Microsoft Security Bulletin Coverage (Apr 12, 2016)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Apr. 12, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-037 Cumulative Security Update for Internet Explorer

  • CVE-2016-0154 Microsoft Browser Memory Corruption Vulnerability
    IPS:11559 ” Microsoft Browser Memory Corruption Vulnerability (MS16-037) “
  • CVE-2016-0159 Internet Explorer Memory Corruption Vulnerability
    IPS:11557 ” Internet Explorer Memory Corruption Vulnerability (MS16-037) 1″
  • CVE-2016-0160 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0162 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0164 Internet Explorer Memory Corruption Vulnerability
    IPS: 11558 “Internet Explorer Memory Corruption Vulnerability (MS16-037) 2”
  • CVE-2016-0166 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-038 Cumulative Security Update for Microsoft Edge

  • a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0154″ target=”_blank”>CVE-2016-0154 Microsoft Browser Memory Corruption Vulnerability
    IPS:11559 ” Microsoft Browser Memory Corruption Vulnerability (MS16-037) “
  • CVE-2016-0155 Microsoft Edge Memory Corruption Vulnerability
    SPY:4382 ” Malformed-File exe.MP.13″
  • CVE-2016-0156 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0157 Microsoft Edge Memory Corruption Vulnerability
    IPS: 11550 “Microsoft Edge Memory Corruption Vulnerability (MS16-038) 2”
  • CVE-2016-0158 Microsoft Edge Elevation of Privilege Vulnerability
    IPS: 11551 “Microsoft Edge Memory Corruption Vulnerability (MS16-038) 3”
  • CVE-2016-0161 Microsoft Edge Elevation of Privilege Vulnerability
    IPS: 11552 “Microsoft Edge Memory Corruption Vulnerability (MS16-038) 4”

MS16-039 Security Update for Microsoft Graphics Component

  • CVE-2016-0143 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0145 Graphics Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0165 Win32k Elevation of Privilege Vulnerability
    SPY:4357 “Malformed-File exe.MP.11”
  • CVE-2016-0167 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-040 Security Update for Microsoft XML Core Services

  • CVE-2016-0147 MSXML Remote Code Execution Vulnerability
    IPS: 11548 ” MSXML Remote Code Execution Vulnerability (MS16-039)1″

MS16-041 Security Update for .NET Framework

  • CVE-2016-0148 .NET Framework Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-042 Security Update for Microsoft Office

  • CVE-2016-0122 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0127 Microsoft Office Memory Corruption Vulnerability
    SPY:4336 “Malformed-File rtf.MP.13”
  • CVE-2016-0136 Microsoft Office Memory Corruption Vulnerability
    IPS:11258 “Malformed Excel Document 1”
  • CVE-2016-0139 Microsoft Office Memory Corruption Vulnerability
    SPY:4335 “Malformed-File xls.MP.52 “

MS16-044 Security Update for Windows OLE

  • CVE-2016-0153 Windows OLE Remote Code Execution Vulnerability
    SPY:4491 “Malformed-File doc.MP.36 “

MS16-045 Security Update for Windows Hyper-V

  • CVE-2016-0088 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0089 Windows OLE Memory Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0090 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-046 Security Update for Secondary Logon

  • CVE-2016-0135 Secondary Logon Elevation of Privilege Vulnerability
    IPS: 11554 “Windows Secondary Logon Elevation of Privilege Vulnerability”

MS16-047 Security Update for SAM and LSAD Remote Protocols

  • CVE-2016-0128 Windows RPC Downgrade Vulnerability
    IPS: 11555 “DCERPC AuthLevel Downgrade (Windows)”

MS16-048 Security Update for CSRSS

  • CVE-2016-0151 Windows CSRSS Security Feature Bypass Vulnerability
    SPY:4358 ” Malformed-File exe.MP.12″

MS16-049 Security Update for HTTP.sys

  • CVE-2016-0150 HTTP.sys Denial of Service Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.