Spam campaign roundup: The Thanksgiving Day Edition (Nov 23, 2016)

/in /by

Thanksgiving day is right around the corner. This marks the start of the holiday shopping season with Black Friday being the busiest shopping day of the year. Consumers are expecting great deals and looking out for incredible promotions. More shoppers are expected to shop online for gifts this holiday season and cyber criminals are also leveraging on this opportunity to take advantage of unsuspecting shoppers.

And true enough, the SonicWALL threat research team has observed a steady increase in Black Friday and Thanksgiving related spam emails over the past week.

As Thanksgiving weekend approaches, we have been receiving an increasing amount of spam emails as shown in the figure above and this number is expected to increase all throughout the weekend and through Cyber Monday. Because consumers are spending more time shopping online, cybrecriminals are preying on shoppers who might not be aware of the risks. As usual, these emails have a common theme of trying to lure consumers to click on the links and provide personal information purporting to be from popular retailers and promising amazing deals and deep discounts. The following are some of the common email subjects to watch out for:

  • Score Smart on Blackfriday
  • The Hottest gift this Holiday Season…(75% off Black Friday Sale)
  • *ALERT* Black Friday Sale Starts! All 80% Off & Free Shipping Now.
  • Government Overrun: “Super Flashlight” – Black Friday 75% off
  • Thanksgiving Sale – SAVE up to 85% on everything.
  • Feeling Tired? Try This After Thanksgiving – Feel GREAT By Christmas.

Below is an example of an email purporting to be from a popular shoe brand. The link will take you to a URL different from the real merchant’s website. This fake website even copied the layout of the actual brand’s website to be even more convincing.

We urge our users to always be vigilant and cautious with any unsolicited email and to avoid providing any personal information, particularly if you are not certain of the source.

SonicWALL Gateway Antivirus and Email Security service constantly monitor and provide protection against such malicious spam and phishing threats.

IT Security Done Right Enables State and Local Governments

/0 Comments/in , /by

News reports about new data breaches have become an all too frequent occurrence.  But cyber attacks can’t and don’t stop state and local governments from getting on with the business of governing. It’s easy to fall into a state of paralytic fear about attacks and data breaches, but in the meantime, state and local governments need to deliver the services their citizens rely upon, and continue to leverage technology to expand and improve those services.

If IT security is viewed as a defense mechanism by government, and even by security professionals themselves, government doesn’t work at well as it needs to.  A more productive attitude is to view security as an enabler of ongoing and new information technology efforts, providing a secure foundation for governments to take advantage of new technologies, provide employees and citizens with the ability to access the services they need from any device, and most importantly, streamline and improve those services.

In other words, we at SonicWall want to help state and local government IT security to become the Department of Yes. Making this change in viewpoint, doing security the right way, is the subject of the Government Computer News article, Take a Positive Approach to Security.

In the article, SonicWall’s Ken Dang goes into detail on how to accomplish this. Improving protection of government assets needs to be coupled with improving legitimate access to resources, which in turn improves efficiency, a key consideration for resource-constrained IT departments. Ken discusses a contextual approach to access, in which requests are evaluated based on a case by case basis, with the particular user’s specific requests placed in the context of the time and place of the request itself.

For the contextual approach to be effective, access information needs to be shared among all the different security devices and solutions throughout the government’s IT.  It’s important to have the proper tools to do this – which we’re happy to provide –but it requires breaking down organizational silos, getting people used to the idea that security is done better when the groups responsible for the many different aspects of security cooperate and communicate.

Contextual security particularly mandates this relationship when it comes to networks and user identities. Without transparency and full awareness between the two, the opportunity to improve overall security posture becomes a lost opportunity. But when government IT embraces that transparency and awareness, and leverages its capabilities by inspecting every packet on the network, even encrypted packets (which bear an increasing share of attack exploits) – that’s the path to security done right.

