May 2016 Security Updates
Security Update
secure@microsoft.com
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc.
2016-May
2016-May
Final
1.0
4
2026-02-18T01:50:19
May 2016 Security Updates
2016-05-10T07:00:00Z
2026-02-18T01:50:19
<p>The May security release consists of security updates for the following software:</p>
<ul>
<li>Internet Explorer</li>
<li>Microsoft Edge</li>
<li>Microsoft Windows</li>
<li>Microsoft Office and Microsoft Office Services and Web Apps</li>
<li>Micorosft .NET Framework</li>
<li>Adobe Flash Player</li>
</ul>
<p>Please note the following information regarding the security updates:</p>
<ul>
<li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="http://catalog.update.microsoft.com/v7/site/Home.aspx">Microsoft Update Catalog</a>.</li>
<li>Updates for Windows RT 8.1 and Microsoft Office RT software are only available via <a href="http://go.microsoft.com/fwlink/?LinkId=21130">Windows Update</a>.</li>
<li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li>
</ul>
<p><strong>Note</strong> As a reminder, the <a href="https://portal.msrc.microsoft.com/en-us/security-guidance">Security Updates Guide</a> will be replacing security bulletins as of February 2017. Please see our blog post, <a href="https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/">Furthering our commitment to security updates</a>, for more details.</p>
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems (Server Core installation)
Windows Server 2008 for x64-based Systems (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2
Internet Explorer 9 on Windows Vista Service Pack 2
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Word Viewer
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Word for Mac 2011
Microsoft Word 2016 for Mac
Microsoft .NET Framework 4.6 on Windows Vista Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 4.6 on Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows RT 8.1
Microsoft .NET Framework 4.6/4.6.1 on Windows RT 8.1
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.6/4.6.1 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.5.2 on Windows Server 2012
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012
Microsoft .NET Framework 3.5 on Windows Server 2012 R2
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 R2
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems
Microsoft .NET Framework 4.6 on Windows 10 for 32-bit Systems
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems
Microsoft .NET Framework 4.6 on Windows 10 for x64-based Systems
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for 32-bit Systems
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for 32-bit Systems
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for x64-based Systems
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for x64-based Systems
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Vista Service Pack 2
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 3.5 on Windows Server 2012
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems
Internet Explorer 10 on Windows Server 2012
Internet Explorer 11 on Windows 10 for 32-bit Systems
Internet Explorer 11 on Windows 10 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
Internet Explorer 11 on Windows 8.1 for 32-bit systems
Internet Explorer 11 on Windows 8.1 for x64-based systems
Internet Explorer 11 on Windows Server 2012 R2
Internet Explorer 11 on Windows RT 8.1
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Adobe Flash Player on Windows 8.1 for 32-bit systems
Adobe Flash Player on Windows 8.1 for x64-based systems
Adobe Flash Player on Windows RT 8.1
Adobe Flash Player on Windows Server 2012 R2
Adobe Flash Player on Windows 10 for x64-based Systems
Adobe Flash Player on Windows 10 for 32-bit Systems
Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems
Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems
Adobe Flash Player on Windows Server 2012
Microsoft Word for Mac 2011
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Office 2007 Service Pack 3
Microsoft Word 2007 Service Pack 3
Windows Server 2008 for 32-bit Systems (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Internet Explorer 9 on Windows Vista Service Pack 2
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 (Server Core installation)
Adobe Flash Player on Windows Server 2012
Adobe Flash Player on Windows 8.1 for 32-bit systems
Adobe Flash Player on Windows 8.1 for x64-based systems
Adobe Flash Player on Windows Server 2012 R2
Adobe Flash Player on Windows RT 8.1
Adobe Flash Player on Windows 10 for 32-bit Systems
Adobe Flash Player on Windows 10 for x64-based Systems
Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems
Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows RT 8.1
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 11 on Windows 8.1 for 32-bit systems
Internet Explorer 11 on Windows 8.1 for x64-based systems
Internet Explorer 11 on Windows Server 2012 R2
Internet Explorer 11 on Windows RT 8.1
Internet Explorer 11 on Windows 10 for 32-bit Systems
Internet Explorer 11 on Windows 10 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Internet Explorer 10 on Windows Server 2012
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.5.2 on Windows Server 2012
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.5.2 on Windows RT 8.1
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.5.2 on Windows Vista Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Word 2016 for Mac
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems
Microsoft .NET Framework 4.6 on Windows 10 for 32-bit Systems
Microsoft .NET Framework 4.6 on Windows 10 for x64-based Systems
Microsoft .NET Framework 4.6 on Windows Vista Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 4.6 on Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6/4.6.1 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 R2
Microsoft .NET Framework 4.6/4.6.1 on Windows RT 8.1
Microsoft .NET Framework 4.6/4.6.1 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for x64-based Systems
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for 32-bit Systems
Microsoft Office Word Viewer
cm1 jq 1.5-6 on CBL Mariner 1.0
cbl2 jq 1.5-6 on CBL Mariner 2.0
azl3 golang 1.24.3-1 on Azure Linux 3.0
azl3 golang 1.23.12-1 on Azure Linux 3.0
Microsoft .NET Framework 3.5 on Windows Server 2012
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems
Microsoft .NET Framework 3.5 on Windows Server 2012 R2
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for x64-based Systems
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for 32-bit Systems
Windows Vista Service Pack 2
Microsoft Office Compatibility Pack Service Pack 3
Windows Server 2008 for x64-based Systems (Server Core installation)
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista x64 Edition Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number which triggers a heap-based buffer overflow.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
debian
Yes
CVE-2015-8863
Improper Restriction of Operations within the Bounds of a Memory Buffer
16851-16820
16852-16823
16851-16820
16852-16823
Critical
16851-16820
Critical
16852-16823
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16851-16820
9.8
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
16852-16823
CBL-Mariner Releases
16851-16820
16852-16823
No
Security Update
