Microsoft Security Bulletin Coverage (Dec 13, 2016)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2016. A list of issues reported, along with SonicWALL coverage information are as follows:

MS16-144 Cumulative Security Update for Internet Explorer

  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:12521 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 1”
    IPS:12522 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 2”
    IPS:12523 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 3”
  • CVE-2016-7278 Windows Hyperlink Object Library Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7283 Internet Explorer Memory Corruption Vulnerability
    IPS:12527 “Internet Explorer Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7284 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”

MS16-145 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7181 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7206 Microsoft Edge Information Disclosure Vulnerability
    IPS:12524 “Microsoft Edge Information Disclosure Vulnerability (MS16-145)”
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7280 Microsoft Edge Information Disclosure Vulnerability
    IPS:12529 “Microsoft Edge Information Disclosure Vulnerability (MS16-145) 2”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7286 Scripting Engine Memory Corruption Vulnerability
    IPS:12530 “Scripting Engine Memory Corruption Vulnerability (MS16-145)”
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”
  • CVE-2016-7288 Scripting Engine Memory Corruption Vulnerability
    IPS:12531 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 2”
  • CVE-2016-7296 Scripting Engine Memory Corruption Vulnerability
    IPS:12532 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 3”
  • CVE-2016-7297 Scripting Engine Memory Corruption Vulnerability
    IPS:12533 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 4”

MS16-146 Security Update for Microsoft Graphics Component

  • CVE-2016-7257 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7272 Windows Graphics Remote Code Execution Vulnerability
    SPY:2034 “Malformed-File ico.MP_3”
    SPY:2035 “Malformed-File ico.MP.2_2”
  • CVE-2016-7273 Windows Graphics Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-147 Security Update for Microsoft Uniscribe

  • CVE-2016-7274 Windows Uniscribe Remote Code Execution Vulnerability
    SPY:2032 “Malformed-File ttf.MP.8”

MS16-148 Security Update for Microsoft Office

  • CVE-2016-7262 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7264 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7265 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7266 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7267 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7268 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7275 Microsoft Office OLE DLL Side Loading Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7276 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7277 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7289 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7290 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7291 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7298 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-149 Security Update for Microsoft Windows

  • CVE-2016-7219 Windows Crypto Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7292 Windows Installer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-150 Security Update for Windows Secure Kernel Mode

  • CVE-2016-7271 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-151 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7259 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7260 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-152 Security Update for Windows Kernel

  • CVE-2016-7258 Windows Kernel Memory Address Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-153 Security Update for Common Log File System Driver

  • CVE-2016-7295 Windows Common Log File System Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-155 Security Update for .NET Framework

  • CVE-2016-7270 .NET Information Disclosure Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.