This month Microsoft patched 27 vulnerabilities, described in 9 security bulletins. As usually, Internet Explorer and Edge had the most security issues. In both Microsoft browsers were patched almost similar vulnerabilities, which could lead to remote code execution and information disclosure.
3 vulnerabilities in Microsoft Graphics Component implementation also could lead to remote code execution. As attack vectors Microsoft specified potential exploits against such popular applications as Microsoft Office, Skype for Business, and Microsoft Lync. If you are using one of them in corporate environment, you should definitely install this patch ASAP.
Below is a table with brief review of vulnerabilities, patched in August 2016:
Software | Severity | CVE/CVSS | Known exploits |
MS16-095: Cumulative Security Update for Internet Explorer (3177356) | |||
Internet Explorer | High |
CVE-2016-3288 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3289 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3290 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3293 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3322 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3321 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N] CVE-2016-3329 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N] CVE-2016-3326 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N] CVE-2016-3327 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N] |
No |
MS16-096: Cumulative Security Update for Microsoft Edge (3177358) | |||
Edge | High |
CVE-2016-3289 |
No |
MS16-097: Security Update for Microsoft Graphics Component (3177393) | |||
Microsoft Graphics Component | High |
CVE-2016-3301 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3303 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3304 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
No |
MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466) | |||
Win32k.sys | Low |
CVE-2016-3308 7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H] CVE-2016-3309 7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H] CVE-2016-3310 7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H] CVE-2016-3311 7.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H] |
No |
MS16-099: Security Update for Microsoft Office (3177451) | |||
Office | High |
CVE-2016-3315 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N] CVE-2016-3313 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3316 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3317 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] CVE-2016-3318 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
No |
MS16-100: Security Update for Secure Boot (3179577) | |||
Windows Secure Boot | Low |
CVE-2016-3320 6.8 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H] |
No |
MS16-101: Security Update for Windows Authentication Methods (3178465) | |||
Windows Authentication Methods | Medium |
CVE-2016-3300 7.1 [CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H] CVE-2016-3237 7.5 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H] |
No |
MS16-102: Security Update for Microsoft Windows PDF Library (3182248) | |||
Microsoft PDF | High |
CVE-2016-3319 9.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H] |
No |
MS16-103: Security Update for ActiveSyncProvider (3182332) | |||
ActiveSyncProvider | Low |
CVE-2016-3312 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N] |
No |