Add up all the above, couple it with our cost-effective, easy to install, SonicWall next-generation firewalls and other network security solutions, and IT security for state and local governments moves away from being an obstacle and towards being an enabler of better, more effective and responsive government.

READ THE ARTICLE

Understand the Risks Online Shopping During Black Friday Poses to Your Network

/0 Comments/in , /by

As I was driving home the other day one of my children spotted a house with old Halloween decorations on it. With the holidays coming, it’s a good reminder of the potential impact they can have on an organization. Black Friday, Cyber Monday and the weekend in between kick off the unofficial holiday shopping season which goes until the end of the year. Add in Thanksgiving and we’re looking at a lengthy period of consumer shopping, much of which is done online.

Let’s take a look at some of the numbers to put this into perspective. According to the National Retail Federation (NRF), in 2015:

  • Holiday sales increased 3% to over $625B
  • Seven in 10 retailers reported an increase in their overall holiday sales revenue
  • 81% saw an increase in online sales
  • Mobile, including both phones and tablets, accounted for 30.4% of online sales
  • Black Friday had the highest sales revenue for 68% of retailers, regardless of channel, while Cyber Monday saw the highest online/mobile sales

The expectation for 2016 is similar – higher sales and an increase in the use of mobile devices for online shopping which is great news for retailers. Interestingly, despite the growth in mobile transactions, the NRF found that online purchases using desktops still brought in the highest transaction size during the 2015 holiday season. Either way, there continues to be a transition toward online purchasing even when consumers collect their items at the store.

In an earlier blog I touched on three potential impacts online shopping by employees during Black Friday and other holidays can have on organizations – loss of productivity, bandwidth consumption and network security. Let’s take a closer look at the affect it can have on security.

No matter the device they use – desktop computer, laptop, tablet or smartphone – anytime employees shop online at work over the corporate network it introduces risk. Inadvertently downloading malware from websites, even those that are known to be legitimate sites, is a very real danger. Hackers are continually finding new ways to develop more sophisticated versions of threats such as viruses, worms, and Trojans that can evade detection. One tactic they use to deliver these threats is phishing emails which lure recipients into clicking on a link in an email that appears to be legitimate. Once the employee complies, the malware is downloaded onto the device and it can spread throughout a network. Phishing emails are very popular during the holidays, often disguised as retailer promotions. According to a Prosper Insights & Analytics Post-Holiday Consumer Survey, 24% of respondents said they visited a website they shopped on last holiday season through an email promotion. Clearly hackers have learned that email promotions are popular with online shoppers.

Another threat you’re likely to hear more about during the holiday season is ransomware. This attack uses malware that denies access to data or systems unless the victim pays a ransom to the cybercriminal. Without access to files, data or entire systems most organizations can’t function. Some victims pay the ransom and if only a few systems are affected the cost can be manageable. But imagine the price if you have hundreds or even thousands of networked devices. It’s enough to put some organizations out of business.

Whether we like it or not, employees will use the devices available to them to shop online during Black Friday and other holidays. When they do it from the office or store, most likely they will use your organization’s network to connect to the Internet and this introduces risk. Fortunately there are steps every organization can take to secure their network and protect themselves and their customers from threats like phishing attacks and ransomware during the holiday online buying season. Deploying a SonicWall next-generation firewall with our Capture Advanced Threat Protection service stops unknown and zero-day threats before they can enter your network.

Thanksgiving Holiday and Shopping Season Are Coming (Nov 21, 2016)

/in /by

Thanksgiving Black Friday Day and Cyber Monday

Thanksgiving Day is upon us this week and Black Friday/Cyber Monday is right around the corner-your purchasing season begins. Nowadays, Black Friday is no only about traditional in-store purchasing, but also it’s about surfing online in cozy couch while watching TV; it’s about picking and comparing products while checking others’ reviews and get them the second day at your front door; it’s even about waiting for the deals and discount when you are playing games, pasting your pictures online with your mobile devices. However convenience always comes with risks: SPAM Emails lurk; new Ransomware emerge out-of-the-blue; Exploit Kits, and Phishing websites are ready with their traps. So, how do you fulfill your shopping list in the happy holiday season without being bothered? Let’s run through some of the typical threats facing online shopping in the coming weeks.

