Microsoft Security Bulletin Coverage (Feb 9, 2016)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Feb. 9, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-009 Cumulative Security Update for Internet Explorer

  • CVE-2016-0059 Internet Explorer Information Disclosure Vulnerability
    SPY: 1008 “Malformed-File xls.MP.49”
  • CVE-2016-0060 Internet Explorer Memory Corruption Vulnerability
    IPS:11444 “Internet Explorer Information Disclosure Vulnerability (MS16-009) 1”
  • CVE-2016-0061 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11445 “Microsoft Browser Memory Corruption Vulnerability (MS16-009) 1 “
  • CVE-2016-0062 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0063 Internet Explorer Memory Corruption Vulnerability
    IPS: 11446 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 2”
  • CVE-2016-0064 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0065 Internet Explorer Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0067 Internet Explorer Memory Corruption Vulnerability
    IPS: 11447 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 3”
  • CVE-2016-0068 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 11448 “Internet Explorer Elevation of Privilege Vulnerability (MS16-009) 1”
  • CVE-2016-0069 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0071 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0072 Internet Explorer Memory Corruption Vulnerability
    IPS: 11449 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 4”
  • CVE-2016-0086 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-011 Cumulative Security Update for Microsoft Edge

  • CVE-2016-0061 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11445 “Microsoft Browser Memory Corruption Vulnerability (MS16-009) 1 “
  • CVE-2016-0062 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0077 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0078 Microsoft Edge Spoofing Vulnerability
    IPS: 11450 “Microsoft Edge Spoofing Vulnerability (MS16-011) 1 “
  • CVE-2016-0080 Microsoft Edge ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2016-0082 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0083 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0084 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-012 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution

  • CVE-2016-0046 Microsoft Windows Reader Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0058 Microsoft PDF Library Buffer Overflow Vulnerability
    There are no known exploits in the wild.

MS16-013 Security Updates for Windows Journal to Address Remote Code Execution

  • CVE-2016-0038 Windows Journal Memory Corruption vulnerability
    There are no known exploits in the wild.

MS16-014 Security Update for Microsoft Windows to Address Remote Code Execution

  • CVE-2016-0040 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0041 Windows DLL Loading Remote Code Execution Vulnerability
    SPY: 4486 “Malformed-File ppsx.MP.2”
  • CVE-2016-0042 Windows DLL Loading Remote Code Execution Vulnerability
    SPY: 4483 “Malformed-File rtf.MP.8”
  • CVE-2016-0044 Windows DLL Loading Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0049 Windows Kerberos Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-015 Security Update for Microsoft Office to Address Remote Code Execution

  • CVE-2016-0022 Microsoft Office Memory Corruption Vulnerability
    SPY: 4484 “Malformed-File rtf.MP.9”
  • CVE-2016-0039 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0052 Microsoft Office Memory Corruption Vulnerability
    SPY: 4480 “Malformed-File rtf.MP.6”
  • CVE-2016-0053 Microsoft Office Memory Corruption Vulnerability
    SPY: 4479 “Malformed-File rtf.MP.7”
  • CVE-2016-0054 Microsoft Office Memory Corruption Vulnerability
    SPY: 4481 “Malformed-File xlsx.MP.2”
  • CVE-2016-0055 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0056 Microsoft Office Memory Corruption Vulnerability
    SPY: 4482 “Malformed-File docx.MP.9”
  • CVE-2016-0057 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-016 Security Update for WebDAV to Address Elevation of Privilege

  • CVE-2016-0051 WebDAV Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-017 Security Update for Remote Desktop Display Driver to Address Elevation of Privilege

  • CVE-2016-0036 Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-018 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

  • CVE-2016-0048 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-019 Security Update for .NET Framework to Address Denial of Service

  • CVE-2016-0033 .NET Framework Stack Overflow Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0047 Windows Forms Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-020 Security Update for Active Directory Federation Services to Address Denial of Service

  • CVE-2016-0037 Microsoft Active Directory Federation Services Denial of Service Vulnerability
    There are no known exploits in the wild.

MS16-021 Security Update for NPS RADIUS Server to Address Denial of Service

  • CVE-2016-0050 Network Policy Server RADIUS Implementation Denial of Service Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.