Microsoft Security Bulletin Coverage (May 10, 2016)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of May 10, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-051 Cumulative Security Update for Internet Explorer

  • CVE-2016-0188 Internet Explorer Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-0189 Scripting Engine Memory Corruption Vulnerability
    IPS:11594 ” Scripting Engine Memory Corruption Vulnerability (MS16-051) 1″
  • CVE-2016-0192 Microsoft Browser Memory Corruption Vulnerability
    IPS:11595 ” Microsoft Browser Memory Corruption Vulnerability (MS16-051) 1″
  • CVE-2016-0194 Internet Explorer Information Disclosure Vulnerability
    SPY:4495 ” Malformed-File exe.MP.15 “

MS16-052 Cumulative Security Update for Microsoft Edge

  • CVE-2016-0191 Microsoft Edge Memory Corruption Vulnerability
    IPS: 11596 “Microsoft Edge Memory Corruption Vulnerability (MS16-051) 1”
  • CVE-2016-0192 Microsoft Browser Memory Corruption Vulnerability
    IPS:11595 ” Microsoft Browser Memory Corruption Vulnerability (MS16-051) 1″
  • CVE-2016-0193 Scripting Engine Memory Corruption Vulnerability
    IPS:11597 ” Scripting Engine Memory Corruption Vulnerability (MS16-051) 2″

MS16-053 Cumulative Security Update for JScript and VBScript

  • CVE-2016-0187 Scripting Engine Memory Corruption Vulnerability
    IPS:11598 ” Scripting Engine Memory Corruption Vulnerability (MS16-051) 3″
  • CVE-2016-0189 Scripting Engine Memory Corruption Vulnerability
    IPS:11594 “Scripting Engine Memory Corruption Vulnerability (MS16-051) 1”

MS16-054 Security Update for Microsoft Office

  • CVE-2016-0126 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0140 Microsoft Office Memory Corruption Vulnerability
    SPY: 4335 “Malformed-File xls.MP.52”
  • CVE-2016-0183 Microsoft Office Graphics RCE Vulnerability
    There are no known exploits in the wild.

MS16-055 Security Update for Microsoft Graphics Component

  • CVE-2016-0168 Windows Graphics Component Information Disclosure Vulnerability
    SPY: 4500 “Malformed-File emf.MP.2”
  • CVE-2016-0169 Windows Graphics Component Information Disclosure Vulnerability
    SPY: 4499 “Malformed-File emf.MP.1”
  • CVE-2016-0170 Windows Graphics Component RCE Vulnerability
    SPY: 4499 “Malformed-File emf.MP.1”
  • CVE-2016-0184 Direct3D Use After Free Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0195 Direct3D Use After Free RCE Vulnerability
    This is a local Vulnerability.

MS16-056 Security Update for Windows Journal

  • CVE-2016-0182 Windows Journal Memory Corruption Vulnerability
    This is a local Vulnerability.

MS16-057 Security Update for Windows Shell

  • CVE-2016-0179 Windows Shell Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-058 Security Update for Windows IIS

  • CVE-2016-0152 Windows DLL Loading Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-059 Security Update for Windows Media Center

  • CVE-2016-0185 Windows Media Center Remote Code Execution Vulnerability
    IPS:11593 “Windows Media Center Remote Code Execution (MS16-059)”

MS16-060 Security Update for Windows Kernel

  • CVE-2016-0180 Windows Kernel Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-061 Security Update for Microsoft RPC

  • CVE-2016-0178 RPC Network Data Representation Engine Elevation of Privilege Vulnerability
    SPY:4497 “Malformed-File exe.MP.14”

MS16-062 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-0171 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0172 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0173 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0174 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0175 Win32k Information Disclosure Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0176 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0196 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0197 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-064 Security Update for Adobe Flash Player

  • CVE-2016-0177 Schannel Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-065 Security Update for .NET Framework

  • CVE-2016-0149 TLS/SSL Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-066 Security Update for Virtual Secure Mode

  • CVE-2016-0181 Hypervisor Code Integrity Security Feature Bypass
    There are no known exploits in the wild.

MS16-067 Security Update for Volume Manager Driver

  • CVE-2016-0190 Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.