October 2016 - Microsoft Releases 10 Security Advisories
CVE Kennungen:: CVE-2016-3267
Hinweisdatum: 11 Oktober 2016
Beschreibung
Microsoft addresses the following vulnerabilities in its August batch of patches:
- (MS16-118) Cumulative Security Update for Internet Explorer (3192887)
Risk Rating: Critical
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user, and thus install malicious code without restriction. - (MS16-119) Cumulative Security Update for Microsoft Edge (3192890)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. - (MS16-120) Security Update for Microsoft Graphics Component (3192884)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. - (MS16-121) Security Update for Microsoft Office (3194063)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. - (MS16-122) Security Update for Microsoft Video Control (3195360)
Risk Rating: Critical
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. - (MS16-123) Security Update for Windows Kernel-Mode Drivers (3192892)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. - (MS16-124) Security Update for Windows Registry (3193227)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information. - (MS16-125) Security Update for Diagnostics Hub (3193229)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. - (MS16-126) Security Update for Microsoft Internet Messaging API (3196067)
Risk Rating: Moderate
This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. - (MS16-127) (Security Update for Adobe Flash Player (3194343) Security Update for Windows Secure Kernel Mode (3185876)
Risk Rating: Critical
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Trend Micro Lösungen
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| MS16-126, MS16-118 | CVE-2016-3298 | 1007985 | Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3298) | 11-Oct-16 | YES |
| MS16-119 | CVE-2016-7189 | 1007983 | Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-7189) | 11-Oct-16 | YES |
| MS16-119 | CVE-2016-3386 | 1007984 | MMicrosoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386) | 11-Oct-16 | YES |
| MS16-121 | CVE-2016-7193 | 1007979 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-7193) | 11-Oct-16 | YES |
| MS16-125 | CVE-2016-7188 | 1007995 | Microsoft Windows Diagnostics Hub Elevation Of Privilege (CVE-2016-7188) | 11-Oct-16 | YES |
| MS16-120 | CVE-2016-3263 | 1007978 | Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-3263) | 11-Oct-16 | YES |
| MS16-118 | CVE-2016-3385 | 1007980 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3385) | 11-Oct-16 | YES |
| MS16-118, MS16-119 | CVE-2016-3331 | 1007986 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3331) | 11-Oct-16 | YES |
| MS16-123 | CVE-2016-3341, CVE-2016-7191, CVE-2016-3266, CVE-2016-7185, CVE-2016-3376 | 1007975 | Microsoft Windows Multiple Security Vulnerabilities (MS16-123) | 11-Oct-16 | YES |
| MS16-118 | CVE-2016-3383 | 1007981 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3383) | 11-Oct-16 | YES |
| MS16-120 | CVE-2016-3270, CVE-2016-7182 | 1007976 | Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-120) | 11-Oct-16 | YES |
| MS16-120 | CVE-2016-3262 | 1007977 | Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-3262) | 11-Oct-16 | YES |
| MS16-118, MS16-119 | CVE-2016-3387, CVE-2016-3388 | 1007989 | Microsoft Windows Multiple Security Vulnerabilities (MS16-118, MS16-119) | 11-Oct-16 | YES |
| MMS16-118, MS16-119 | CVE-2016-3267 | 1007991 | Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3267) | 11-Oct-16 | YES |
| MS16-119 | CVE-2016-7194 | 1007940 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358) | 14-Sep-16 | YES |
| MS16-115, MS16-105 | CVE-2016-3374 | 1007994 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7194) | 11-Oct-16 | YES |
| MS16-124 | CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079 | 1007988 | Microsoft Windows Multiple Security Vulnerabilities (MS16-124) | 11-Oct-16 | YES |
| MS16-120 | CVE-2016-3209 | 1007974 | Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-3209) | 11-Oct-16 | YES |
| MS16-119 | CVE-2016-7190 | 1007982 | Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364) | 14-Sep-16 | YES |
| MS16-107 | CVE-2016-3357 | 1007939 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7190) | 11-Oct-16 | YES |
| MS16-118, MS16-119 | CVE-2016-3382 | 1007987 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3382) | 11-Oct-16 | YES |