November 2016 - Microsoft Releases 14 Security Advisories

Publish Date: 03 maggio 2017

Data notifica: 08 novembre 2016

Descrizione

Microsoft addresses the following vulnerabilities in its November batch of patches:

(MS16-129) Cumulative Security Update for Microsoft Edge (3199057)
Risk Rating: Critical

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

(MS16-130) Security Update for Microsoft Windows (3199172)
Risk Rating: Critical

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

(MS16-131) Security Update for Microsoft Video Control (3199151)
Risk Rating: Critical

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

(MS16-132) Security Update for Microsoft Graphics Component (3199120)
Risk Rating: Critical

This security update resolves vulnerabilities in Microsoft Windows. The most severe of these could allow remote code execution on the vulnerable system.

(MS16-133) Security Update for Microsoft Office (3199168)
Risk Rating: Critical

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

(MS16-134) Security Update for Common Log File System Driver (3193706)
Risk Rating: Important

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.

(MS16-135) Security Update for Windows Kernel-Mode Drivers (3199135)
Risk Rating: Important

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege.

(MS16-137) Security Update for Windows Authentication Methods (3199173)
Risk Rating: Important

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege.

(MS16-138) Security Update to Microsoft Virtual Hard Disk Driver (3199647)
Risk Rating: Important

This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

(MS16-139) Security Update for Windows Kernel (3199720)
Risk Rating: Important

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information.

(MS16-140) Security Update for Boot Manager (3193479)
Risk Rating: Important

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.

(MS16-141) Security Update for Adobe Flash Player (3202790)
Risk Rating: Critical

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

(MS16-142) Cumulative Security Update for Internet Explorer (3198467)
Risk Rating: Critical

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

Informazioni esposizione:

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility

MS16-133 CVE-2016-7235 1008026 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7235) 9-Nov-16 YES

MS16-133 CVE-2016-7228 1008019 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7228) 9-Nov-16 YES

MS16-142, MS16-129 CVE-2016-7217 1008031 Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217) 9-Nov-16 YES

MS16-142, MS16-129 CVE-2016-7196 1008006 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7196) 9-Nov-16 YES

MS16-133 CVE-2016-7233 1008024 Microsoft Office Information Disclosure Vulnerability (CVE-2016-7233) 9-Nov-16 YES

MS16-129 CVE-2016-7203 1008010 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203) 9-Nov-16 YES

MS16-129 CVE-2016-7201 1008009 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201) 9-Nov-16 YES

MS16-129 CVE-2016-7200 1008008 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200) 9-Nov-16 YES

MS16-129 CVE-2016-7202 1008013 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202) 9-Nov-16 YES

MS16-133 CVE-2016-7234 1008025 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7234) 9-Nov-16 YES

MS16-142, MS16-129 CVE-2016-7241 1008017 Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-120) 11-Oct-16 YES

MS16-142, MS16-129 CVE-2016-7241 1007977 Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241) 9-Nov-16 YES

MS16-129 CVE-2016-7240 1008016 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240) 9-Nov-16 YES

MS16-133 CVE-2016-7232 1008023 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7232) 9-Nov-16 YES

MS16-129 CVE-2016-7204 1008014 Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204) 9-Nov-16 YES

MS16-133 CVE-2016-7230 1008021 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7230) 9-Nov-16 YES

MS16-132 CVE-2016-7256 1008036 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256) 9-Nov-16 YES

MS16-132 CVE-2016-7205 1008029 Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205) 9-Nov-16 YES

MS16-134 CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184 1007990 Microsoft Windows Multiple Security Vulnerabilities (MS16-134) 9-Nov-16 YES

MS16-142, MS16-129 CVE-2016-7198/td> 1008007 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7198) 9-Nov-16 YES

MS16-133 CVE-2016-7231 1008022 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231) 9-Nov-16 YES

MS16-133 CVE-2016-7236 1008027 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7236) 9-Nov-16 YES

MS16-129 CVE-2016-7242/td> 1008011 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242) 9-Nov-16 YES

MS16-138 CVE-2016-7226, CVE-2016-7224, CVE-2016-7225 1008035 Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-138) 9-Nov-16 YES

MS16-135 CVE-2016-7246, CVE-2016-7214, CVE-2016-7215, CVE-2016-7255 1008034 Microsoft Windows Multiple Security Vulnerabilities (MS16-135) 9-Nov-16 YES