Online Shopping

SonicWALL has investigated multiple popular online shopping websites including Amazon, eBay etc. The following is a typical Amazon webpages browsing pattern around Thanksgiving week in 2015. The high-lighted days are Black Friday and Cyber Monday.

This graph shows how there is a slight decrease in Amazon Browsing traffic on Thanksgiving Day (11/26/2015) and Black Friday (11/27/2015) compared with the pattern from the previous weeks. The graph also shows the large increase in Amazon traffic on Cyber Monday (11/30/2015) and during the following work days. SonicWALL devices are mostly protecting small- and medium-sized organizations. For this reason the traffic during the holidays are usually lower compared to traffic during the same days in regular weeks. It shows that a lot of people are busy with family related activities during the Thanksgiving holiday. The spike right after the Thanksgiving weekend definitely shows a strong signal of purchasing/browsing of online stores during the week of Cyber Monday.

SPAM Email Threat

At the same time SPAM Email related to Thanksgiving and Black Friday during the Thanksgiving week we collected from previous years (2013, 2014 and 2015) shows a steady growth during the week. The SPAM emails have a common theme of trying to lure consumers to click on the links and provide their personal information in exchange for access to special offers and deep discounts. Typical subjects of SPAM emails can be seen below. You can find more examples from the previous SonicAlerts (listed above).

  • Let your Smartphone find your parked car, Thanksgiving special on Wednesday, November 25, 2015.
  • Get your 1K Black Friday Visa Gift Card!
  • [Thanksgiving Insane Discount Today] 1 Ink Saves You 85% on Printer Ink Today w/ $0 Shipping Right Now

POS malware has been observed for Black Friday in previous years. However, we believe that POS malware is on the decline, as retailers are increasingly aware of this threat, although it is still happening, for example Wendy’s data breach. We have not seen as many large-scale breaches attributed to POS malware compared to those seen in previous years, for example the Target, and Home Depot data breaches. Also, a lot of the retailers have improved their security measures, for example, by using chip-based credit card readers, which help mitigate the POS threat. In our opinion, POS will not be a major threat during this Thanksgiving week.

Fake Deal Apps

Fake branded mobile apps–most of them on Android–falsely advertise access to early Black Friday and Cyber Monday deals. Fake Deal Apps have been observed in the past to lure victims with the promise of discounts. The real motivation for these apps are to steal personally identifiable information (PII) from the phones. Although not as common as SPAM, we believe this threat is on the increase, and new fake android apps will surface for Black Friday/Cyber Monday week in 2016 as well.

Ransomeware and EK

Ransomware are popular this year, but we haven’t observed popular Ransomware attacks based on Black Friday in the past. Exploit Kits are decreasing this year after the most popular Angler was brought offline. They will not have big campaign in the Thanksgiving holiday.

Shopping Suggestions

Based on our observations and the predictions above, we suggest you follow the basic rules below when you shop online:

  1. Keep your browsers / operation system up to date
  2. Use SSL secured sites for shopping
  3. Be cautious about the fake websites and the suspicious advertisements on the webpages
  4. Do not open the links or attachments from unknown or suspicious Emails
  5. Be careful with the links when they are shortened like bit.ly, goo.gl
  6. Use different password when you have multiple online accounts
  7. Pay by credit card for the extra protection from banks
  8. Do not install suspicious apps from link in the Emails or messaging apps like WhatsApp
  9. Use official apps instead of browser for shopping with mobile device
  10. Avoid shopping on public Wi-Fi

CryptoLuck Ransomware Infects Victims Using Signed Google Update (Nov 18, 2016)

/in /by

The Sonicwall Threats Research team observed reports of a new Variant of Ransomware family named GAV: Cryptoluck.A actively spreading in the wild.

