New SonicWall SecureFirst Partner Program -100% Security, 100% SonicWall

Today is an exciting day for SonicWall and our channel partners.  As part of SonicWall’s transition to an independent company owned by Francisco Partners and Elliot Management and to affirm our 100% channel strategy, we are launching the new SonicWall SecureFirst Partner Program.  We thought long and hard on what to name our new program.  So why SecureFirst?  SECURE – because for SonicWall, security is our mission – it’s all we do and it’s what motivates us every day – to protect our customers from the constantly evolving cyber threat landscape.  And FIRST – because our partners and customers always come first!

SecureFirst is now the way our channel partners worldwide access the entire SonicWall portfolio of technology and solutions – from our best-in-class next-generation firewalls, SonicWall Capture for advanced threat protection, access security, email security and Security-as-a-Service.  With SecureFirst, all of these solutions will continue to be available through SonicWall’s network of valued Distributors, so partners can continue to source SonicWall products uninterrupted, in the way they are accustomed. Partners will find several program levels in SecureFirst, allowing them to commit to SonicWall solutions at a level that is right for their security practices. With the different levels of commitment to the program come differentiated levels of rewards and benefits. Central to the new program is Reward for Value, SonicWall’s partner profitability framework that rewards partners for the value they bring to selling, implementing, and supporting SonicWall solutions. Both up-front discounts and back-end rewards have all been refreshed with the new program and are optimized for partners growing their security practice with SonicWall. New sales and technical enablement will become available as well as new programs to help partners leverage greater services and support opportunity with their SonicWall solutions.  When you add it all up, SecureFirst has the horsepower to deliver high performance and deep security solutions with unparalleled protection for your customers, while driving accelerated reward and value for your business.

Sign up for SecureFirst today. We encourage all partners – whether you are legacy SonicWall, legacy Dell or a new partner looking to onboard with SonicWall — to enroll in the SecureFirst Partner Program.  The process is simple and straightforward. Further details can be found at the new partner website

With a twenty-five year legacy as a security industry leader, we couldn’t be more excited about the launch of the new program.  Partnering has always been at the heart of SonicWall’s strategy and the partner program is an important part of that.  But equally important is the commitment we make to the channel and the deliberate dependence we have on our partners.  And the entire SonicWall team of security professionals that is dedicated to the success of our partners and their customers. These things will never change.  They are just as much a part of the new SonicWall as they’ve always been.  Thanks for investing in your partnership with the new SonicWall.  As always, we want to hear from you.  Find us on Twitter @SonicWall and @sppataky.

“We are pleased that the Secure First Partner Program rewards committed partners for the value they provide to customers, provides sufficient product margin and rebates, and offers discounted training and incentives for new SonicWall partners to grow their SonicWall practice.

Western NRG has been working with SonicWall exclusively for over a decade. We provide customers with custom-fit SonicWall configuration, ongoing appliance management, network reporting, and expert network security support. We are excited for what lies ahead as SonicWall begins this new chapter and continues to deliver the world’s best security solutions.” Said Timothy Martinez, President and CEO of Western NRG, Inc.

“For over a decade, SonicWall has been such a great and valuable partner across Latin America. A channel-centric vendor that provides profitable growth opportunity for us and our resellers on the cyber security segment helping small, medium and large customers to protect their infrastructure and applications,” said Rafael Paloni, President Latin America, Network1 ScanSource.

Infographic: 300 Companies Defend Their Data from Zero-Day Threats with SonicWall Capture

To understand how SonicWall Capture Advanced Threat Protection Service (ATP) protects the average company we looked at the data for 300 networks. SonicWall Capture ATP examines suspicious code and files to discover never-before-seen zero-day attacks.  So, in one day, how many of these new variants did Capture find?  See the infographic below to see what you could be up against without it. Read more about SonicWall Capture in my earlier blog: We are Sparta; the Battle to Defend Our Data From Invaders. Already a fan of SonicWall Capture? Share the infographic with your followers.

Infographic on zero-day threats

Fears rise after Dyn’s DDoS attacks. How can you prepare yourself?

The recently publicized Distributed Denial of Service (DDoS) attacks on the Domain Name System (DNS) service provider Dyn involved large numbers of IoT (Internet of Things) botnets. These attacks took many high traffic websites such as Twitter, Spotify and Netflix temporarily offline.