1.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16851-16820
16852-16823
CBL-Mariner Releases
1.0
2020-08-18T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added jq to CBL-Mariner 2.0</p>
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2016-3959
Improper Input Validation
19697-17084
20074-17084
19697-17084
20074-17084
Important
19697-17084
Important
20074-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
19697-17084
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
20074-17084
1.0
2025-09-03T21:31:16
<p>Information published.</p>
1.1
2026-02-18T01:50:19
<p>Information published.</p>
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
<p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p>
<p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p>
Mariner
mitre
Yes
CVE-2016-4074
Allocation of Resources Without Limits or Throttling
16851-16820
16852-16823
16851-16820
16852-16823
Important
16851-16820
Important
16852-16823
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16851-16820
7.5
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
16852-16823
CBL-Mariner Releases
16851-16820
16852-16823
No
Security Update
1.5-6
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
16851-16820
16852-16823
CBL-Mariner Releases
1.0
2020-08-18T00:00:00
<p>Information published.</p>
1.1
2021-12-16T00:00:00
<p>Added jq to CBL-Mariner 2.0</p>
Windows Kernel Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses this vulnerability by correcting how the Windows kernel parses symbolic links.</p>
<p><strong>Why is security update 3153171 in this bulletin also denoted in MS16-060?</strong>
Security update 3153171 is also denoted in <a href="http://go.microsoft.com/fwlink/?LinkId=785239">MS16-060</a> for supported releases of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, due to the way fixes for vulnerabilities affecting particular products are consolidated. Because bulletins are broken out by the vulnerabilities being addressed, not by the update package being released, it is possible for separate bulletins, each addressing distinctly different vulnerabilities, to list the same update package as the vehicle for providing their respective fixes. This is frequently the case with cumulative updates for products, such as Internet Explorer or Silverlight, where singular security updates address different security vulnerabilities in separate bulletins.</p>
<p><strong>Note</strong>: Users do not need to install identical security updates that ship with multiple bulletins more than once.</p>
Windows Kernel
CVE-2016-0180
10729
10735
10789
10788
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9311
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
4393
Elevation of Privilege
9316
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=5bf172a4-4f9d-4122-9969-90779541bac8
3140410
10047
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee
3140410
10048
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=e1e1a7d7-36a0-4878-99a4-1a36be1464ac
3121212
10481
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=a9c0daf0-c97b-4513-a037-1142287ff8d8
3121212
10482
Security Update
3153171
3121212
10484
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc
3140410
9312
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc
3140410
10287
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=8694426f-77bd-45b3-bc42-4bd6430c419e
3140410
9311
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805
3140410
9318
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805
3140410
9344
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cf9271ed-5fba-49b0-be70-2472b91cee3e
3140410
10050
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee
3140410
10051
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee
3140410
10049
Security Update
3153171
3121212
10378
Security Update
3153171
3121212
10379
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=a9c0daf0-c97b-4513-a037-1142287ff8d8
3121212
10483
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=a9c0daf0-c97b-4513-a037-1142287ff8d8
3121212
10543
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc
3140410
4393
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805
3140410
9316
Security Update
Loren Robinson and Alex Ionescu of <a href="http://www.crowdstrike.com/">CrowdStrike, Inc.</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.</p>
<p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p>
<p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p>
<p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p>
<p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p>
Microsoft Office
CVE-2016-0126
10603
10601
10602
10753
10754
Remote Code Execution
10603
Remote Code Execution
10601
Remote Code Execution
10602
Remote Code Execution
10753
Remote Code Execution
10754
Important
10603
Important
10601
Important
10602
Important
10753
Important
10754
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3115016
3114486
10603
Maybe
Security Update
3115016
https://www.microsoft.com/downloads/details.aspx?familyid=0a5f1933-1400-4df4-9b78-bd9300e4c784
3114486
10601
Maybe
Security Update
3115016
https://www.microsoft.com/downloads/details.aspx?familyid=9d141d08-0fe0-4513-823f-27e32ea8dd25
3114486
10602
Maybe
Security Update
3115103
https://www.microsoft.com/downloads/details.aspx?familyid=7d07ae03-27b2-4e8b-87ae-3be9b7ef7bcf
10753
Maybe
Security Update
3115103
https://www.microsoft.com/downloads/details.aspx?familyid=04f6f258-0817-4209-9515-ed0d1a40fb1b
10754
Maybe
Security Update
Hao Linan of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a>
An anonymous researcher, working with <a href="http://www.beyondsecurity.com/ssd.html">Beyond Security’s SecuriTeam Secure Disclosure</a> team
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-05-25T07:00:00Z
<p>Corrected the updates replaced for Microsoft Office 2013 to 3114486 in MS16-004, and for CVE-2016-0183, clarified that the Preview Pane is an attack vector for this vulnerability. These are informational changes only.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.</p>
<p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p>
<p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p>
<p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p>
<p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p>
Microsoft Office
CVE-2016-0140
10525
10150
10521
10522
9432-10495
Remote Code Execution
10525
Remote Code Execution
10150
Remote Code Execution
10521
Remote Code Execution
10522
Remote Code Execution
9432-10495
Important
10525
Important
10150
Important
10521
Important
10522
Important
9432-10495
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation More Likely
3115124
https://www.microsoft.com/downloads/details.aspx?familyid=c56a4fc1-baa1-45df-905e-826845c2976d
3114994
10525
Maybe
Security Update
2984943
https://www.microsoft.com/downloads/details.aspx?familyid=668fa761-2a12-43c9-83a2-fb8d9d846076
2760585
10150
Maybe
Security Update
2984938
https://www.microsoft.com/downloads/details.aspx?familyid=71cffd37-f2e8-48a5-ba3d-e07a8df85024
2760591
10150
Maybe
Security Update
3101520
https://www.microsoft.com/downloads/details.aspx?familyid=db3ce73f-7923-4e3c-af19-c5ab55738a35
3054841
10521
Maybe
Security Update
3054984
https://www.microsoft.com/downloads/details.aspx?familyid=34c5576d-4f18-42c2-842a-a6e0626d60f7
3054848
10521
Maybe
Security Update
3054984
https://www.microsoft.com/downloads/details.aspx?familyid=bef29fc7-a0e8-4670-bd1f-e5fe6a3293f7