The Malware injects its own into legitimate Google Update Service to avoid detection by Systems administrators.

Infection Cycle:

The Malware uses the following icons:

The Malware adds the following files to the system:

  • Malware.exe

    • %Userprofile% Application Data76ffGoogleUpdate.exe [ Legitimate Google Update Service ]

    • %Userprofile% Application Data76ffgoopdate.dll [ Injected DLL ]

    • %Userprofile% Application Data76ffcrp.cfg

The Trojan adds the following keys to the Windows registry to ensure persistence upon reboot:

  • HKCUSoftwareMicrosoftWindowsCurrentVersionRun

    • %Userprofile% Application Data76ffGoogleUpdate.exe

Once the computer is compromised, the malware copies its own executable file to %Userprofile% Application Data76ff folder.

The GoogleUpdate.exe is a legitimate Google Update Service that is signed by Google as shown below:

The Malware encrypts the victims files with a strong RSA 2048 encryption algorithm until the victim pays a fee to get them back. When files are encrypted they will have the .[victim_id]_luck extension appended to filename.

After encrypting all the personal documents and files it shows the following text file:

Once infected, the victims data is encrypted and given a 72 hour countdown to pay 2.1 bitcoins to the cyber criminals in exchange of the decryption key that supposedly allows recover of the encrypted files.

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Cryptoluck.A (Trojan)

Mirai and the IoT DDoS Attacks – A new Threat in Old Form

/in /by

Mirai is a bot-net management framework targeting Linux-based IoT (Internet-of-Things) devices such as DVRs, CCTV systems, and IP cameras. It was the tool responsible for 2 of the largest DDoS attacks on record. And both of them happened in the past 2 months:

-In late September, the on hosting company OVH was attacked by 145607 cameras/dvr (1-30Mbps per IP). The attack traffic has exceeded 1.5Tbps.

-In Oct 21, one of the major DNS service providers Dyn, has suffered a massive DDoS attack from over 380,000 infected devices. Many prominent websites such as Amazon, Twitter and Spotify have experienced service outage for nearly 2 hours.

Mirai, the creation tool of the botnets, does not exploit any advanced vulnerabilities. It used only the oldest, simplist way of attack: the weak telnet password.


Mirai has hard-coded a dictionary of 63 username/passwords, most of them are default credential for popular IoT devices.[1]


The Mirai has become an open-source tool on github now, with more than 1800 folks. The password dictionary is located in mirai/bot/scan.c. Anyone could further develop it and create similar kind of DDoS attacks.[2]

In response of this incident, Xiongmai, one of the Webcam manufacture company, has recalled some of its products (mostly webcams), while strengthening password functions.

SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:

  • IPS 11999: Mirai Telnet Scanning

References:

[1] https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/
[2] https://github.com/jgamblin/Mirai-Source-Code/tree/master/mirai
[3] https://www.hackread.com/mirai-botnet-linked-to-dyn-dns-ddos-attacks/
[4] http://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/

BlackNurse DDoS Attack Can Interrupt your Network; Discover how SonicWall Blocks

/0 Comments/in , /by

Whenever there’s talk of a DDoS (distributed denial-of service) attack, network administrators think of multiple systems flooding a network device from various locations on the internet. However, when it comes to BlackNurse, a new & quite different type of DDoS, a single laptop can launch the attack to bring down the gateway firewall!

Last week the TDC SOC, Security Operations Center of Denmark Telecom, updated its report stating how BlackNurse, as a non-traditional DDoS attack can harm your network. Typically, a normal ping attack is based on an ICMP Type 8 Code 0, whereas BlackNurse is ICMP Type 3 Code 3. The attack will overload the firewall CPU which, as a result, causes an increase in dropped packets.

