This time of month is pretty intense for IT community, especially for guys who administer patches to multiple servers and workstations. In this article we will make a brief review of issued security advisories and vulnerable components for both vendors.
Microsoft has issued 14 advisories this month, covering 31 vulnerabilities in its products. Additional bulletin was issued to address 24 vulnerabilities in Adobe Flash. Information about these vulnerabilities is not revealed by Adobe yet.
The table below will cover all bulletins published by Microsoft:
| MS Security Advisory | Vulnerable products | Severity | CVE | Known exploits |
|---|---|---|---|---|
| MS16-052: Cumulative Security Update for Microsoft Edge | Microsoft Edge | High | CVE-2016-0186 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0191 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0192 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0193 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| MS16-053: Cumulative Security Update for JScript and VBScript | JScript & VBScript | High | CVE-2016-0187 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0189 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
CVE-2016-0189 - exploited in the wild |
| MS16-054: Security Update for Microsoft Office | Microsoft Office | High | CVE-2016-0126 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0140 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0198 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0183 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| MS16-055: Security Update for Microsoft Graphics Component | Microsoft CGI | High | CVE-2016-0168 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0169 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0170 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0184 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-0195 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| MS16-056: Security Update for Windows Journal | Windows Journal | High | CVE-2016-0182 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| MS16-057: Security Update for Windows Shell | Windows Shell | High | CVE-2016-0179 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| MS16-058: Security Update for Windows IIS | Microsoft IIS | Low | CVE-2016-0152 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] |
NO |
| MS16-059: Security Update for Windows Media Center | Windows Media Center | High | CVE-2016-0185 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| MS16-060: Security Update for Windows Kernel | Windows Kernel | Low | CVE-2016-0180 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] |
NO |
| MS16-061: Security Update for Microsoft RPC | Microsoft RPC | Low | CVE-2016-0178 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] |
NO |
| MS16-062: Security Update for Windows Kernel-Mode Drivers | Windows Kernel Drivers | Low | CVE-2016-0171 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] CVE-2016-0173 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] CVE-2016-0174 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] CVE-2016-0196 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] CVE-2016-0175 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2016-0176 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] CVE-2016-0197 8.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H] |
NO |
| MS16-064: Security Update for Adobe Flash Player | Adobe Flash | High | NO | |
| MS16-065: Security Update for .NET Framework | .NET Framework | Low | CVE-2016-0149 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N] |
Publicly disclosed |
| MS16-066: Security Update for Virtual Secure Mode | Hypervisor | Low | CVE-2016-0181 3.6 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N] |
NO |
| MS16-067: Security Update for Volume Manager Driver | Microsoft RDP | Low | CVE-2016-0190 4.0 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N] |
NO |
Adobe made its record by patching a huge number of vulnerabilities in Adobe Reader & Acrobat. The company also published information about upcoming fix for zero-day vulnerability in Flash Player (CVE-2016-4117). The vendor will issue the patch on May 12. In total, Adobe published 2 security bulletins covering 92 vulnerabilities in Adobe Reader and 3 vulnerabilities in ColdFusion. Information about 24 vulnerabilities patched by Microsoft is not revealed yet. Basically Adobe patched 119 vulnerabilities in their products this month, plus one more vulnerability to be patched soon:
| MS Security Advisory | Vulnerable products | Severity | CVE | Known exploits |
|---|---|---|---|---|
| APSA16-02: Security Advisory for Adobe Flash Player | Adobe Flash | N/A | CVE-2016-1096 CVE-2016-1097 CVE-2016-1098 CVE-2016-1099 CVE-2016-1100 CVE-2016-1101 CVE-2016-1102 CVE-2016-1103 CVE-2016-1104 CVE-2016-1105 CVE-2016-1106 CVE-2016-1107 CVE-2016-1108 CVE-2016-1109 CVE-2016-1110 CVE-2016-4108 CVE-2016-4109 CVE-2016-4110 CVE-2016-4111 CVE-2016-4112 CVE-2016-4113 CVE-2016-4114 CVE-2016-4115 CVE-2016-4116 |
No information available yet |
| APSA16-02: Security Advisory for Adobe Flash Player | Adobe Flash | Critical | CVE-2016-4117 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Exploited in the wild |
| APSB16-14: Security Updates Available for Adobe Acrobat and Reader | Adobe Reader | High | CVE-2016-1045 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1046 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1047 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1048 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1049 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1050 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1051 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1052 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1053 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1054 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1055 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1056 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1057 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1058 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1059 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1060 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1061 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1065 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1066 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1067 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1068 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1069 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1070 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1075 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1094 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1121 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1122 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4102 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4107 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4091 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4092 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1037 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1063 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1064 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1071 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1072 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1073 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1074 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1076 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1077 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1078 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1080 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1081 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1082 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1083 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1084 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1085 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1086 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1088 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1093 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1095 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1116 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1118 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1119 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1120 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1123 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1124 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1125 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1126 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1127 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1128 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1129 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1130 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4088 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4089 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4090 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4093 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4094 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4096 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4097 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4098 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4099 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4100 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4101 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4103 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4104 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4105 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1043 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1079 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L] CVE-2016-1092 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L] CVE-2016-1112 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N] CVE-2016-1038 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1039 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1040 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1041 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1042 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1044 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1062 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1117 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1087 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-1090 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-4106 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
NO |
| APSB16-16: Security Update: Hotfixes available for ColdFusion | ColdFusion | Low | CVE-2016-1113 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] CVE-2016-1114 4.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N] CVE-2016-1115 4.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N] |
NO |