Contrary to conventional wisdom, recent reports suggest this attack could be the largest of its kind carried out by amateur hackers as opposed to someone with skills that are more sophisticated. This was made possible by an anonymous developer of the Mirai malware who recently published the source code as open source on the underground hacker network. This is the black marketplace on the web where skilled cyber criminals share content, innovate, enhance their skills and offer their expertise and malicious code to lesser skilled criminals.  Criminals do not even have to code today. There is an entire support system in place to enable hacking campaigns like this one. The Mirai-based DDoS attack serves as another harsh reminder never to be complacent with our security model.

It is very clear the evolving threat environment has a profound effect on the way we manage security risks with respect to vulnerabilities in the security of IoT devices.  It is estimated that the number of these devices connected to IP networks will nearly triple the size of the global human population by 2017.  More than 9 billion devices are already connected to the internet today.  By 2020, it will increase to the range of 20 and 50 billion according to reports from Gartner, IDC and others.  What we should anticipate is a highly intricate Wi-Fi controlled network of devices such as digital wearables, thermostats, light controls, vending units, and all sorts of smart appliances that could live everywhere inside our homes, public places, retail spaces, and work environments.  We all need to remember is that the vast majority of these devices are not designed with a focus on good security coding practices.  In fact, a very large percentage of these devices have known vulnerabilities within their firmware that can easily be exploited by advanced malware such as Mirai.  The questions to ask are (1) how many of these may be connected to your Wi-Fi network, and (2) what is the risk your organization may be exposed to already today?

Let’s face it, attack methods are changing all the time and, frankly, very quickly.  IoT-based attacks are one of the fastest growing and most prevalent DDoS attack vectors in 2016.  Many organizations are challenged with understanding their risk profile, what risks to focus on, and where to put more of their security, people and resources to better secure their environment from various types of cyber-attacks.  Unlike ransomware or zero-day threats, DDoS attacks are commonly used for the purpose of extortion.  Although it is still unclear what the primary motivation was behind the Dyn attack, it’s plausible to think that money could be the ultimate endgame.  As Dyn and other organizations facing potential Mirai-based attacks in the future, it wouldn’t be unusual for victims to receive a pre-warning of an imminent DDoS attack if the demand for money is not met.  So rather than taking a wait and see position with your security model, below are four key steps you can take to immediately reduce your risk profile.

Change the conversation from security to risk.

How would you respond if someone asked you whether your organization is secure?  The real answer is no in today’s world.  In light of what happened with Dyn and Krebs on Security, I encourage you to think about what you’ve been doing in your security programs, whether they are still effective and if you are secure as you can be.  The reality here is that we’re dealing with unpredictable risks.   The question of whether or not you’re secure is not the ideal question.  The appropriate question should be about your risk.  Understanding where your risks are and risk areas that you cannot tolerate allows you to make a realistic, accurate assessment of your security model and what part of your environment needs continuous focus.

Understand who is attacking you.

It is absolutely important to understand the adversary’s focus, what attack methods the hacker is likely to utilize against your specific organization, and make sure you’re not trying to spread security evenly as this weakens security where it needs the most focus.  Is the attacker after your data or attempting a service disruption?  You want your security to be laser focused on the risk areas that you have zero to low tolerance for while allowing security to be less deep and less focused in areas where you have a greater degree of tolerance.  Fundamentally, you have to accurately define the areas your adversaries are going after and where you’re going to put your people and technology.

Establish and rehearse your response and remediation plan.

We should accept the reality that it’s not a matter of if, but when we’re going to be attacked.  Therefore, establishing a strong and repeatable response and/or remediation plan is paramount to returning to optimal capacity and preserving your brand reputation.  Having a sanctioned plan and process in place to get things under control when they go from bad to worse prepares everyone on the response team to understand their roles and what they’re going to do during an attack.  You need to test your plan regularly, conduct simulations as if you would a fire drill, improve the process, and get first responders to be more efficient and well trained to execute the remediation plans as designed.  It can be a disaster recovery of the environment or quickly locking down compromised areas or spinning up secondary resources.  This way everyone knows their role and understands what needs to be done.  It’s also very important to involve non-technical responders such as PR, marketing, and legal to establish how they will respond and communicate on the business side to help maintain customer confidence and avoid any regulatory risks.  All of these must be well thought out in advance.

Reduce your attack aperture.

