September 2016 - Microsoft Releases 14 Security Advisories
Data do informe: 14 setembro 2016
Descrição
Microsoft addresses the following vulnerabilities in its August batch of patches:
- (MS16-104) Cumulative Security Update for Internet Explorer (3183038)
Risk Rating: Critical
This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. - (MS16-105) Cumulative Security Update for Microsoft Edge (3183043)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user. - (MS16-106) Security Update for Microsoft Graphics Component (3185848)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker. - (MS16-107) Security Update for Microsoft Office (3185852)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Office, the more severe of which could allow remote code execution. - (MS16-108) Security Update for Microsoft Exchange Server (3185883)
Risk Rating: Critical
This security update resolves a vulnerabilities in Microsoft Exchange Server, the most severe of which could allow remote code execution in certain Oracle Outside In libraries built into Exchange server. - (MS16-109) Security Update for Silverlight (3182373)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Silverlight that could allow remote code execution. The vulnerability is exploited when a user visits a compromised website that contains a specially crafted Silverlight application. - (MS16-110) Security Update for Windows (3178467)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow remote code execution if an attacker runs a specialy crafted request to exploit it. - (MS16-111) Security Update for Windows Kernel (3186973)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. When exploited, an attacker could gain the same rights as the currently logged on user. - (MS16-112) Security Update for Windows Lock Screen (3178469)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege. - (MS16-113) Security Update for Windows Secure Kernel Mode (3185876)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure. The vulnerability lies in the improper handling of objects in memory by the Windows Secure Kernel Mode. - (MS16-114) Security Update for SMBv1 Server (3185879)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution in certain versions of the operating system. The attacker sends specially crafted packets to a vulnerable SMBv1 Server. - (MS16-115) Security Update for Microsoft Windows PDF Library (3188733)
Risk Rating: Important
This security update resolves several vulnerabilities in Microsoft Windows that could allow information disclosure. An attacker must host a specially crafted PDF document or content online to exploit these vulnerablities. - (MS16-116) Security Update in OLE Automation for VBScript Scripting Engine (3188724)
Risk Rating: Critical
This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution. This bulletin requires installation of two updates prior to installing the update in this bulletin. - (MS16-117) Security Update for Adobe Flash Player (3188128)
Risk Rating: Critical
This security update resolves several vulnerabilities in Adobe Flash Player installed on certain versions of Microsoft Windows operating systems.
Exposição das informações
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| MS16-104 | CVE-2016-3324 | 1007928 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324) | 14-Sep-16 | YES |
| MS16-110 | CVE-2016-3352 | 1007931 | Microsoft Windows Information Disclosure Vulnerability (CVE-2016-3352) | 14-Sep-16 | YES |
| MS16-104, MS16-105 | CVE-2016-3247 | 1007920 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3247) | 14-Sep-16 | YES |
| MS16-115, MS16-105 | CVE-2016-3370 | 1007929 | Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3370) | 14-Sep-16 | YES |
| MS16-104, MS16-116 | CVE-2016-3375 | 1007925 | Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3375) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3363 | 1007944 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3363) | 14-Sep-16 | YES |
| MS16-111 | CVE-2016-3306 | 1007934 | Microsoft Windows Session Object Elevation Of Privilege Vulnerability (CVE-2016-3306) | 14-Sep-16 | YES |
| MS16-105 | CVE-2016-3377 | 1007927 | Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3377) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3381 | 1007947 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3381) | 14-Sep-16 | YES |
| MS16-106 | CVE-2016-3355 | 1007938 | Microsoft GDI Elevation Of Privilege Vulnerability (CVE-2016-3355) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3362 | 1007943 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362) | 14-Sep-16 | YES |
| MS16-104, MS16-105 | CVE-2016-3351 | 1007924 | Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3351) | 14-Sep-16 | YES |
| MS16-111 | CVE-2016-3373 | 1007936 | Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-3373) | 14-Sep-16 | YES |
| MS16-104, MS16-105 | CVE-2016-3295 | 1007921 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3295) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3358 | 1007940 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358) | 14-Sep-16 | YES |
| MS16-115, MS16-105 | CVE-2016-3374 | 1007930 | Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3374) | 14-Sep-16 | YES |
| MS16-111 | CVE-2016-3371 | 1007935 | Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-3371) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3365 | 1007946 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3365) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3364 | 1007945 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3357 | 1007939 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3357) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3360 | 1007942 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360) | 14-Sep-16 | YES |
| MS16-104, MS16-105 | CVE-2016-3297 | 1007941 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3359 | 1007941 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359) | 14-Sep-16 | YES |
| MS16-111 | CVE-2016-3305 | 1007933 | Microsoft Windows Session Object Elevation Of Privilege Vulnerability (CVE-2016-3305) | 14-Sep-16 | YES |
| MS16-105 | CVE-2016-3294 | 1007926 | Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294) | 14-Sep-16 | YES |
| MS16-104, MS16-105 | CVE-2016-3325 | 1007923 | Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3325) | 14-Sep-16 | YES |