Security News

Microsoft Security Bulletin Coverage (June 14, 2016)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June 10, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-063 Cumulative Security Update for Internet Explorer

  • CVE-2016-0199 Internet Explorer Memory Corruption Vulnerability
    IPS:11661 ” Internet Explorer Memory Corruption Vulnerability (MS16-063) 1″
  • CVE-2016-0200 Internet Explorer Memory Corruption Vulnerability
    IPS:11662 ” Internet Explorer Memory Corruption Vulnerability (MS16-063) 2″
  • CVE-2016-3202 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3205 Scripting Engine Memory Corruption Vulnerability
    IPS:11663 ” Scripting Engine Memory Corruption Vulnerability (MS16-063) 1 “
  • CVE-2016-3206 Scripting Engine Memory Corruption Vulnerability
    IPS:11663 ” Scripting Engine Memory Corruption Vulnerability (MS16-063) 1 “
  • CVE-2016-3207 Scripting Engine Memory Corruption Vulnerability
    IPS:11665 ” Scripting Engine Memory Corruption Vulnerability (MS16-063) 3 “
  • CVE-2016-3210 Scripting Engine Memory Corruption Vulnerability
    IPS:3310 ” HTTP Client Shellcode Exploit 82 “
  • CVE-2016-3211 Internet Explorer Memory Corruption Vulnerability
    SPY:4954 ” Malformed-File exe.MP.17_5 “
  • CVE-2016-3212 Internet Explorer XSS Filter Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3213 WPAD Elevation of Privilege Vulnerability
    SPY:4959 ” Malformed-File exe.MP.18 “

MS16-068 Cumulative Security Update for Microsoft Edge

  • CVE-2016-3198 Microsoft Edge Security Feature Bypass
    IPS: 11667 “Microsoft Edge Security Feature Bypass (MS16-068) “
  • CVE-2016-3199 Scripting Engine Memory Corruption Vulnerability
    IPS:11668 ” Scripting Engine Memory Corruption Vulnerability(MS16-068) 5″
  • CVE-2016-3201 Windows PDF Information Disclosure Vulnerability
    SPY:4956 ” Malformed-File pdf.MP.157″
  • CVE-2016-3202 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3203 Windows PDF Remote Code Execution Vulnerability
    SPY:4957 ” Malformed-File pdf.MP.158″
  • CVE-2016-3214 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3215 Windows PDF Information Disclosure Vulnerability
    SPY:4958 ” Malformed-File pdf.MP.159″
  • CVE-2016-3222 Microsoft Edge Memory Corruption Vulnerability
    IPS:11669 ” Microsoft Edge Memory Corruption Vulnerability(MS16-068) 1″

MS16-069 Cumulative Security Update for JScript and VBScript

  • CVE-2016-3205 Scripting Engine Memory Corruption Vulnerability
    IPS:11663 ” Scripting Engine Memory Corruption Vulnerability (MS16-063) 1 “
  • CVE-2016-3206 Scripting Engine Memory Corruption Vulnerability
    IPS:11663 ” Scripting Engine Memory Corruption Vulnerability (MS16-063) 1 “
  • CVE-2016-3207 Scripting Engine Memory Corruption Vulnerability
    IPS:11665 ” Scripting Engine Memory Corruption Vulnerability (MS16-063) 3 “

MS16-070 Security Update for Microsoft Office

  • CVE-2016-0025 Microsoft Office Memory Corruption Vulnerability
    SPY: 4955 “Malformed-File doc.MP.37 “
  • CVE-2016-3233 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3234 Microsoft Office Memory Corruption Vulnerability
    IPS:11670 “Microsoft Office Information Disclosure Vulnerability(MS16-070) 1”
  • CVE-2016-3235 Microsoft Office OLE DLL Side Loading Vulnerability
    There are no known exploits in the wild.

MS16-071 Security Update for Microsoft Windows DNS Server

  • C
    VE-2016-3227     Windows DNS Server Use After Free Vulnerability
    There are no known exploits in the wild.

MS16-072 Security Update for Group Policy

  • CVE-2016-3223 Group Policy Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-073 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-3218 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-3221 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-3232 Windows Virtual PCI Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-074 Security Update for Microsoft Graphics Component

  • CVE-2016-3216 Information Disclosure Vulnerability
    SPY:4791 “Malformed-File emf.MP.7 “
  • CVE-2016-3219 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-3220 ATMFD.DLL Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-075 Security Update for Windows SMB Server

  • CVE-2016-3225 Windows SMB Server Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-076 Security Update for Netlogon

  • CVE-2016-3228 Windows NetLogon Memory Corruption Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-077 Security Update for WPAD

  • CVE-2016-3213 WPAD Elevation of Privilege Vulnerability
    SPY:4959 ” Malformed-File exe.MP.18 “
  • CVE-2016-3236 Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
    IPS:11660 ” NBNS Spoofing “

MS16-078 Security Update for Windows Diagnostic Hub

  • CVE-2016-3231 Windows Diagnostics Hub Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-079 Security Update for Microsoft Exchange Server

  • CVE-2016-0028 Microsoft Exchange Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-080 Security Update for Microsoft Windows PDF

  • CVE-2016-3201 Windows PDF Information Disclosure Vulnerability
    SPY:4956 ” Malformed-File pdf.MP.157″
  • CVE-2016-3203 Windows PDF Remote Code Execution Vulnerability
    SPY:4957 ” Malformed-File pdf.MP.158″
  • CVE-2016-3215 Windows PDF Information Disclosure Vulnerability
    SPY:4958 ” Malformed-File pdf.MP.159″

MS16-081 Security Update for Active Directory

  • CVE-2016-3226 Active Directory Denial of Service Vulnerability
    There are no known exploits in the wild.

MS16-082 Security Update for Microsoft Windows Search Component

  • CVE-2016-3230 Windows StructuredQuery Denial of Service Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Drupal Core Sql Injection Vulnerability CVE-2014-3704 (Oct 24, 2014)
New Trojan Downloader - Branvine.A (June 5, 2009)
ManageEngine Desktop Central Directory Traversal Vulnerability (Feb 20,2015)
PDF Phishing campaign uses Google Docs to steal victim's Email credentials
Yealink Device Management Command Injection Vulnerability
Microsoft Security Bulletins Coverage (Jun 15, 2011)
China’s “Winnti” Spyder Module
BBC Georgia's President Trojan (Aug 15, 2008)