3054848
10522
Maybe
Security Update
3101520
https://www.microsoft.com/downloads/details.aspx?familyid=73c39fb9-e59f-4e2c-bf4a-6bbce11fe0dc
3054841
10522
Maybe
Security Update
3115117
https://www.microsoft.com/downloads/details.aspx?familyid=23bb75c9-b0d6-4f6e-9f03-e570c5687663
3114988
9432-10495
Maybe
Security Update
Steven Seeley of <a href="http://srcincite.io/">Source Incite</a>, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
TLS/SSL Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists in the TLS/SSL protocol, implemented in the encryption component of Microsoft .NET Framework. An attacker who successfully exploited this vulnerability could decrypt encrypted SSL/TLS traffic.</p>
<p>To exploit the vulnerability, an attacker would first have to inject unencrypted data into the secure channel and then perform a <a href="https://technet.microsoft.com/en-us/library/security/dn848375.aspx#MiTM">man-in-the-middle (MiTM) attack</a> between the targeted client and a legitimate server. The update addresses the vulnerability by modifying the way that the .NET encryption component sends and receives encrypted network packets.</p>
<p><strong>Important:</strong> Microsoft recommends that customers download and test the applicable update in controlled/managed environments before deploying it in their production environments.</p>
<p>In case of application compatibility issues, the recommended approach is to ensure that the server and client endpoints are correctly implementing the TLS RFC, and that they can interpret two split records containing 1, n-1 bytes respectively after this update. For more information and developer guidance, see <a href="https://support.microsoft.com/kb/3155464">Microsoft Knowledge Base Article 3155464</a>.</p>
.NET Framework
CVE-2016-0149
10728-4393
10636-9316
10728-9316
10636-9312
10728-9312
10636-9318
10728-9318
10636-10047
10807-10047
10636-10048
10807-10048
9495-10051
10636-10051
10807-10051
10636-10484
10807-10484
2472-10481
10636-10481
10807-10481
2472-10482
10636-10482
10636-10378
10807-10378
2472-10483
10636-10483
10807-10483
2472-10729
10728-10729
2472-10735
10728-10735
2472-10789
10808-10789
2472-10788
10808-10788
10636-10049
10807-10049
10636-10379
10807-10379
2472-10543
10636-10543
10807-10543
10636-4393
9495-10050
9495-10049
9495-10048
9495-9303
9292-9311
9292-9312
9292-9316
9292-9318
9292-4393
2472-10379
2472-10378
Information Disclosure
10728-4393
Information Disclosure
10636-9316
Information Disclosure
10728-9316
Information Disclosure
10636-9312
Information Disclosure
10728-9312
Information Disclosure
10636-9318
Information Disclosure
10728-9318
Information Disclosure
10636-10047
Information Disclosure
10807-10047
Information Disclosure
10636-10048
Information Disclosure
10807-10048
Information Disclosure
9495-10051
Information Disclosure
10636-10051
Information Disclosure
10807-10051
Information Disclosure
10636-10484
Information Disclosure
10807-10484
Information Disclosure
2472-10481
Information Disclosure
10636-10481
Information Disclosure
10807-10481
Information Disclosure
2472-10482
Information Disclosure
10636-10482
Information Disclosure
10636-10378
Information Disclosure
10807-10378
Information Disclosure
2472-10483
Information Disclosure
10636-10483
Information Disclosure
10807-10483
Information Disclosure
2472-10729
Information Disclosure
10728-10729
Information Disclosure
2472-10735
Information Disclosure
10728-10735
Information Disclosure
2472-10789
Information Disclosure
10808-10789
Information Disclosure
2472-10788
Information Disclosure
10808-10788
Information Disclosure
10636-10049
Information Disclosure
10807-10049
Information Disclosure
10636-10379
Information Disclosure
10807-10379
Information Disclosure
2472-10543
Information Disclosure
10636-10543
Information Disclosure
10807-10543
Information Disclosure
10636-4393
Information Disclosure
9495-10050
Information Disclosure
9495-10049
Information Disclosure
9495-10048
Information Disclosure
9495-9303
Information Disclosure
9292-9311
Information Disclosure
9292-9312
Information Disclosure
9292-9316
Information Disclosure
9292-9318
Information Disclosure
9292-4393
Information Disclosure
2472-10379
Information Disclosure
2472-10378
Important
10728-4393
Important
10636-9316
Important
10728-9316
Important
10636-9312
Important
10728-9312
Important
10636-9318
Important
10728-9318
Important
10636-10047
Important
10807-10047
Important
10636-10048
Important
10807-10048
Important
9495-10051
Important
10636-10051
Important
10807-10051
Important
10636-10484
Important
10807-10484
Important
2472-10481
Important
10636-10481
Important
10807-10481
Important
2472-10482
Important
10636-10482
Important
10636-10378
Important
10807-10378
Important
2472-10483
Important
10636-10483
Important
10807-10483
Important
2472-10729
Important
10728-10729
Important
2472-10735
Important
10728-10735
Important
2472-10789
Important
10808-10789
Important
2472-10788
Important
10808-10788
Important
10636-10049
Important
10807-10049
Important
10636-10379
Important
10807-10379
Important
2472-10543
Important
10636-10543
Important
10807-10543
Important
10636-4393
Important
9495-10050
Important
9495-10049
Important
9495-10048
Important
9495-9303
Important
9292-9311
Important
9292-9312
Important
9292-9316
Important
9292-9318
Important
9292-4393
Important
2472-10379
Important
2472-10378
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10728-4393
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-9316
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10728-9316
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-9312
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10728-9312
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-9318
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10728-9318
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-10047
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10807-10047
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-10048
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10807-10048
Security Update
3142024
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142024
9495-10051
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-10051
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10807-10051
Security Update
3142030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142030
10636-10484
Security Update
3142036
10807-10484
Security Update
3142026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142026
2472-10481
Security Update
3142030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142030
2978041
10636-10481
Security Update
3142036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142036
10807-10481
Security Update
3142026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142026
2472-10482
Security Update
3142030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142030
2978041
10636-10482
Security Update
3142032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142032
2978042
10636-10378
Security Update
3142035
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142035
10807-10378
Security Update
3142026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142026
2472-10483
Security Update
3142030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142030
2978041
10636-10483
Security Update
3142036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142036
10807-10483
