Microsoft Security Bulletin Coverage (Oct 11, 2016)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Oct 11, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-118 Cumulative Security Update for Internet Explorer

  • CVE-2016-3383 Internet Explorer Memory Corruption Vulnerability
    IPS:11898 ” Internet Explorer Memory Corruption Vulnerability (MS16-118) “
  • CVE-2016-3385 Internet Explorer Memory Corruption Vulnerability
    IPS:11900 “Internet Explorer Memory Corruption Vulnerability (MS16-118) 3”
  • CVE-2016-3267 Microsoft Browser Information Disclosure Vulnerability
    IPS:11901 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118)”
  • CVE-2016-3298 Microsoft Browser Information Disclosure Vulnerability
    IPS:11902 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 2″
  • CVE-2016-3331 Microsoft Browser Memory Corruption Vulnerability
    IPS:11903 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 3″
  • CVE-2016-3382 Microsoft Browser Memory Corruption Vulnerability
    IPS:11904 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 4 “
  • CVE-2016-3387 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3388 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3384 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3390 Scripting Engine Memory Corruption Vulnerability
    This is a local vulnerability.
  • CVE-2016-3391 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-119 Cumulative Security Update for Microsoft Edge

  • CVE-2016-3267 Microsoft Browser Information Disclosure Vulnerability
    IPS:11901 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118)”
  • CVE-2016-3331 Microsoft Browser Memory Corruption Vulnerability
    IPS:11903 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 3″
  • CVE-2016-3382 Microsoft Browser Memory Corruption Vulnerability
    IPS:11904 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 4 “
  • CVE-2016-3386 Scripting Engine Memory Corruption Vulnerability
    IPS:11905 ” Scripting Engine Memory Corruption Vulnerability (MS16-119)”
  • CVE-2016-7189 Scripting Engine Information Disclosure Vulnerability
    IPS:11902 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 2″
  • CVE-2016-7190 Scripting Engine Memory Corruption Vulnerability
    IPS:11907 ” Scripting Engine Information Disclosure Vulnerability(MS16-119) 3″
  • CVE-2016-7194 Scripting Engine Memory Corruption Vulnerability
    IPS:11908 ” Scripting Engine Information Disclosure Vulnerability(MS16-119) 4″
  • CVE-2016-3387 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3388 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3389 Scripting Engine Memory Corruption Vulnerability
    This is a local vulnerability.
  • CVE-2016-3390 Scripting Engine Memory Corruption Vulnerability
    This is a local vulnerability.
  • CVE-2016-3391 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3392 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.

MS16-120 Security Update for Microsoft Graphics Component

  • CVE-2016-3209 True Type Font Parsing Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3262 GDI+ Information Disclosure Vulnerability
    SPY:1380 ” Malformed-File emf.MP.9″
  • CVE-2016-3263 GDI+ Information
    Disclosure Vulnerability
    SPY:1380 ” Malformed-File emf.MP.9″
  • CVE-2016-3270 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3393 Windows Graphics Component RCE Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7182 True Type Font Parsing Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3396 GDI+ Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-121 Security Update for Microsoft Office

  • CVE-2016-7193 Microsoft Office Memory Corruption Vulnerability
    IPS:11909 ” Microsoft Office Memory Corruption Vulnerability(MS16-121) 1″

MS16-122 Security Update for Microsoft Video Control

  • CVE-2016-0142 Windows Object Linking and Embedding (OLE) Remote Code Execution Vulnerability
    This is a local vulnerability.

MS16-123 Security Update for Kernel-Mode Drivers

  • CVE-2016-7211 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3266 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2016-3341 Windows Transaction Manager Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2016-3376 Windows Kernel Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2016-7185 Windows Kernel Driver Local Elevation of Privilege
    This is a local vulnerability.

MS16-124 Security Update for Windows Registry

  • CVE-2016-0070 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.
  • CVE-2016-0073 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.
  • CVE-2016-0075 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.
  • CVE-2016-0079 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.

MS16-125 Security Update for Diagnostics Hub

  • CVE-2016-7188 Windows Diagnostics Hub Elevation of Privilege
    SPY:1381 ” Malformed-File exe.MP.28″

MS16-126 Security Update for Microsoft Internet Messaging API

  • CVE-2016-3298 Microsoft Browser Information Disclosure Vulnerability
    IPS:11902 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 2″
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.