Posts

Microsoft Security Bulletin Coverage (Dec 13, 2016)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2016. A list of issues reported, along with SonicWALL coverage information are as follows:

MS16-144 Cumulative Security Update for Internet Explorer

  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:12521 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 1”
    IPS:12522 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 2”
    IPS:12523 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 3”
  • CVE-2016-7278 Windows Hyperlink Object Library Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7283 Internet Explorer Memory Corruption Vulnerability
    IPS:12527 “Internet Explorer Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7284 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”

MS16-145 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7181 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7206 Microsoft Edge Information Disclosure Vulnerability
    IPS:12524 “Microsoft Edge Information Disclosure Vulnerability (MS16-145)”
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7280 Microsoft Edge Information Disclosure Vulnerability
    IPS:12529 “Microsoft Edge Information Disclosure Vulnerability (MS16-145) 2”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7286 Scripting Engine Memory Corruption Vulnerability
    IPS:12530 “Scripting Engine Memory Corruption Vulnerability (MS16-145)”
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”
  • CVE-2016-7288 Scripting Engine Memory Corruption Vulnerability
    IPS:12531 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 2”
  • CVE-2016-7296 Scripting Engine Memory Corruption Vulnerability
    IPS:12532 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 3”
  • CVE-2016-7297 Scripting Engine Memory Corruption Vulnerability
    IPS:12533 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 4”

MS16-146 Security Update for Microsoft Graphics Component

  • CVE-2016-7257 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7272 Windows Graphics Remote Code Execution Vulnerability
    SPY:2034 “Malformed-File ico.MP_3”
    SPY:2035 “Malformed-File ico.MP.2_2”
  • CVE-2016-7273 Windows Graphics Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-147 Security Update for Microsoft Uniscribe

  • CVE-2016-7274 Windows Uniscribe Remote Code Execution Vulnerability
    SPY:2032 “Malformed-File ttf.MP.8”

MS16-148 Security Update for Microsoft Office

  • CVE-2016-7262 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7264 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7265 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7266 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7267 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7268 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7275 Microsoft Office OLE DLL Side Loading Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7276 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7277 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7289 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7290 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7291 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7298 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-149 Security Update for Microsoft Windows

  • CVE-2016-7219 Windows Crypto Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7292 Windows Installer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-150 Security Update for Windows Secure Kernel Mode

  • CVE-2016-7271 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-151 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7259 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7260 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-152 Security Update for Windows Kernel

  • CVE-2016-7258 Windows Kernel Memory Address Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-153 Security Update for Common Log File System Driver

  • CVE-2016-7295 Windows Common Log File System Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-155 Security Update for .NET Framework

  • CVE-2016-7270 .NET Information Disclosure Vulnerability
    There are no known exploits in the wild.

Microsoft Security Bulletin Coverage (Nov 8, 2016)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-129 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7196 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7198 Microsoft Browser Memory Corruption Vulnerability
    IPS:11958 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 2”
  • CVE-2016-7200 Scripting Engine Memory Corruption Vulnerability
    IPS:11959 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7201 Scripting Engine Memory Corruption Vulnerability
    IPS:11960 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 2”
  • CVE-2016-7203 Scripting Engine Memory Corruption Vulnerability
    IPS:11961 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 3”
  • CVE-2016-7242 Scripting Engine Memory Corruption Vulnerability
    IPS:11962 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 4”
  • CVE-2016-7246 Win32k Elevation of Privilege
    There are no known exploits in the wild.
  • CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:11964 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 5”
  • CVE-2016-7204 Microsoft Edge Information Disclosure Vulnerability
    TIPS:11965 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 4″
  • CVE-2016-7208 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7209 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
    IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″
  • CVE-2016-7239 Microsoft Browser Information Disclosure
    There are no known exploits in the wild.
  • CVE-2016-7240 Scripting Engine Memory Corruption Vulnerability
    IPS:11968 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 7″
  • CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
    IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”
  • CVE-2016-7243 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-130 Security Update for Microsoft Windows

  • CVE-2016-7212 Windows File Manager Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7221 Windows IME Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7222 Task Scheduler Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-131 Security Update for Microsoft Video Control

  • CVE-2016-7248 Microsoft Video Control Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-132 Security Update for Microsoft Graphics Component

  • CVE-2016-7205 Windows Animation Manager Memory Corruption Vulnerability
    IPS:11970 “Windows Animation Manager Memory Corruption Vulnerability (MS16-132)”
  • CVE-2016-7210 Open Type F
    ont Information Disclosure Vulnerability
    SPY:2014 “Malformed-File otf.MP.21”

  • CVE-2016-7217 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7256 Open Type Font Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-133 Security Update for Microsoft Office

  • CVE-2016-7213 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7228 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7229 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7230 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7231 Microsoft Office Memory Corruption Vulnerability
    SPY:2015 ” Malformed-File xls.MP.54″
  • CVE-2016-7232 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7233 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7234 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7235 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7236 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7244 Microsoft Office Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7245 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-134 Security Update for Common Log File System Driver

  • CVE-2016-0026 Windows CLFS Elevation of Privilege
    There are no known exploits in the wild.
  • CVE-2016-3332 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3333 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3334 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3335 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3338 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3340 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3342 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3343 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7184 Windows CLFS Elevation of Privilege
    There are no known exploits in the wild.

MS16-135 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7214 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7215 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7218 Bowser.sys Information Disclosure Vulnerabilty
    There are no known exploits in the wild.
  • CVE-2016-7255 Win32k Elevation of Pri
    vilege Vulnerability
    There are no known exploits in the wild.

MS16-136 Security Update for SQL Server

  • CVE-2016-7249 SQL RDBMS Engine Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7250 SQL RDBMS Engine Elevation of Privilege Vulnerability
    IPS:11971 ” SQL RDBMS Engine Elevation of Privilege Vulnerability”
  • CVE-2016-7251 MDS API XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7252 SQL Analysis Services Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7253 SQL Server Agent Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7254 SQL RDBMS Engine EoP vulnerability
    There are no known exploits in the wild.

MS16-137 Security Update for Windows Authentication Methods

  • CVE-2016-7220 Virtual Secure Mode Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7237 Local Security Authority Subsystem Service Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7238 Windows NTLM elevation of privilege vulnerability
    There are no known exploits in the wild.

MS16-138 Security Update for Microsoft Virtual Hard Disk Driver

  • CVE-2016-7223 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7224 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7225 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7226 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-139 Security Update for Windows Kernel

  • CVE-2016-7216 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-140 Security Update for Boot Manager

  • CVE-2016-7247 Secure Boot Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-142 Cumulative Security Update for Internet Explorer

  • CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957
    “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
    IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″
  • CVE-2016-7239 Microsoft Browser Information Disclosure
    There are no known exploits in the wild.
  • CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
    IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”