Date du conseil: 14 septembre 2016

  Description

Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS16-104) Cumulative Security Update for Internet Explorer (3183038)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-105) Cumulative Security Update for Microsoft Edge (3183043)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-106) Security Update for Microsoft Graphics Component (3185848)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-107) Security Update for Microsoft Office (3185852)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office, the more severe of which could allow remote code execution.


  • (MS16-108) Security Update for Microsoft Exchange Server (3185883)
    Risk Rating: Critical

    This security update resolves a vulnerabilities in Microsoft Exchange Server, the most severe of which could allow remote code execution in certain Oracle Outside In libraries built into Exchange server.


  • (MS16-109) Security Update for Silverlight (3182373)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Silverlight that could allow remote code execution. The vulnerability is exploited when a user visits a compromised website that contains a specially crafted Silverlight application.


  • (MS16-110) Security Update for Windows (3178467)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow remote code execution if an attacker runs a specialy crafted request to exploit it.


  • (MS16-111) Security Update for Windows Kernel (3186973)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When exploited, an attacker could gain the same rights as the currently logged on user.


  • (MS16-112) Security Update for Windows Lock Screen (3178469)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege.


  • (MS16-113) Security Update for Windows Secure Kernel Mode (3185876)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure. The vulnerability lies in the improper handling of objects in memory by the Windows Secure Kernel Mode.


  • (MS16-114) Security Update for SMBv1 Server (3185879)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution in certain versions of the operating system. The attacker sends specially crafted packets to a vulnerable SMBv1 Server.


  • (MS16-115) Security Update for Microsoft Windows PDF Library (3188733)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows that could allow information disclosure. An attacker must host a specially crafted PDF document or content online to exploit these vulnerablities.


  • (MS16-116) Security Update in OLE Automation for VBScript Scripting Engine (3188724)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution. This bulletin requires installation of two updates prior to installing the update in this bulletin.


  • (MS16-117) Security Update for Adobe Flash Player (3188128)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Adobe Flash Player installed on certain versions of Microsoft Windows operating systems.


  Information Exposure Rating:

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS16-104 CVE-2016-3324 1007928 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324) 14-Sep-16 YES
MS16-110 CVE-2016-3352 1007931 Microsoft Windows Information Disclosure Vulnerability (CVE-2016-3352) 14-Sep-16 YES
MS16-104, MS16-105 CVE-2016-3247 1007920 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3247) 14-Sep-16 YES
MS16-115, MS16-105 CVE-2016-3370 1007929 Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3370) 14-Sep-16 YES
MS16-104, MS16-116 CVE-2016-3375 1007925 Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3375) 14-Sep-16 YES
MS16-107 CVE-2016-3363 1007944 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3363) 14-Sep-16 YES
MS16-111 CVE-2016-3306 1007934 Microsoft Windows Session Object Elevation Of Privilege Vulnerability (CVE-2016-3306) 14-Sep-16 YES
MS16-105 CVE-2016-3377 1007927 Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3377) 14-Sep-16 YES
MS16-107 CVE-2016-3381 1007947 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3381) 14-Sep-16 YES
MS16-106 CVE-2016-3355 1007938 Microsoft GDI Elevation Of Privilege Vulnerability (CVE-2016-3355) 14-Sep-16 YES
MS16-107 CVE-2016-3362 1007943 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362) 14-Sep-16 YES
MS16-104, MS16-105 CVE-2016-3351 1007924 Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3351) 14-Sep-16 YES
MS16-111 CVE-2016-3373 1007936 Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-3373) 14-Sep-16 YES
MS16-104, MS16-105 CVE-2016-3295 1007921 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3295) 14-Sep-16 YES
MS16-107 CVE-2016-3358 1007940 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358) 14-Sep-16 YES
MS16-115, MS16-105 CVE-2016-3374 1007930 Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3374) 14-Sep-16 YES
MS16-111 CVE-2016-3371 1007935 Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-3371) 14-Sep-16 YES
MS16-107 CVE-2016-3365 1007946 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3365) 14-Sep-16 YES
MS16-107 CVE-2016-3364 1007945 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364) 14-Sep-16 YES
MS16-107 CVE-2016-3357 1007939 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3357) 14-Sep-16 YES
MS16-107 CVE-2016-3360 1007942 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360) 14-Sep-16 YES
MS16-104, MS16-105 CVE-2016-3297 1007941 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359) 14-Sep-16 YES
MS16-107 CVE-2016-3359 1007941 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359) 14-Sep-16 YES
MS16-111 CVE-2016-3305 1007933 Microsoft Windows Session Object Elevation Of Privilege Vulnerability (CVE-2016-3305) 14-Sep-16 YES
MS16-105 CVE-2016-3294 1007926 Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294) 14-Sep-16 YES
MS16-104, MS16-105 CVE-2016-3325 1007923 Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3325) 14-Sep-16 YES

  Solutions