Unlike traditional ICMP flood attacks, BlackNurse can consume low-bandwidth pipes and disrupt the operations of your organization. Whether your uplink speed is 100Mbps or even 1Gbps, BlackNurse is effective even at bandwidths as low as 15Mbps.

The typical impact observed on firewalls is high CPU loads. In such cases users on the company’s local network will no longer be able to send or receive traffic to and from the internet. That’s because the firewall is busy processing the heavy load of incoming packets from the attack.

Now as a SonicWall firewall owner the first question coming to your mind is: Am I protected against BlackNurse?

The answer is: YES. All you need to do is to guarantee “ICMP Flood Protection” is enabled in Firewall Settings in user interface (see image below). In order to gain more information on configuring ICMP Flood Protection please refer to the SonicOS admin guide.

Screenshot of ICMP Flood Protection screen

According to Akamai’s September 2016 security report DDoS attacks are on the rise with 70 percent year over year. Security of our customers is our top priority, and SonicWall takes every measure to protect your network against all threats, DDoS included.

Please stay informed and updated with our SonicWall Threat Research updates here.

Defend Your Mobile Enterprise Network with New SonicWall Secure Mobile Access 12.0

/0 Comments/in , /by

Do you wake up in the middle of the night and wonder, where’s my smart phone, did I leave my laptop in the Uber? In my previous role as VP of Mobility at a top Fortune 500 financial company, like many CISOs, I tackled these issues of loss of intellectual property across my work, every day. Today, we have to cope not only with the misadventures of lost or stolen devices, but are increasingly threatened by malware and now the challenge of targeted attacks, which see mobility as the weakest link.

Advanced threats to mobile and remote users are real and ever evolving with more sophisticated evasive techniques. Weakly secured remote systems present a rich target for Trojans, key loggers or spear phishing attackers to harvest credentials for threat actors to walk right into the core of a company’s network in order to plant ransomware or exflitrate data for sale on the dark net. To compound these challenges a remote and mobile access service provides the foundation of any business continuity service, so it must be available 24/7, zero outage is not acceptable.

As a service owner, how do you sign up to such high SLA’s? How do you say “Yes” to mobile, yet lock down valuable resources across your mobile enterprise networks?

Today, SonicWall announces the launch of SonicWall Secure Mobile Access Series 1000 12.0 OS. The SMA 1000 Series delivers reliable service across different mobile platforms and enforces the “who, what, where and why” while protecting data from interception on unsecured public Wi-Fi networks.

With its 25 years history of securing over a million networks for a multitude of organizations, SonicWall is recognized for unique innovations that ensure mobile and access security. SonicWALL’s Secure Mobile Access (SMA) portfolio provides policy-enforced access to mission-critical applications, data and resources without compromising security. This exciting launch of SonicWall’s (SMA) 1000 Series OS 12.0, allows our customers and partners to immediately leverage the many new SMA 12.0 features, including:

  • Global High Availability –G-HA delivers dynamic scalability and availability. SMA is deployed within a single data center or across multiple geographically dispersed data centers delivering the highest redundancy and resilience.
    • Global Traffic Optimizer (GTO) enables a highly available VPN Service – Global Traffic Optimizer dynamically allocates users to appliances based on user load from a single global URL. GTO is now enhanced and there is a user redirect to other available appliances. This supports an immediate VPN reconnection. It also incorporates all of web traffic to take advantage of the highly scalable and resilient web services.
  • Blended SSO technology: Enables organizations to use a single pane of glass to access campus resources and SaaS cloud applications in the cloud.
  • Superior security ensures that the highest security stance is maintained for compliance and data protection by utilizing the latest ciphers and strongest encryptions including the Suite B cryptographic algorithms.

gtohavailabilityimage

Secure Mobile Access secures many of the largest enterprise networks; the Denver Broncos rely on our robust SMA solution to secure any device, anytime and anywhere.