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
2472-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10728-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
2472-10735
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10728-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
2472-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10808-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
2472-10788
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10808-10788
Maybe
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-10049
Security Update
3142037
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142037
10807-10049
Security Update
3142032
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142032
2978042
10636-10379
Security Update
3142035
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142035
10807-10379
Security Update
3142026
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142026
2472-10543
Security Update
3142030
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142030
2978041
10636-10543
Security Update
3142036
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142036
10807-10543
Security Update
3142033
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142033
2972107
10636-4393
Security Update
3142024
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142024
9495-10050
Yes
Security Update
3142024
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142024
9495-10049
Security Update
3142024
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142024
9495-10048
Security Update
3142024
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142024
9495-9303
Security Update
3142023
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142023
9292-9311
Maybe
Security Update
3142023
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142023
9292-9312
Security Update
3142023
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142023
9292-9316
Security Update
3142023
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142023
9292-9318
Security Update
3142023
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142023
9292-4393
Security Update
3142025
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142025
2472-10379
Security Update
3142025
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3142025
2472-10378
Security Update
<p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> may be helpful in your situation:
Customers who have enabled TLS1.2 are not affected. For more information and developer guidance, see <a href="https://support.microsoft.com/kb/3155464">Microsoft Knowledge Base Article 3155464</a>.</p>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-05-12T07:00:00Z
<p>Revised bulletin to announce a detection change for the 3142037 update for .NET Framework 4.6/4.6.1. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.</p>
Windows DLL Loading Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker must first gain access to the local system and have the ability to execute a malicious application.</p>
<p>The security update addresses the vulnerability by correcting how Windows validates input before loading DLL files.</p>
Windows IIS
CVE-2016-0152
10285
4393
9311
9312
9316
9318
9188
Remote Code Execution
10285
Remote Code Execution
4393
Remote Code Execution
9311
Remote Code Execution
9312
Remote Code Execution
9316
Remote Code Execution
9318
Remote Code Execution
9188
Important
10285
Important
4393
Important
9311
Important
9312
Important
9316
Important
9318
Important
9188
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
10285
Security Update
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
4393
Security Update
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
9311
Security Update
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
9312
Security Update
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
9316
Security Update
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
9318
Security Update
3141083
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3141083
982666
9188
Security Update
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-07-26T07:00:00Z
<p>Bulletin revised to add Updates Replaced information to all entries in the Affected Products table. This is an informational change only. Customers who have already successfully installed the updates do not need to take any action.</p>
Windows Graphics Component Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.</p>
<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.</p>
<p>The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p>
Microsoft Graphics Component
CVE-2016-0168
10729
10735
10789
10788
10047
10048
10481
10482
10049
10378
10379
10483
10543
4393
9316
9312
10287
9311
9318
9344
10050
10051
10484
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10789
Information Disclosure
10788
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
4393
Information Disclosure
9316
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9311
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10050
Information Disclosure
10051
Information Disclosure
10484
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=68c2b288-f523-4a4f-ac26-6e8e3b6c98c7
3124001
10047
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10048
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=df9f88bc-761b-48c4-9731-025d89976f0b
3124001
10481
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10482
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10049
Security Update
3156013
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156013
3124001
10378
Security Update
3156013
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156013
3124001
10379
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10483
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10543
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
4393
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9316
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
9312
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
10287
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=2ed462dd-221e-47f7-8a0b-e39489b73e5f
3124001
9311
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9318
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9344
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=7628f07b-765d-4696-a925-cf9be6868bcb
3124001
10050
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10051
Security Update
3156013
3124001
10484
Security Update
<p><strong>Disable metafile processing</strong>
Customers using Windows Vista or Windows Server 2008 can disable metafile processing by modifying the registry. This setting will help protect the affected system from attempts to exploit this vulnerability.</p>
<p><strong>To modify the key by using Registry Editor, follow these steps:</strong>
<strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize</code></li>
<li>On the <strong>Edit</strong> menu, point to <strong>New</strong>, and then click <strong>DWORD</strong>.</li>
<li>Type <strong>DisableMetaFiles</strong>, and then press <strong>ENTER</strong>.</li>
<li>On the <strong>Edit</strong> menu, click <strong>Modify</strong> to modify the DisableMetaFiles registry entry.</li>
<li>In the <strong>Value</strong> data box, type <strong>1</strong>, and then click <strong>OK</strong>.</li>
<li>Exit Registry Editor.</li>
<li>Restart the computer.</li>
</ol>
<p><strong>Impact of workaround</strong>.
