Posts

Microsoft Security Bulletin Coverage (Nov 8, 2016)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-129 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7196 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7198 Microsoft Browser Memory Corruption Vulnerability
    IPS:11958 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 2”
  • CVE-2016-7200 Scripting Engine Memory Corruption Vulnerability
    IPS:11959 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7201 Scripting Engine Memory Corruption Vulnerability
    IPS:11960 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 2”
  • CVE-2016-7203 Scripting Engine Memory Corruption Vulnerability
    IPS:11961 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 3”
  • CVE-2016-7242 Scripting Engine Memory Corruption Vulnerability
    IPS:11962 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 4”
  • CVE-2016-7246 Win32k Elevation of Privilege
    There are no known exploits in the wild.
  • CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:11964 “Scripting Engine Memory Corruption Vulnerability (MS16-129) 5”
  • CVE-2016-7204 Microsoft Edge Information Disclosure Vulnerability
    TIPS:11965 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 4″
  • CVE-2016-7208 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7209 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
    IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″
  • CVE-2016-7239 Microsoft Browser Information Disclosure
    There are no known exploits in the wild.
  • CVE-2016-7240 Scripting Engine Memory Corruption Vulnerability
    IPS:11968 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 7″
  • CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
    IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”
  • CVE-2016-7243 Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-130 Security Update for Microsoft Windows

  • CVE-2016-7212 Windows File Manager Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7221 Windows IME Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7222 Task Scheduler Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-131 Security Update for Microsoft Video Control

  • CVE-2016-7248 Microsoft Video Control Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-132 Security Update for Microsoft Graphics Component

  • CVE-2016-7205 Windows Animation Manager Memory Corruption Vulnerability
    IPS:11970 “Windows Animation Manager Memory Corruption Vulnerability (MS16-132)”
  • CVE-2016-7210 Open Type F
    ont Information Disclosure Vulnerability
    SPY:2014 “Malformed-File otf.MP.21”

  • CVE-2016-7217 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7256 Open Type Font Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-133 Security Update for Microsoft Office

  • CVE-2016-7213 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7228 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7229 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7230 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7231 Microsoft Office Memory Corruption Vulnerability
    SPY:2015 ” Malformed-File xls.MP.54″
  • CVE-2016-7232 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7233 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7234 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7235 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7236 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7244 Microsoft Office Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7245 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-134 Security Update for Common Log File System Driver

  • CVE-2016-0026 Windows CLFS Elevation of Privilege
    There are no known exploits in the wild.
  • CVE-2016-3332 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3333 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3334 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3335 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3338 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3340 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3342 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-3343 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7184 Windows CLFS Elevation of Privilege
    There are no known exploits in the wild.

MS16-135 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7214 Win32k Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7215 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7218 Bowser.sys Information Disclosure Vulnerabilty
    There are no known exploits in the wild.
  • CVE-2016-7255 Win32k Elevation of Pri
    vilege Vulnerability
    There are no known exploits in the wild.

MS16-136 Security Update for SQL Server

  • CVE-2016-7249 SQL RDBMS Engine Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7250 SQL RDBMS Engine Elevation of Privilege Vulnerability
    IPS:11971 ” SQL RDBMS Engine Elevation of Privilege Vulnerability”
  • CVE-2016-7251 MDS API XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7252 SQL Analysis Services Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7253 SQL Server Agent Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7254 SQL RDBMS Engine EoP vulnerability
    There are no known exploits in the wild.

MS16-137 Security Update for Windows Authentication Methods

  • CVE-2016-7220 Virtual Secure Mode Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7237 Local Security Authority Subsystem Service Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7238 Windows NTLM elevation of privilege vulnerability
    There are no known exploits in the wild.

MS16-138 Security Update for Microsoft Virtual Hard Disk Driver

  • CVE-2016-7223 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7224 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7225 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7226 VHDFS Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-139 Security Update for Windows Kernel

  • CVE-2016-7216 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-140 Security Update for Boot Manager

  • CVE-2016-7247 Secure Boot Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-142 Cumulative Security Update for Internet Explorer

  • CVE-2016-7195 Microsoft Browser Memory Corruption Vulnerability
    IPS:11957 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 1”
  • CVE-2016-7199 Microsoft Browser Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7227 Microsoft Browser Information Disclosure Vulnerability
    IPS:11967 ” Scripting Engine Memory Corruption Vulnerability (MS16-129) 6″
  • CVE-2016-7239 Microsoft Browser Information Disclosure
    There are no known exploits in the wild.
  • CVE-2016-7241 Microsoft Browser Remote Code Execution Vulnerability
    IPS:11969 “Microsoft Browser Memory Corruption Vulnerability (MS16-129) 7”