Predominantly, DDoS floods target the UDP protocol as the underlying mechanism and it remains one of the most common flood mechanisms today. Typically, attackers use random UDP ports to target a victim. NTP, DNS, SNMP are more susceptible because they are the most commonly and widely used protocols.  UDP floods use sophisticated targeted mechanisms to exhaust a target machine’s/group’s resources to a point that the end device will no longer be able to serve legitimate traffic. Not having a handshake mechanism like TCP (for legitimate connections) makes the protocol a favorite to attackers to spoof the Source IP address and redirect attack responses to any destination. The attacks can be amplified where large responses are redirected towards a target – like DNS amplification attacks on Dyn.

There are flood protection mechanisms on SonicWall firewalls to reduce the aperture for attacks via UDP, SYN and ICMP.

The UDP flood mechanism can be used to mitigate these attacks by setting a “healthy/baseline” threshold value for threats originating either outside or from within. Of course, if the attack were utilizing an anomaly in the protocol to launch an attack, then the SonicWall DPI engine would protect from such attacks. For SYN floods and ICMP floods, baseline thresholds can be set as well. Proper Source IP and Destination IP connection limits can be set on access rules to limit the number of connections to a particular destination. This combines with Geo-IP and Bot-Net (Command and Control centers) to add an additional protection mechanism.

For more information on SonicWall’s Next-Generation Firewall, and how it can help you focus on key risk areas and best prepare your organization for the next attack, contact a SonicWall security expert. To learn more, you can also download Achieve deeper network security and application control.

25 Years of Cutting-edge SonicWall Security: Deliver the “Yes” to Future Innovation

This week, we are officially a separate company owned by Francisco Partners. Our new leader, Bill Conner, President and CEO of SonicWall, has outlined a vision and strategy in his blog for our newly invigorated company to grow and thrive. We are ecstatic about the changes ahead. We have a long history of securing organizations in an ever evolving industry.

Organizations know security isn’t an afterthought. It’s at the core of everything they do. Without it, they can’t grow, can’t move forward, and can’t innovate. Without strong security, too often, out of fear, organizations default to inaction. They say NO to innovation.

Saying NO to innovation is playing to lose. Great organizations don’t play to lose. Great organizations partner with companies that lead and demonstrate year over year that they anticipate security trends. They solve advanced security threats, simultaneously reducing IT complexity. They partner with security companies that enable them to say YES, without security fears, to projects and initiatives that unlock innovations yielding success.

For 25 years SonicWall has been the industry’s trusted security partner protecting millions of networks worldwide. From Network Security, Access Security, to Email Security, we have continuously evolved our product portfolio to fit in effectively, quickly and seamlessly. SonicWall has a tradition of providing innovative security solutions that enable organizations to innovate, to accelerate and to grow.

“SonicWall’s increased investment and commitment to channel partners is great news,” said Larry Cecchini, CEO, Secure Designs, Inc. “SonicWall has long been a highly regarded brand—sophisticated in its technology and in particular an excellent vehicle for managed services businesses. We are expecting our partnership with SonicWall to go from strength to strength.”

Our customers know it takes strong security to say Yes! SonicWall is the trusted partner that allows organizations to say Yes to the future without fear.

As a new company, we will continue to listen and refine our products to better protect to our partners and customers as your “Trusted Partner.” As a new SonicWall – you can count on our sophisticated solutions that are simple and easy to use and top performing technology. We are proud to immediately invest in the new SecureFirst Program and support our loyal channel partners who continue to succeed.

After 13 years at SonicWall, I am here to chart the future with all of you and am honored to support our partners and customers – protecting over a million networks worldwide. We want to hear from you. Stay connected @SonicWall. Together, we are your partner in cybersecurity.

Commencing a New Era in SonicWall’s Legacy of Leadership

Like any veteran of the cybersecurity field, I’ve known SonicWall by its sterling reputation since the company’s early days as a business network security solution provider. Today, it’s a great privilege to find myself at the helm of this world-class team during not only one of the most exciting times in the business’ 25-year history, but also the most complex and critical cybersecurity landscape the world has ever seen.


I’ve been part of the networking and security industries for more than 30 years, most recently as President and CEO of Silent Circle, an encrypted communications provider, and prior to that as President and CEO of Entrust, an identity-based data security solutions provider. I also served as President of Data Networks at Nortel, and later President of Enterprise Networks at the company, where I led the $9 billion acquisition of Bay Networks.