Turning off metafiles processing may cause the appearance of software or system components to decrease in quality. Turning off metafiles processing may also cause the software or system components to fail completely. This has been identified to have a potential significant functionality impact and should be evaluated and tested carefully to determine its applicability.</p>
<p>Examples include the following:</p>
<ul>
<li>You cannot print on the computer.</li>
<li>Some applications on the computer may be unable to display Clipart.</li>
<li>Some scenarios that involve OLE rendering may break.</li>
</ul>
<p><strong>To modify the key using a managed deployment script</strong>:</p>
<ol>
<li>Save the following to a file with a .REG extension (For example, Disable_MetaFiles.reg):</li>
</ol>
<pre><code> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]
"DisableMetaFiles"=dword:00000001
</code></pre>
<ol start="2">
<li>Run the registry script on the target machine with the following command from an administrator (on Vista, an elevated administrator) command prompt:
<code>Regedit.exe /s Disable_MetaFiles.reg</code></li>
<li>Restart the computer</li>
</ol>
<p><strong>How to undo the workaround</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize </code></li>
<li>On the <strong>Edit</strong> menu, click <strong>Modify</strong> to modify the DisableMetaFiles registry entry.</li>
<li>In the <strong>Value data</strong> box, type <strong>0</strong>, and then click <strong>OK</strong>.</li>
<li>Exit Registry Editor.</li>
<li>Restart the computer.</li>
</ol>
Mateusz Jurczyk of <a href="http://www.google.com/">Google Project Zero</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Windows Graphics Component Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.</p>
<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.</p>
<p>The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p>
Microsoft Graphics Component
CVE-2016-0169
10729
10735
10789
10788
10047
10048
10481
10482
10049
10378
10379
10483
10543
4393
9316
9312
10287
9311
9318
9344
10050
10051
10484
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10789
Information Disclosure
10788
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
4393
Information Disclosure
9316
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9311
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10050
Information Disclosure
10051
Information Disclosure
10484
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=68c2b288-f523-4a4f-ac26-6e8e3b6c98c7
3124001
10047
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10048
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=df9f88bc-761b-48c4-9731-025d89976f0b
3124001
10481
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10482
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10049
Security Update
3156013
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156013
3124001
10378
Security Update
3156013
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156013
3124001
10379
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10483
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10543
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
4393
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9316
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
9312
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
10287
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=2ed462dd-221e-47f7-8a0b-e39489b73e5f
3124001
9311
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9318
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9344
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=7628f07b-765d-4696-a925-cf9be6868bcb
3124001
10050
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10051
Security Update
3156013
3124001
10484
Security Update
<p><strong>Disable metafile processing</strong>
Customers using Windows Vista or Windows Server 2008 can disable metafile processing by modifying the registry. This setting will help protect the affected system from attempts to exploit this vulnerability.</p>
<p><strong>To modify the key by using Registry Editor, follow these steps:</strong>
<strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize</code></li>
<li>On the <strong>Edit</strong> menu, point to <strong>New</strong>, and then click <strong>DWORD</strong>.</li>
<li>Type <strong>DisableMetaFiles</strong>, and then press <strong>ENTER</strong>.</li>
<li>On the <strong>Edit</strong> menu, click <strong>Modify</strong> to modify the DisableMetaFiles registry entry.</li>
<li>In the <strong>Value</strong> data box, type <strong>1</strong>, and then click <strong>OK</strong>.</li>
<li>Exit Registry Editor.</li>
<li>Restart the computer.</li>
</ol>
<p><strong>Impact of workaround</strong>.
