Posts

Microsoft Security Bulletin Coverage (Feb 9, 2016)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Feb. 9, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-009 Cumulative Security Update for Internet Explorer

  • CVE-2016-0059 Internet Explorer Information Disclosure Vulnerability
    SPY: 1008 “Malformed-File xls.MP.49”
  • CVE-2016-0060 Internet Explorer Memory Corruption Vulnerability
    IPS:11444 “Internet Explorer Information Disclosure Vulnerability (MS16-009) 1”
  • CVE-2016-0061 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11445 “Microsoft Browser Memory Corruption Vulnerability (MS16-009) 1 “
  • CVE-2016-0062 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0063 Internet Explorer Memory Corruption Vulnerability
    IPS: 11446 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 2”
  • CVE-2016-0064 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0065 Internet Explorer Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0067 Internet Explorer Memory Corruption Vulnerability
    IPS: 11447 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 3”
  • CVE-2016-0068 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 11448 “Internet Explorer Elevation of Privilege Vulnerability (MS16-009) 1”
  • CVE-2016-0069 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0071 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0072 Internet Explorer Memory Corruption Vulnerability
    IPS: 11449 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 4”
  • CVE-2016-0086 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-011 Cumulative Security Update for Microsoft Edge

  • CVE-2016-0061 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11445 “Microsoft Browser Memory Corruption Vulnerability (MS16-009) 1 “
  • CVE-2016-0062 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0077 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0078 Microsoft Edge Spoofing Vulnerability
    IPS: 11450 “Microsoft Edge Spoofing Vulnerability (MS16-011) 1 “
  • CVE-2016-0080 Microsoft Edge ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2016-0082 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0083 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0084 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-012 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution

  • CVE-2016-0046 Microsoft Windows Reader Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0058 Microsoft PDF Library Buffer Overflow Vulnerability
    There are no known exploits in the wild.

MS16-013 Security Updates for Windows Journal to Address Remote Code Execution

  • CVE-2016-0038 Windows Journal Memory Corruption vulnerability
    There are no known exploits in the wild.

MS16-014 Security Update for Microsoft Windows to Address Remote Code Execution

  • CVE-2016-0040 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0041 Windows DLL Loading Remote Code Execution Vulnerability
    SPY: 4486 “Malformed-File ppsx.MP.2”
  • CVE-2016-0042 Windows DLL Loading Remote Code Execution Vulnerability
    SPY: 4483 “Malformed-File rtf.MP.8”
  • CVE-2016-0044 Windows DLL Loading Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0049 Windows Kerberos Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-015 Security Update for Microsoft Office to Address Remote Code Execution

  • CVE-2016-0022 Microsoft Office Memory Corruption Vulnerability
    SPY: 4484 “Malformed-File rtf.MP.9”
  • CVE-2016-0039 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0052 Microsoft Office Memory Corruption Vulnerability
    SPY: 4480 “Malformed-File rtf.MP.6”
  • CVE-2016-0053 Microsoft Office Memory Corruption Vulnerability
    SPY: 4479 “Malformed-File rtf.MP.7”
  • CVE-2016-0054 Microsoft Office Memory Corruption Vulnerability
    SPY: 4481 “Malformed-File xlsx.MP.2”
  • CVE-2016-0055 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0056 Microsoft Office Memory Corruption Vulnerability
    SPY: 4482 “Malformed-File docx.MP.9”
  • CVE-2016-0057 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-016 Security Update for WebDAV to Address Elevation of Privilege

  • CVE-2016-0051 WebDAV Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-017 Security Update for Remote Desktop Display Driver to Address Elevation of Privilege

  • CVE-2016-0036 Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-018 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

  • CVE-2016-0048 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-019 Security Update for .NET Framework to Address Denial of Service

  • CVE-2016-0033 .NET Framework Stack Overflow Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0047 Windows Forms Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-020 Security Update for Active Directory Federation Services to Address Denial of Service

  • CVE-2016-0037 Microsoft Active Directory Federation Services Denial of Service Vulnerability
    There are no known exploits in the wild.

MS16-021 Security Update for NPS RADIUS Server to Address Denial of Service

  • CVE-2016-0050 Network Policy Server RADIUS Implementation Denial of Service Vulnerability
    There are no known exploits in the wild.