Posts

Microsoft Security Bulletin Coverage (Dec 13, 2016)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2016. A list of issues reported, along with SonicWALL coverage information are as follows:

MS16-144 Cumulative Security Update for Internet Explorer

  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:12521 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 1”
    IPS:12522 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 2”
    IPS:12523 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 3”
  • CVE-2016-7278 Windows Hyperlink Object Library Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7283 Internet Explorer Memory Corruption Vulnerability
    IPS:12527 “Internet Explorer Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7284 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”

MS16-145 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7181 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7206 Microsoft Edge Information Disclosure Vulnerability
    IPS:12524 “Microsoft Edge Information Disclosure Vulnerability (MS16-145)”
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7280 Microsoft Edge Information Disclosure Vulnerability
    IPS:12529 “Microsoft Edge Information Disclosure Vulnerability (MS16-145) 2”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7286 Scripting Engine Memory Corruption Vulnerability
    IPS:12530 “Scripting Engine Memory Corruption Vulnerability (MS16-145)”
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”
  • CVE-2016-7288 Scripting Engine Memory Corruption Vulnerability
    IPS:12531 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 2”
  • CVE-2016-7296 Scripting Engine Memory Corruption Vulnerability
    IPS:12532 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 3”
  • CVE-2016-7297 Scripting Engine Memory Corruption Vulnerability
    IPS:12533 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 4”

MS16-146 Security Update for Microsoft Graphics Component

  • CVE-2016-7257 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7272 Windows Graphics Remote Code Execution Vulnerability
    SPY:2034 “Malformed-File ico.MP_3”
    SPY:2035 “Malformed-File ico.MP.2_2”
  • CVE-2016-7273 Windows Graphics Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-147 Security Update for Microsoft Uniscribe

  • CVE-2016-7274 Windows Uniscribe Remote Code Execution Vulnerability
    SPY:2032 “Malformed-File ttf.MP.8”

MS16-148 Security Update for Microsoft Office

  • CVE-2016-7262 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7264 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7265 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7266 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7267 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7268 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7275 Microsoft Office OLE DLL Side Loading Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7276 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7277 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7289 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7290 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7291 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7298 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-149 Security Update for Microsoft Windows

  • CVE-2016-7219 Windows Crypto Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7292 Windows Installer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-150 Security Update for Windows Secure Kernel Mode

  • CVE-2016-7271 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-151 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7259 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7260 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-152 Security Update for Windows Kernel

  • CVE-2016-7258 Windows Kernel Memory Address Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-153 Security Update for Common Log File System Driver

  • CVE-2016-7295 Windows Common Log File System Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-155 Security Update for .NET Framework

  • CVE-2016-7270 .NET Information Disclosure Vulnerability
    There are no known exploits in the wild.