Turning off metafiles processing may cause the appearance of software or system components to decrease in quality. Turning off metafiles processing may also cause the software or system components to fail completely. This has been identified to have a potential significant functionality impact and should be evaluated and tested carefully to determine its applicability.</p>
<p>Examples include the following:</p>
<ul>
<li>You cannot print on the computer.</li>
<li>Some applications on the computer may be unable to display Clipart.</li>
<li>Some scenarios that involve OLE rendering may break.</li>
</ul>
<p><strong>To modify the key using a managed deployment script</strong>:</p>
<ol>
<li>Save the following to a file with a .REG extension (For example, Disable_MetaFiles.reg):</li>
</ol>
<pre><code> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]
"DisableMetaFiles"=dword:00000001
</code></pre>
<ol start="2">
<li>Run the registry script on the target machine with the following command from an administrator (on Vista, an elevated administrator) command prompt:
<code>Regedit.exe /s Disable_MetaFiles.reg</code></li>
<li>Restart the computer</li>
</ol>
<p><strong>How to undo the workaround</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize </code></li>
<li>On the <strong>Edit</strong> menu, click <strong>Modify</strong> to modify the DisableMetaFiles registry entry.</li>
<li>In the <strong>Value data</strong> box, type <strong>0</strong>, and then click <strong>OK</strong>.</li>
<li>Exit Registry Editor.</li>
<li>Restart the computer.</li>
</ol>
Mateusz Jurczyk of <a href="http://www.google.com/">Google Project Zero</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Windows Graphics Component Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>There are multiple ways an attacker could exploit the vulnerability:</p>
<ul>
<li>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</li>
<li>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince a user to open the document file.</li>
</ul>
<p>Note that for affected Microsoft Office products, the Preview Pane is an attack vector.</p>
<p>The security update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in the memory.</p>
Microsoft Graphics Component
CVE-2016-0170
10729
10735
10789
10788
10047
10048
10481
10482
10049
10378
10379
10483
10543
4393
9316
9312
10287
9311
9318
9344
10050
10051
10484
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10789
Remote Code Execution
10788
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Remote Code Execution
4393
Remote Code Execution
9316
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9311
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10050
Remote Code Execution
10051
Remote Code Execution
10484
Critical
10729
Critical
10735
Critical
10789
Critical
10788
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Critical
4393
Critical
9316
Critical
9312
Critical
10287
Critical
9311
Critical
9318
Critical
9344
Critical
10050
Critical
10051
Critical
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=68c2b288-f523-4a4f-ac26-6e8e3b6c98c7
3124001
10047
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10048
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=df9f88bc-761b-48c4-9731-025d89976f0b
3124001
10481
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10482
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10049
Security Update
3156013
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156013
3124001
10378
Security Update
3156013
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156013
3124001
10379
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10483
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=515d7942-8c90-4a35-968a-0afbc4e3652a
3124001
10543
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
4393
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9316
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
9312
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=b0d86f21-99a9-4a0b-85d9-80163f0f180c
3124001
10287
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=2ed462dd-221e-47f7-8a0b-e39489b73e5f
3124001
9311
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9318
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=12b51534-b269-431b-bd1e-e7be89f51104
3124001
9344
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=7628f07b-765d-4696-a925-cf9be6868bcb
3124001
10050
Security Update
3156013
https://www.microsoft.com/downloads/details.aspx?familyid=5c67b449-8516-46ee-ad6d-0ab523aa3cb3
3124001
10051
Security Update
3156013
3124001
10484
Security Update
<p><strong>Disable metafile processing</strong>
Customers using Windows Vista or Windows Server 2008 can disable metafile processing by modifying the registry. This setting will help protect the affected system from attempts to exploit this vulnerability.</p>
<p><strong>To modify the key by using Registry Editor, follow these steps:</strong>
<strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize</code></li>
<li>On the <strong>Edit</strong> menu, point to <strong>New</strong>, and then click <strong>DWORD</strong>.</li>
<li>Type <strong>DisableMetaFiles</strong>, and then press <strong>ENTER</strong>.</li>
<li>On the <strong>Edit</strong> menu, click <strong>Modify</strong> to modify the DisableMetaFiles registry entry.</li>
<li>In the <strong>Value</strong> data box, type <strong>1</strong>, and then click <strong>OK</strong>.</li>
<li>Exit Registry Editor.</li>
<li>Restart the computer.</li>
</ol>
<p><strong>Impact of workaround</strong>.
Turning off metafiles processing may cause the appearance of software or system components to decrease in quality. Turning off metafiles processing may also cause the software or system components to fail completely. This has been identified to have a potential significant functionality impact and should be evaluated and tested carefully to determine its applicability.</p>
<p>Examples include the following:</p>
<ul>
<li>You cannot print on the computer.</li>
<li>Some applications on the computer may be unable to display Clipart.</li>
<li>Some scenarios that involve OLE rendering may break.</li>
</ul>
<p><strong>To modify the key using a managed deployment script</strong>:</p>
<ol>
<li>Save the following to a file with a .REG extension (For example, Disable_MetaFiles.reg):</li>
</ol>
<pre><code> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]
"DisableMetaFiles"=dword:00000001
</code></pre>
<ol start="2">
<li>Run the registry script on the target machine with the following command from an administrator (on Vista, an elevated administrator) command prompt:
<code>Regedit.exe /s Disable_MetaFiles.reg</code></li>
<li>Restart the computer</li>
</ol>
<p><strong>How to undo the workaround</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>Regedit</strong> in the <strong>Open</strong> box, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize </code></li>
<li>On the <strong>Edit</strong> menu, click <strong>Modify</strong> to modify the DisableMetaFiles registry entry.</li>
<li>In the <strong>Value data</strong> box, type <strong>0</strong>, and then click <strong>OK</strong>.</li>
<li>Exit Registry Editor.</li>
<li>Restart the computer.</li>
</ol>
Mateusz Jurczyk of <a href="http://www.google.com/">Google Project Zero</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p>
Windows Kernel-Mode Drivers
CVE-2016-0171
10729
10735
10789
10788
10047
10048
10481
10482
10049
10378
10379
10483
10543
4393
9316
9312
10287
9311
9318
9344
10050
10051
10484
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
4393
Elevation of Privilege
9316
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9311
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10484
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=ae0c2184-6d16-4e43-8d56-7a8c32f9156e
3139852
10047
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10048
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=3c8098f4-cc5f-4fc8-bc50-dfbae0ec3630
3145739
10481
