Security News

Microsoft Security Bulletin Coverage (Mar 8, 2016)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Mar. 8, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-023 Cumulative Security Update for Internet Explorer

  • CVE-2016-0102 Microsoft Browser Memory Corruption Vulnerability
    IPS:11490 ” Internet Explorer Memory Corruption Vulnerability (MS16-023) 1″
  • CVE-2016-0103 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0104 Internet Explorer Memory Corruption Vulnerability
    IPS: 11491 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 2 “
  • CVE-2016-0105 Microsoft Browser Memory Corruption Vulnerability
    IPS: 5173 “Obfuscated ActiveX Instantiation 3”
  • CVE-2016-0106 Internet Explorer Memory Corruption Vulnerability
    IPS: 11492 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 3”
  • CVE-2016-0107 Internet Explorer Memory Corruption Vulnerability
    IPS: 11493 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 4”
  • CVE-2016-0108 Internet Explorer Memory Corruption Vulnerability
    IPS: 11494 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 5”
  • CVE-2016-0109 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11495 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 6”
  • CVE-2016-0110 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11497 ” Internet Explorer Memory Corruption Vulnerability (MS16-023) 8″
  • CVE-2016-0111 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11498 ” Internet Explorer Memory Corruption Vulnerability (MS16-023) 7″
  • CVE-2016-0112 Internet Explorer Memory Corruption Vulnerability
    IPS: 11501 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 10”
  • CVE-2016-0113 Internet Explorer Memory Corruption Vulnerability
    IPS: 11503 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 11”
  • CVE-2016-0114 Internet Explorer Memory Corruption Vulnerability
    IPS: 11504 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 12”

MS16-024 Cumulative Security Update for Microsoft Edge

  • CVE-2016-0102 Microsoft Browser Memory Corruption Vulnerability
    IPS:11490 ” Internet Explorer Memory Corruption Vulnerability (MS16-023) 1″
  • CVE-2016-0105 Microsoft Browser Memory Corruption Vulnerability
    IPS: 5173 “Obfuscated ActiveX Instantiation 3”
  • CVE-2016-0109 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11495 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 6”
  • CVE-2016-0110 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11497 “Internet Explorer Memory Corruption Vulnerability (MS16-023) 8”
  • CVE-2016-0111 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11498 ” Internet Explorer Memory Corruption Vulnerability (MS16-023) 7″
  • CVE-2016-0116 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0123 Microsoft Edge Information Disclosure Vulnerability
    IPS: 11496 “Microsoft Edge Memory Corruption Vulnerability (MS16-024) 1”
  • CVE-2016-0124 Microsoft Edge Information Disclosure Vulnerability
    IPS: 11499 “Microsoft Edge Memory Corruption Vulnerability (MS16-024) 2”
  • CVE-2016-0125 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0129 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0130 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-025 Security Update for Windows Library Loading to Address Remote Code Execution

  • CVE-2016-0100 Library Loading Input Validation Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-026 Security Updates for Graphic Fonts to Address Remote Code Execution

  • CVE-2016-0120 OpenType Font Parsing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0121 OpenType Font Parsing Vulnerability
    There are no known exploits in the wild.

MS16-027 Security Update for Windows Media to Address Remote Code Execution

  • CVE-2016-0098 Windows Media Player Parsing Remote Code Execution Vulnerability
    IPS: 11500 “Windows Media Player Parsing Remote Code Execution 1”
  • CVE-2016-0101 Windows Media Player Parsing Remote Code Execution Vulnerability
    IPS: 11502 “Windows Media Player Parsing Remote Code Execution 2 “

MS16-028 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution

  • CVE-2016-0117 Remote Code Execution Vulnerability
    SPY: 3280 “FathFTP ActiveX RasIsConnected Method Invocation”
  • CVE-2016-0118 Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-029 Security Update for Microsoft Office to Address Remote Code Execution

  • CVE-2016-0021 Microsoft Office Memory Corruption Vulnerability
    SPY: 3252 “Malformed-File rtf.MP.11”
  • CVE-2016-0057 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0134 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-030 Security Update for Windows OLE to Address Remote Code Execution

  • CVE-2016-0091 Windows OLE Memory Remote Code Execution Vulnerability
    SPY: 2439 “Malformed-File rtf.MP.10”
  • CVE-2016-0092 Windows OLE Memory Remote Code Execution Vulnerability
    SPY: 3251 “Malformed-File rtf.MP.12”

MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege

  • CVE-2016-0087 Windows Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-032 Security Update for Secondary Logon to Address Elevation of Privilege

  • CVE-2016-0099 Secondary Logon Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-033 Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege

  • CVE-2016-0133 USB Mass Storage Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-034 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

  • CVE-2016-0093 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0094 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0095 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0096 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-035 Security Update for .NET Framework to Address Security Feature Bypass

  • CVE-2016-0035 .NET XML Validation Security Feature Bypass
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
JetBrains TeamCity Authentication Bypass Vulnerabilities
WebLogic Console Help Interface XSS (July 23, 2009)
IRC Bot masquerading as popular applications (October 11, 2013)
NewPosThings.C a 64-Bit variant of POS malware released in the wild.
New banker Trojan steals information via compromised webservers (Aug 10, 2011)
Microsoft Windows Privilege escalation vulnerability (CVE-2013-5065) attacks (Dec 4, 2013)
Infostealer Trojan targeting German users (April 25, 2014)
Blackhole exploit spam campaigns on the rise - (June 15, 2012)