10 August 2016

Microsoft patched 27 flaws, no zero-days this time


Microsoft patched 27 flaws, no zero-days this time

This month Microsoft patched 27 vulnerabilities, described in 9 security bulletins. As usually, Internet Explorer and Edge had the most security issues. In both Microsoft browsers were patched almost similar vulnerabilities, which could lead to remote code execution and information disclosure.

3 vulnerabilities in Microsoft Graphics Component implementation also could lead to remote code execution. As attack vectors Microsoft specified potential exploits against such popular applications as Microsoft Office, Skype for Business, and Microsoft Lync. If you are using one of them in corporate environment, you should definitely install this patch ASAP.

Below is a table with brief review of vulnerabilities, patched in August 2016:

Software Severity CVE/CVSS Known exploits
MS16-095: Cumulative Security Update for Internet Explorer (3177356)
Internet Explorer High CVE-2016-3288
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3289
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3290
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3293
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3322
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3321
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
CVE-2016-3329
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
CVE-2016-3326
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
CVE-2016-3327
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
No
MS16-096: Cumulative Security Update for Microsoft Edge (3177358)
Edge High

CVE-2016-3289
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3293
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3319
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3322
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3296
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3326
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
CVE-2016-3327
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
CVE-2016-3329
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]

No
MS16-097: Security Update for Microsoft Graphics Component (3177393)
   Microsoft Graphics Component  High CVE-2016-3301
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3303
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3304
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
No
MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466)
Win32k.sys Low CVE-2016-3308
7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]
CVE-2016-3309
7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]
CVE-2016-3310
7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]
CVE-2016-3311
7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]
No
MS16-099: Security Update for Microsoft Office (3177451)
Office High CVE-2016-3315
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N]
CVE-2016-3313
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3316
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3317
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
CVE-2016-3318
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
No
MS16-100: Security Update for Secure Boot (3179577)
Windows Secure Boot Low CVE-2016-3320
6.8 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H]
No
MS16-101: Security Update for Windows Authentication Methods (3178465)
Windows Authentication Methods Medium CVE-2016-3300
7.1 [CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H]
CVE-2016-3237
7.5 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H]
No
MS16-102: Security Update for Microsoft Windows PDF Library (3182248)
Microsoft PDF High CVE-2016-3319
9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H]
No
MS16-103: Security Update for ActiveSyncProvider (3182332)
ActiveSyncProvider Low CVE-2016-3312
3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N]
No

Back to the list

Latest Posts

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024
Sophisticated malware campaign targeting end-of-life routers and IoT devices

Sophisticated malware campaign targeting end-of-life routers and IoT devices

A recent campaign targeted over 6,000 ASUS routers in less than 72 hours.
27 March 2024
Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

The observed cyberattack employed phishing emails as the primary method of infiltration.
27 March 2024