“We increased our return on investment by using SonicWALL SRA with SuperMassive next-gen firewall because we offload VPN traffic from our main firewall to the SRA.” Russ Trainor, vice president of Technology at the Denver Broncos. Watch a video:

[embedyt] http://www.youtube.com/watch?v=puJQ3X2rTHU[/embedyt]

“We are excited with the new SonicWall Secure Mobile Access 12.0 for our mobile enterprise customers. With the new innovation of the Global High Availability which includes the Global Traffic Optimizer, the blended SSO technology and the rules based access control – all available today – we will be able offer the highest security for our mobile customers.” Lloyd Carnie, CTO at Core – a Premier Partner of SonicWall.

“With SonicWALL, we can stay at the forefront of this changing landscape. We have a great business relationship with SonicWall, and its customer service and engineering support was outstanding.” C.J. Daab, Technology Support Coordinator, Hall County School.

To learn more on the SonicWall Secure Mobile Access product line, please visit here.

What’s Your E-rate Plan? Three Things to Consider

/0 Comments/in , /by

A few weeks ago one of my sons got a new Chromebook at school. The old one had been around for a few years and was rather outdated in terms of the technology. The new version has a touch screen and can be used as a laptop or tablet. Not exactly new to anyone in the tech world, but for a kid it’s pretty exciting. From the school’s perspective, it was clearly time to replace aging hardware and take advantage of the latest technology innovations for learning. In other words, the school had a plan.

Schools and libraries applying for E-rate funds also need to have a plan. I’m not talking about figuring out who is going to complete and file Form 470 and when it should be submitted. This is about understanding your current network infrastructure and how you will use the funds to build a better, faster version that delivers on new initiatives over the next few years. When you’re building out your plan, here are three things you should consider.

  1. Look ahead three to five years. Considering how fast technology changes, three years will keep you on top of new developments although five years is more practical from a cost perspective. E-rate Category 2 services such as firewalls, routers, switches and access points continue to evolve rapidly with new features and faster speeds. For example, today’s firewalls can block threats such as ransomware that the previous generation can’t, and those legacy firewalls are only a few years old.
  2. Don’t let hardware slow you down. The use of online learning in the classroom continues to grow. So too does the use of bandwidth-intensive apps. When evaluating products that will go into your infrastructure, understand how much of your current capacity is being used. Then buffer that by 20% to 30% to plan for future growth. Just as important, make sure any hardware you look at can handle the increase in bandwidth. Otherwise it can become a bottleneck in the network.
  3. Let someone else manage security for you. Something that schools and libraries may not be aware of is that they can outsource security as a Managed Internal Broadband Service within Category 2. This covers services provided by a third party for the operation, management, and monitoring of eligible broadband internal connections components. The good news with this approach is that you won’t incur any upfront capital expenditures, you typically pay a low monthly subscription fee and you have a predictable annual expense model.

School IT directors are frequently tasked with implementing initiatives that help enhance learning in classrooms and across school districts. Often, however, they have to say “No” due to security risks that opening the network poses. So how can IT become a “Department of YES”? When building your plan, look for E-rate eligible products that support initiatives such as secure access to resources, mobility, moving to the cloud, compliance and others. If the products you’re considering can’t enable these securely, then you don’t want to spend your valuable E-rate dollars on them. To learn more about E-rate and how it can be used to purchase eligible security products for your network, read my earlier blog on the topic.

For some schools building and maintaining a security infrastructure isn’t something they can or want to take on. If that’s case for your school or district, SonicWall Security-as-a-Service may be the answer. We’ll connect you with a SonicWall-certified partner who’s experienced at installing, configuring and managing a network security infrastructure.

To learn more about SonicWall and E-rate, read our white paper titled, “Technical Considerations for K-12 Education Network Security.”