That experience has given me a broad and deep perspective on how to stay ahead of ever-changing global threats to give customers and partners the security tools they need. It comes down to a balanced marriage of customer and partner relationships, continuous product innovation and sustained support of core, industry-leading products.

SonicWall built its reputation on its amazing partnerships with customers and channel partners. Becoming an independent company is going to enable us to focus even more clearly on these relationships, serving markets of all sizes with specific strengths in large distributed environments, campus education, retail, financial, healthcare and government institutions.

We will continue our tradition of teaming exclusively with channel partners to identify and deploy the best network security, access security and e-mail security solutions for each environment. As evidence of this commitment, we recently announced our SonicWall SecureFirst Partner Program, introducing increased reward for value benefits, deal protection and expanded technical enablement on the SonicWall portfolio. Our friends at Dell will also remain an important part of the SonicWall community as a reseller partner, a relationship that was strong before the acquisition, grew over the last four years, and will continue to expand.

But it isn’t just SonicWall’s relationships that have made the company a global leader—it’s the company’s continuous achievements as a driving force in cybersecurity innovation. Today, our clients’ networks are protected by one of the most advanced tools on the market, the cloud-based Capture Advanced Threat Protection Service. Our team of product engineers recognized that for advanced threat protection solutions to truly stop unknown and zero-day attacks, they would need to use a multi-engine approach leveraging cloud-based sandboxing and would need to provide simple, automated remediation. Becoming an independent company will give us the freedom to react even more quickly to changing market conditions and take advantage of new ideas and opportunities as we identify them.

At the same time, it’s important that we continue to provide the industry-leading products that have made us a trusted name in defense-in-depth protection. It’s because of these core products that our customers remain safer than ever, even as cyber threats grow and shapeshift.

I am so thrilled to be part of SonicWall’s future as we continue to build upon the practices that have made the company great for 25 years, while also exploring new opportunities for growth and development. From the leadership team to the employee base to you, our valued customers and partners, the SonicWall community is poised for great things ahead as we eagerly enter this new era of innovation and growth together.

Adobe 0-day Vulnerability Leads to Remote Code Execution (Oct 31, 2016)

Adobe recently released an update to the Adobe Flash Player to address a 0-day vulnerability, which they claim is being exploited in limited targeted attacks. The vulnerability, CVE-2016-7855, is a use-after-free vulnerability. An attacker could exploit this vulnerability remotely by crafting an SWF file, such as embedded in a HTML file. A successful attack could cause arbitrary code execution with the privilege of the current running process

Dell SonicWALL Threat Research Team has written the following signature that helps protect our customers from this attack:

  • SPY:2005 Malformed-File swf.MP.501

ImageMagick mogrify buffer overflow vulnerability (Oct 21 2016)

A buffer overflow vulnerability(CVE-2016-7799)exists in ImageMagick.ImageMagick is used to create, edit, compose, or convert bitmap images.A buffer overflow exists in Imagemagick’s mogrify command. The mogrify program is used to resize an image, blur, crop, despeckle, dither, draw on, flip, join, re-sample, and much more.

Images have EXIF tags which are metadata containing focal lengths, exposures, dates, and in some cases GPS locations of the image file. When a image file with malformed EXIF tag is processed by ImageMagick mogrify program a buffer overflow occurs.This is because code in SyncExifProfile function,cannot handle the wrong EXIF tags.Successful exploitation could lead to arbitrary code execution.

Looking at the patch one can see the vulnerable SyncExifProfile function does not validate the EXIF values correctly.

The malformed data in the image file

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • SPY 1378 :Malformed-File jpg.TL.10
  • SPY 1386 :Malformed-File jpg.TL.11

DressCode Android malware equipped to infiltrate corporate networks (October 21, 2016)

Dell Sonicwall Threats Research Team received a number of reports for an Android threat which, if executed in the right conditions, can compromise data in a corporate environment. This threat was found as a small component in a different variety of apps like games, battery optimizers and themers. Interestingly, this threat managed to infiltrate Google Play store and a number of different app stores thereby infecting a large number of devices.

