Microsoft Security Bulletin Coverage (Nov 8, 2016)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:
MS16-129 Cumulative Security Update for Microsoft Edge
- CVE-2016-7196 Microsoft Browser Memory Corruption Vulnerability
IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1” - CVE-2016-7198 Microsoft Browser Memory Corruption Vulnerability
IPS:11958 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 2” - CVE-2016-7200 Scripting Engine Memory Corruption Vulnerability
IPS:11959 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 1” - CVE-2016-7201 Scripting Engine Memory Corruption Vulnerability
IPS:11960 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 2” - CVE-2016-7203 Scripting Engine Memory Corruption Vulnerability
IPS:11961 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 3” - CVE-2016-7242 Scripting Engine Memory Corruption Vulnerability
IPS:11962 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 4” - CVE-2016-7246 Win32k Elevation of Privilege
There are no known exploits in the wild. - CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1” - CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
IPS:11964 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 5” - CVE-2016-7204 Microsoft Edge Information Disclosure Vulnerability
TIPS:11965 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 4″ - CVE-2016-7208 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7209 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild. - CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″ - CVE-2016-7239 Microsoft Browser Information Disclosure
There are no known exploits in the wild. - CVE-2016-7240 Scripting Engine Memory Corruption Vulnerability
IPS:11968 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 7″ - CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7” - CVE-2016-7243 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
MS16-130 Security Update for Microsoft Windows
- CVE-2016-7212 Windows File Manager Remote Code Execution Vulnerability
There are no known exploits in the wild. - CVE-2016-7221 Windows IME Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7222 Task Scheduler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
MS16-131 Security Update for Microsoft Video Control
- CVE-2016-7248 Microsoft Video Control Remote Code Execution Vulnerability
There are no known exploits in the wild.
MS16-132 Security Update for Microsoft Graphics Component
- CVE-2016-7205 Windows Animation Manager Memory Corruption Vulnerability
IPS:11970 “Windows Animation Manager Memory Corruption Vulnerability (MS16-132)” - CVE-2016-7210 Open Type F
ont Information Disclosure Vulnerability
SPY:2014 “Malformed-File otf.MP.21” - CVE-2016-7217 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7256 Open Type Font Information Disclosure Vulnerability
There are no known exploits in the wild.
MS16-133 Security Update for Microsoft Office
- CVE-2016-7213 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7228 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7229 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7230 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7231 Microsoft Office Memory Corruption Vulnerability
SPY:2015 ” Malformed-File xls.MP.54″ - CVE-2016-7232 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7233 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2016-7234 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7235 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7236 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2016-7244 Microsoft Office Denial of Service Vulnerability
There are no known exploits in the wild. - CVE-2016-7245 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild.
MS16-134 Security Update for Common Log File System Driver
- CVE-2016-0026 Windows CLFS Elevation of Privilege
There are no known exploits in the wild. - CVE-2016-3332 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3333 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3334 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3335 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3338 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3340 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3342 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-3343 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7184 Windows CLFS Elevation of Privilege
There are no known exploits in the wild.
MS16-135 Security Update for Windows Kernel-Mode Drivers
- CVE-2016-7214 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2016-7215 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7218 Bowser.sys Information Disclosure Vulnerabilty
There are no known exploits in the wild. - CVE-2016-7255 Win32k Elevation of Pri
vilege Vulnerability
There are no known exploits in the wild.
MS16-136 Security Update for SQL Server
- CVE-2016-7249 SQL RDBMS Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7250 SQL RDBMS Engine Elevation of Privilege Vulnerability
IPS:11971 ” SQL RDBMS Engine Elevation of Privilege Vulnerability” - CVE-2016-7251 MDS API XSS Vulnerability
There are no known exploits in the wild. - CVE-2016-7252 SQL Analysis Services Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2016-7253 SQL Server Agent Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7254 SQL RDBMS Engine EoP vulnerability
There are no known exploits in the wild.
MS16-137 Security Update for Windows Authentication Methods
- CVE-2016-7220 Virtual Secure Mode Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2016-7237 Local Security Authority Subsystem Service Denial of Service Vulnerability
There are no known exploits in the wild. - CVE-2016-7238 Windows NTLM elevation of privilege vulnerability
There are no known exploits in the wild.
MS16-138 Security Update for Microsoft Virtual Hard Disk Driver
- CVE-2016-7223 VHDFS Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7224 VHDFS Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7225 VHDFS Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2016-7226 VHDFS Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
MS16-139 Security Update for Windows Kernel
- CVE-2016-7216 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
MS16-140 Security Update for Boot Manager
- CVE-2016-7247 Secure Boot Security Feature Bypass Vulnerability
There are no known exploits in the wild.
MS16-142 Cumulative Security Update for Internet Explorer
- CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1” - CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″ - CVE-2016-7239 Microsoft Browser Information Disclosure
There are no known exploits in the wild. - CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