Microsoft Security Bulletin Coverage (Nov 8, 2016)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-129 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7196 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7198 Microsoft Browser Memory Corruption Vulnerability
    IPS:11958 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 2”
  • CVE-2016-7200 Scripting Engine Memory Corruption Vulnerability
    IPS:11959 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7201 Scripting Engine Memory Corruption Vulnerability
    IPS:11960 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 2”
  • CVE-2016-7203 Scripting Engine Memory Corruption Vulnerability
    IPS:11961 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 3”
  • CVE-2016-7242 Scripting Engine Memory Corruption Vulnerability
    IPS:11962 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 4”
  • CVE-2016-7246 Win32k Elevation of Privilege
    There are no known exploits in the wild.
  • CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:11964 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 5”
  • CVE-2016-7204 Microsoft Edge Information Disclosure Vulnerability
    TIPS:11965 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 4″
  • CVE-2016-7208 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7209 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
    IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″
  • CVE-2016-7239 Microsoft Browser Information Disclosure
    There are no known exploits in the wild.
  • CVE-2016-7240 Scripting Engine Memory Corruption Vulnerability
    IPS:11968 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 7″
  • CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
    IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”
  • CVE-2016-7243 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-130 Security Update for Microsoft Windows

  • CVE-2016-7212 Windows File Manager Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7221 Windows IME Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7222 Task Scheduler Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-131 Security Update for Microsoft Video Control

  • CVE-2016-7248 Microsoft Video Control Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-132 Security Update for Microsoft Graphics Component

  • CVE-2016-7205 Windows Animation Manager Memory Corruption Vulnerability
    IPS:11970 “Windows Animation Manager Memory Corruption Vulnerability (MS16-132)”
  • CVE-2016-7210 Open Type F
    ont Information Disclosure Vulnerability
    SPY:2014 “Malformed-File otf.MP.21”

  • CVE-2016-7217 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7256 Open Type Font Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-133 Security Update for Microsoft Office

  • CVE-2016-7213 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7228 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7229 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7230 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7231 Microsoft Office Memory Corruption Vulnerability
    SPY:2015 ” Malformed-File xls.MP.54″
  • CVE-2016-7232 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7233 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7234 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7235 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7236 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7244 Microsoft Office Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7245 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-134 Security Update for Common Log File System Driver

  • CVE-2016-0026 Windows CLFS Elevation of Privilege
    There are no known exploits in the wild.
  • CVE-2016-3332 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3333 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3334 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3335 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3338 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3340 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3342 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3343 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7184 Windows CLFS Elevation of Privilege
    There are no known exploits in the wild.

MS16-135 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7214 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7215 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7218 Bowser.sys Information Disclosure Vulnerabilty
    There are no known exploits in the wild.
  • CVE-2016-7255 Win32k Elevation of Pri
    vilege Vulnerability
    There are no known exploits in the wild.

MS16-136 Security Update for SQL Server

  • CVE-2016-7249 SQL RDBMS Engine Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7250 SQL RDBMS Engine Elevation of Privilege Vulnerability
    IPS:11971 ” SQL RDBMS Engine Elevation of Privilege Vulnerability”
  • CVE-2016-7251 MDS API XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7252 SQL Analysis Services Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7253 SQL Server Agent Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7254 SQL RDBMS Engine EoP vulnerability
    There are no known exploits in the wild.

MS16-137 Security Update for Windows Authentication Methods

  • CVE-2016-7220 Virtual Secure Mode Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7237 Local Security Authority Subsystem Service Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7238 Windows NTLM elevation of privilege vulnerability
    There are no known exploits in the wild.

MS16-138 Security Update for Microsoft Virtual Hard Disk Driver

  • CVE-2016-7223 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7224 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7225 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7226 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-139 Security Update for Windows Kernel

  • CVE-2016-7216 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-140 Security Update for Boot Manager

  • CVE-2016-7247 Secure Boot Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-142 Cumulative Security Update for Internet Explorer

  • CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
    IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″
  • CVE-2016-7239 Microsoft Browser Information Disclosure
    There are no known exploits in the wild.
  • CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
    IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”