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10482
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10049
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10378
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10379
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10483
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10543
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
4393
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9316
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
9312
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
10287
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=90bba387-4e29-4c7a-b32f-5b31256d7287
3139852
9311
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9318
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9344
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=cda09e12-3592-4fda-988a-d2db9e5271ca
3139852
10050
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10051
Security Update
3153199
3145739
10484
Security Update
Nils Sommer of bytegeist, working with <a href="http://www.google.com/">Google Project Zero</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p>
Windows Kernel-Mode Drivers
CVE-2016-0173
10729
10735
10789
10788
10047
10048
10481
10482
10049
10378
10379
10483
10543
4393
9316
9312
10287
9311
9318
9344
10050
10051
10484
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
4393
Elevation of Privilege
9316
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9311
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10484
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=ae0c2184-6d16-4e43-8d56-7a8c32f9156e
3139852
10047
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10048
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=3c8098f4-cc5f-4fc8-bc50-dfbae0ec3630
3145739
10481
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10482
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10049
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10378
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10379
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10483
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10543
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
4393
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9316
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
9312
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
10287
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=90bba387-4e29-4c7a-b32f-5b31256d7287
3139852
9311
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9318
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9344
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=cda09e12-3592-4fda-988a-d2db9e5271ca
3139852
10050
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10051
Security Update
3153199
3145739
10484
Security Update
Nils Sommer of bytegeist, working with <a href="http://www.google.com/">Google Project Zero</a>
<a href="http://www.360.com/">Qihoo 360 Vulcan Team</a>, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p>
Windows Kernel-Mode Drivers
CVE-2016-0174
10729
10735
10789
10788
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9311
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
4393
Elevation of Privilege
9316
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=ae0c2184-6d16-4e43-8d56-7a8c32f9156e
3139852
10047
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10048
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=3c8098f4-cc5f-4fc8-bc50-dfbae0ec3630
3145739
10481
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10482
Security Update
3153199
3145739
10484
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
9312
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
10287
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=90bba387-4e29-4c7a-b32f-5b31256d7287
3139852
9311
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9318
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9344
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=cda09e12-3592-4fda-988a-d2db9e5271ca
3139852
10050
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10051
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10049
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10378
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10379
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10483
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10543
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
4393
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9316
Security Update
Liang Yin of Tencent PC Manager, working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative (ZDI)</a>
Anonymous working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Win32k Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.</p>
<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.</p>
Windows Kernel-Mode Drivers
CVE-2016-0175
10729
10735
10789
10788
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
Information Disclosure
10729
Information Disclosure
10735
Information Disclosure
10789
Information Disclosure
10788
Information Disclosure
10047
Information Disclosure
10048
Information Disclosure
10481
Information Disclosure
10482
Information Disclosure
10484
Information Disclosure
9312
Information Disclosure
10287
Information Disclosure
9311
Information Disclosure
9318
Information Disclosure
9344
Information Disclosure
10050
Information Disclosure
10051
Information Disclosure
10049
Information Disclosure
10378
Information Disclosure
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
4393
Information Disclosure
9316
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=ae0c2184-6d16-4e43-8d56-7a8c32f9156e
3139852
10047
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10048
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=3c8098f4-cc5f-4fc8-bc50-dfbae0ec3630
3145739
10481
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10482
Security Update
3153199
3145739
10484
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
9312
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
10287
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=90bba387-4e29-4c7a-b32f-5b31256d7287
3139852
9311
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9318
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9344
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=cda09e12-3592-4fda-988a-d2db9e5271ca
3139852
10050
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10051
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10049
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10378
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10379
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10483
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10543
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
4393
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9316
Security Update
Liang Yin of Tencent PC Manager, working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative (ZDI)</a>
Anonymous working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
DirectX Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses the vulnerability by correcting how DirectX handles objects in memory.</p>
Windows Kernel-Mode Drivers
CVE-2016-0176
10729
10735
10789
10788
10047
10048
10481
10482
10484
10050
10051
10049
10378
10379
10483
10543
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=dde0692a-c579-4f57-928d-0d7999b80926
2976897
10047
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=70e685a3-5639-495f-ba47-9e01bee7aea5
2976897
10048
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=de24c56f-a06f-4215-8374-08b55cb426be
10481
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=98542b3d-86aa-4c87-8ed5-dc8e80f5537d
10482
Security Update
3156017
10484
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=3f52800b-74ea-4208-a780-95065b8dface
2976897
10050
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=70e685a3-5639-495f-ba47-9e01bee7aea5
2976897
10051