MS16-133 CVE-2016-7213 1008018 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7213) 9-Nov-16 YES

MS16-142, MS16-129 CVE-2016-7195 1008012 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195) 9-Nov-16 YES

MS16-133 CVE-2016-7229 1008020 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7229) 9-Nov-16 YES

MS16-132 CVE-2016-7210 1008030 Microsoft Windows OpenType Font Information Disclosure Vulnerability (CVE-2016-7210)) 9-Nov-16 YES

Soluzioni

Macchia: : https://technet.microsoft.com/en-us/library/security/ms16-nov

MS Bulletin ID	Vulnerability ID	DPI Rule Number	DPI Rule Name	Release Date	Vulnerability Protection and IDF Compatibility
MS16-133	CVE-2016-7235	1008026	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7235)	9-Nov-16	YES
MS16-133	CVE-2016-7228	1008019	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7228)	9-Nov-16	YES
MS16-142, MS16-129	CVE-2016-7217	1008031	Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217)	9-Nov-16	YES
MS16-142, MS16-129	CVE-2016-7196	1008006	Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7196)	9-Nov-16	YES
MS16-133	CVE-2016-7233	1008024	Microsoft Office Information Disclosure Vulnerability (CVE-2016-7233)	9-Nov-16	YES
MS16-129	CVE-2016-7203	1008010	Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203)	9-Nov-16	YES
MS16-129	CVE-2016-7201	1008009	Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)	9-Nov-16	YES
MS16-129	CVE-2016-7200	1008008	Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200)	9-Nov-16	YES
MS16-129	CVE-2016-7202	1008013	Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202)	9-Nov-16	YES
MS16-133	CVE-2016-7234	1008025	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7234)	9-Nov-16	YES
MS16-142, MS16-129	CVE-2016-7241	1008017	Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-120)	11-Oct-16	YES
MS16-142, MS16-129	CVE-2016-7241	1007977	Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241)	9-Nov-16	YES
MS16-129	CVE-2016-7240	1008016	Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240)	9-Nov-16	YES
MS16-133	CVE-2016-7232	1008023	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7232)	9-Nov-16	YES
MS16-129	CVE-2016-7204	1008014	Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204)	9-Nov-16	YES
MS16-133	CVE-2016-7230	1008021	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7230)	9-Nov-16	YES
MS16-132	CVE-2016-7256	1008036	Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256)	9-Nov-16	YES
MS16-132	CVE-2016-7205	1008029	Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205)	9-Nov-16	YES
MS16-134	CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184	1007990	Microsoft Windows Multiple Security Vulnerabilities (MS16-134)	9-Nov-16	YES
MS16-142, MS16-129	CVE-2016-7198/td>	1008007	Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7198)	9-Nov-16	YES
MS16-133	CVE-2016-7231	1008022	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231)	9-Nov-16	YES
MS16-133	CVE-2016-7236	1008027	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7236)	9-Nov-16	YES
MS16-129	CVE-2016-7242/td>	1008011	Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242)	9-Nov-16	YES
MS16-138	CVE-2016-7226, CVE-2016-7224, CVE-2016-7225	1008035	Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-138)	9-Nov-16	YES
MS16-135	CVE-2016-7246, CVE-2016-7214, CVE-2016-7215, CVE-2016-7255	1008034	Microsoft Windows Multiple Security Vulnerabilities (MS16-135)	9-Nov-16	YES
MS16-133	CVE-2016-7213	1008018	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7213)	9-Nov-16	YES
MS16-142, MS16-129	CVE-2016-7195	1008012	Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195)	9-Nov-16	YES
MS16-133	CVE-2016-7229	1008020	Microsoft Office Memory Corruption Vulnerability (CVE-2016-7229)	9-Nov-16	YES
MS16-132	CVE-2016-7210	1008030	Microsoft Windows OpenType Font Information Disclosure Vulnerability (CVE-2016-7210))	9-Nov-16	YES

Minacce informatiche correlate
JS_SUNDOWN.B

November 2016 - Microsoft Releases 14 Security Advisories

Descrizione

Informazioni esposizione:

Soluzioni

Minacce informatiche correlate

Risorse

Assistenza

Informazioni su Trend

November 2016 - Microsoft Releases 14 Security Advisories

Descrizione

Informazioni esposizione:

Soluzioni

Minacce informatiche correlate

Risorse

Assistenza

Informazioni su Trend

America

Medio Oriente e Africa

Europa

Asia e Pacifico