The corporate mobile space has been dominated by Blackberry in the past but it has not been able to keep up with the growth and innovation from Android and Apple in recent times, as a result it has lost its lead. Android has started to make its presence felt in the corporate segment in the form of Bring Your Own Device (BYOD), few reasons being the following:

  • User profiles allows a user to separate personal and business data
  • Enhanced security features like SELinux and an updated security patch policy
  • Improved productivity apps like Calendar, Docs and Sheets
  • Cheaper hardware costs

Regardless of the size of a company, it is of utmost importance to have a sound plan that ensures protection of the company’s informational assets. Companies strive to protect this whereas attackers try to penetrate and steal this information. DressCode is an Android threat that is equipped to do exactly this.

Once the app gets installed on the victim’s device a service starts running in the background, this establishes a tunnel between itself and the attacker. The infected device can now receive commands from the attacker.

This threat uses Socket Secure(SOCKS) protocol to establish a connection with the attacker’s Command and Control(C&C) server, essentially converting the device into a proxy bypassing firewalls and other security mechanisms that may be present. This is especially dangerous if the infected device is connected to a corporate network as there is a direct tunnel that connects the attacker to the corporate network thereby allowing him to access any resource that the infected device might be connected to.

Below figure shows an instance of a DressCode malware establish Socks connection with the attacker (Reference):

  • Packets 1-3 are for TCP handshake : [SYN], [SYN/ACK] and [ACK]
  • Once the handshake is complete the communication between client and server begins, the client initiates by sending a HELLO packet

DressCode has seen some changes since its inception, first discovered in April 2016. Initial threats had hard-coded IP addresses, the more recent ones have a hard-coded domain name:

DressCode samples have a very small portion in their code that makes up the malicious part, rest of the code is filled with adware component. Figure below shows a distribution of the malicious component in two separate apk files:

This malware threat is a devious one, while still having minimal malicious code it manages to be extremely dangerous. DressCode can potentially cripple businesses under the following scenarios:

  • DressCode infected mobile devices that are directly connected to the corporate network can allow the attacker to access sensitive data. The risk can vary depending on the device privileges allowed by the company policy
  • Infected tablets that are used by customer facing representatives in businesses like restaurants and shops can expose sensitive business data
  • Infected tablets/customer kiosks in retail giants can expose sensitive customer data
  • Infected devices are essentially zombie machines at this point as they can execute commands provided by the attacker, if the infection spreads to a large number of devices in an organization then we have a potential botnet that can bring a business down with Denial-of-service (DOS) attacks
  • An attacker can use an infected device to discover more weak points in an organization or home network and plan a new attack, thereby making DressCode the first stage of a more sophisticated attack

Dell SonicWALL provides protection against this threat via the following signature:

  • GAV: AndroidOS.DressCode.DX (Trojan)

KillerLocker Ransomware (Oct 13, 2016)

The Dell Sonicwall Threat Research team has received reports of yet another ransomware. KillerLocker ransomware is not any different from other ransomwares we have seen in the past. It encrypts the victim’s files and shows a warning once it finished its job. This time, the warning uses a creepy image of a killer clown. With killer clown attacks all over the news lately, cyber criminals have clearly caught on with the clown craze.

Infection Cycle:

KillerLocker uses the following file properties:

Figure 1: KillerLocker file properties clearly says “killerlocker”

Upon execution, it creates a file named key.txt with the following contents:

Figure 2: Key.txt with contents that read “chavekey12345678910”

It then proceeds to encrypt files in the victim’s machine. It appears to be reading the content of key.txt for every file that it encrypts.

Figure 3: Killerlocker reads the key.txt file during encryption of the victim’s files.

Encrypted files are appendeded with a “.rip” file extension.

Figure 4: Example of encrypted files with .rip extension

System files such as taskmgr.exe and regsvr32.exe which are common tools used to monitor processes, services or startup progams are also encrypted. The victim will be unable to reboot his machine since operating system boot related files are also encrypted which will render the machine useless at this point.

Figure 5: System fails to boot

Upon successful infection, KillerLocker opens a window with the clown image and a warning.

Figure 6: KillerLocker warning screen

The text on the warning screen is written in Portuguese and translates to:

"All your files have been encrypted with a very strong AES-256 encryption. Send payment: 000-00 / 00 up to 48 hours. You can not do anything about it and your key will be eliminated in 48 hours!"

Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly.

