code execution if a user opens specially crafted media content that is hosted on a website.
-
MS16-028 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
Remote Code Execution Vulnerability (CVE-2016-0117) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.
Remote Code Execution Vulnerability (CVE-2016-0118) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.
-
MS16-029 Security Update for Microsoft Office to Address Remote Code Execution - Important (3141806)
Microsoft Office Memory Corruption Vulnerability (CVE-2016-0021) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-0057) MS Rating: Important
A security feature bypass vulnerability exists in Microsoft Office software due to an invalidly signed binary. An attacker who successfully exploited the vulnerability could use a similarly configured binary to host malicious code.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-0134) MS Rating: Important
A remote code execution vulnerability exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
-
MS16-030 Security Update for Windows OLE to Address Remote Code Execution (3143136)
Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091) MS Rating: Important
A remote code execution vulnerability exist when Microsoft Windows OLE fails to properly validate user input. An attacker could use the vulnerability to execute malicious code.
Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092) MS Rating: Important
A remote code execution vulnerability exist when Microsoft Windows OLE fails to properly validate user input. An attacker could use the vulnerability to execute malicious code.
-
MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)
Windows Elevation of Privilege Vulnerability (CVE-2016-0087) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System.
-
MS16-032 Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
Secondary Logon Elevation of Privilege Vulnerability (CVE-2016-0099) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
-
MS16-033 Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
USB Mass Storage Elevation of Privilege Vulnerability (CVE-2016-0133) MS Rating: Important
An elevation of privilege vulnerability in Microsoft Windows when the Windows USB Mass Storage Class driver fails to properly validate objects in memory.
-
MS16-034 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0093) MS Rating: Important
An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0094) MS Rating: Important
An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0095) MS Rating: Important
An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (CVE-2016-0096) MS Rating: Important
An elevation of privilege vulnerability exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
-
MS16-035 Security Update for .NET Framework to Address Security Feature Bypass (3141780)
.NET XML Validation Security Feature Bypass (CVE-2016-0132) MS Rating: Important
A security feature bypass vulnerability exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.