Dell SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:

  • GAV: KillLocker.A(Trojan)

Microsoft Security Bulletin Coverage (Oct 11, 2016)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Oct 11, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-118 Cumulative Security Update for Internet Explorer

  • CVE-2016-3383 Internet Explorer Memory Corruption Vulnerability
    IPS:11898 ” Internet Explorer Memory Corruption Vulnerability (MS16-118) “
  • CVE-2016-3385 Internet Explorer Memory Corruption Vulnerability
    IPS:11900 “Internet Explorer Memory Corruption Vulnerability (MS16-118) 3”
  • CVE-2016-3267 Microsoft Browser Information Disclosure Vulnerability
    IPS:11901 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118)”
  • CVE-2016-3298 Microsoft Browser Information Disclosure Vulnerability
    IPS:11902 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 2″
  • CVE-2016-3331 Microsoft Browser Memory Corruption Vulnerability
    IPS:11903 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 3″
  • CVE-2016-3382 Microsoft Browser Memory Corruption Vulnerability
    IPS:11904 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 4 “
  • CVE-2016-3387 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3388 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3384 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3390 Scripting Engine Memory Corruption Vulnerability
    This is a local vulnerability.
  • CVE-2016-3391 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-119 Cumulative Security Update for Microsoft Edge

  • CVE-2016-3267 Microsoft Browser Information Disclosure Vulnerability
    IPS:11901 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118)”
  • CVE-2016-3331 Microsoft Browser Memory Corruption Vulnerability
    IPS:11903 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 3″
  • CVE-2016-3382 Microsoft Browser Memory Corruption Vulnerability
    IPS:11904 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 4 “
  • CVE-2016-3386 Scripting Engine Memory Corruption Vulnerability
    IPS:11905 ” Scripting Engine Memory Corruption Vulnerability (MS16-119)”
  • CVE-2016-7189 Scripting Engine Information Disclosure Vulnerability
    IPS:11902 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 2″
  • CVE-2016-7190 Scripting Engine Memory Corruption Vulnerability
    IPS:11907 ” Scripting Engine Information Disclosure Vulnerability(MS16-119) 3″
  • CVE-2016-7194 Scripting Engine Memory Corruption Vulnerability
    IPS:11908 ” Scripting Engine Information Disclosure Vulnerability(MS16-119) 4″
  • CVE-2016-3387 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3388 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3389 Scripting Engine Memory Corruption Vulnerability
    This is a local vulnerability.
  • CVE-2016-3390 Scripting Engine Memory Corruption Vulnerability
    This is a local vulnerability.
  • CVE-2016-3391 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3392 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.

MS16-120 Security Update for Microsoft Graphics Component

  • CVE-2016-3209 True Type Font Parsing Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3262 GDI+ Information Disclosure Vulnerability
    SPY:1380 ” Malformed-File emf.MP.9″
  • CVE-2016-3263 GDI+ Information
    Disclosure Vulnerability
    SPY:1380 ” Malformed-File emf.MP.9″
  • CVE-2016-3270 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3393 Windows Graphics Component RCE Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7182 True Type Font Parsing Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3396 GDI+ Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-121 Security Update for Microsoft Office

  • CVE-2016-7193 Microsoft Office Memory Corruption Vulnerability
    IPS:11909 ” Microsoft Office Memory Corruption Vulnerability(MS16-121) 1″

MS16-122 Security Update for Microsoft Video Control

  • CVE-2016-0142 Windows Object Linking and Embedding (OLE) Remote Code Execution Vulnerability
    This is a local vulnerability.

MS16-123 Security Update for Kernel-Mode Drivers

  • CVE-2016-7211 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3266 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2016-3341 Windows Transaction Manager Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2016-3376 Windows Kernel Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2016-7185 Windows Kernel Driver Local Elevation of Privilege
    This is a local vulnerability.

MS16-124 Security Update for Windows Registry

  • CVE-2016-0070 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.
  • CVE-2016-0073 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.
  • CVE-2016-0075 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.
  • CVE-2016-0079 Windows Kernel Local Elevation of Privilege
    This is a local vulnerability.

MS16-125 Security Update for Diagnostics Hub

  • CVE-2016-7188 Windows Diagnostics Hub Elevation of Privilege
    SPY:1381 ” Malformed-File exe.MP.28″

MS16-126 Security Update for Microsoft Internet Messaging API

  • CVE-2016-3298 Microsoft Browser Information Disclosure Vulnerability
    IPS:11902 ” Microsoft Browser Information Disclosure Vulnerability (MS16-118) 2″