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=70e685a3-5639-495f-ba47-9e01bee7aea5
2976897
10049
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=c1001d97-3ac9-45ea-9669-8d39d8eca6d3
2976897
10378
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=c1001d97-3ac9-45ea-9669-8d39d8eca6d3
2976897
10379
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=98542b3d-86aa-4c87-8ed5-dc8e80f5537d
10483
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=98542b3d-86aa-4c87-8ed5-dc8e80f5537d
10543
Security Update
Peter Hlavaty and Daniel King of Tencent KeenLab, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a>
Anonymous working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
RPC Network Data Representation Engine Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in the way Microsoft Windows handles specially crafted <a href="https://technet.microsoft.com/en-us/library/security/dn848375.aspx#RPC">Remote Procedure Call (RPC)</a> requests. The remote code execution can occur when the <a href="https://technet.microsoft.com/en-us/library/security/dn848375.aspx#RPCNDR">RPC Network Data Representation (NDR) Engine</a> improperly frees memory. An authenticated attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An authenticated attacker could exploit the vulnerability by making malformed RPC requests to an affected host.</p>
<p>The update addresses this vulnerability by modifying the way that Microsoft Windows handles RPC messages.</p>
<p><strong>Why is security update 3153171 in this bulletin also denoted in MS16-060?</strong>
Security update 3153171 is also denoted in <a href="http://go.microsoft.com/fwlink/?LinkId=785239">MS16-060</a> for supported releases of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, due to the way fixes for vulnerabilities affecting particular products are consolidated. Because bulletins are broken out by the vulnerabilities being addressed, not by the update package being released, it is possible for separate bulletins, each addressing distinctly different vulnerabilities, to list the same update package as the vehicle for providing their respective fixes. This is frequently the case with cumulative updates for products, such as Internet Explorer or Silverlight, where singular security updates address different security vulnerabilities in separate bulletins.</p>
<p><strong>Note</strong>: Users do not need to install identical security updates that ship with multiple bulletins more than once.</p>
Microsoft RPC
CVE-2016-0178
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
10729
10735
10789
10788
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9311
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10050
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Remote Code Execution
4393
Remote Code Execution
9316
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10789
Remote Code Execution
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Important
10729
Important
10735
Important
10789
Important
10788
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=5bf172a4-4f9d-4122-9969-90779541bac8
3140410
10047
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee
3140410
10048
Security Update
3153704
https://www.microsoft.com/downloads/details.aspx?familyid=96f87af7-2b0e-4097-947f-ce92811156ed
2978668
10481
Security Update
3153704
https://www.microsoft.com/downloads/details.aspx?familyid=28ba3208-63ff-4fb0-a7ac-1824e61103fd
2978668
10482
Security Update
3153704
2978668
10484
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc
3140410
9312
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc
3140410
10287
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=8694426f-77bd-45b3-bc42-4bd6430c419e
3140410
9311
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805
3140410
9318
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805
3140410
9344
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cf9271ed-5fba-49b0-be70-2472b91cee3e
3140410
10050
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee
3140410
10051
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee
3140410
10049
Security Update
3153704
https://www.microsoft.com/downloads/details.aspx?familyid=0ee3d606-3b09-47d8-abcf-4c927654a594
2978668
10378
Security Update
3153704
https://www.microsoft.com/downloads/details.aspx?familyid=0ee3d606-3b09-47d8-abcf-4c927654a594
2978668
10379
Security Update
3153704
https://www.microsoft.com/downloads/details.aspx?familyid=28ba3208-63ff-4fb0-a7ac-1824e61103fd
2978668
10483
Security Update
3153704
https://www.microsoft.com/downloads/details.aspx?familyid=28ba3208-63ff-4fb0-a7ac-1824e61103fd
2978668
10543
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc
3140410
4393
Security Update
3153171
https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805
3140410
9316
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
Evgeny Kotkov and Ivan Zhakov of <a href="https://www.visualsvn.com/">VisualSVN</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-05-11T07:00:00Z
<p>Bulletin revised to change the vulnerability impact from elevation of privilege to remote code execution, and the title of CVE 2016-0178 to RPC Network Data Representation Engine Remote Code Execution Vulnerability. This is an informational change only.</p>
Windows Shell Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>In a web-based attack scenario, an attacker could host a website used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes them to the attacker's site.</p>
<p>The security update fixes this vulnerability by correcting how Windows Shell handles objects in memory.</p>
Windows Shell
CVE-2016-0179
10729
10735
10789
10788
10481
10482
10484
10483
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10789
Remote Code Execution
10788
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
10483
Critical
10729
Critical
10735
Critical
10789
Critical
10788
Critical
10481
Critical
10482
Critical
10484
Critical
10483
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3156059
https://www.microsoft.com/downloads/details.aspx?familyid=8d4da76b-9d62-4b0e-9588-c0a98c443d31
10481
Security Update
3156059
https://www.microsoft.com/downloads/details.aspx?familyid=5215857e-0649-4934-9ac1-efd4febe01d3
10482
Security Update
3156059
10484
Security Update
3156059
https://www.microsoft.com/downloads/details.aspx?familyid=5215857e-0649-4934-9ac1-efd4febe01d3
10483
Security Update
Shi Ji (@Puzzor) of <a href="http://www.iie.ac.cn/">VARAS@IIE</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Hypervisor Code Integrity Security Feature Bypass
<p>A security feature bypass vulnerability exists when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with <a href="https://technet.microsoft.com/en-us/library/security/dn848375.aspx#HVCI">Hypervisor Code Integrity (HVCI)</a> enabled.</p>
<p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass code integrity protections in Windows.</p>
<p>The security update addresses the vulnerability by correcting security feature behavior to preclude the incorrect marking of RWX pages under HVCI.</p>
Virtual Secure Mode
CVE-2016-0181
10729
10735
10789
10788
Security Feature Bypass
10729
Security Feature Bypass
10735
Security Feature Bypass
10789
Security Feature Bypass
10788
Important
10729
Important
10735
Important
10789
Important
10788
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
Rafal Wojtczuk of <a href="http://www.bromium.com/">Bromium</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Windows Journal Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>For an attack to be successful, this vulnerability requires that a user open a specially crafted Journal file with an affected version of Windows Journal. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Journal file to the user and then convincing the user to open the file.</p>
<p>The update addresses the vulnerability by modifying how Windows Journal parses Journal files.</p>
Windows Journal
CVE-2016-0182
10729
10735
10789
10788
10047
10048
10481
10482
4393
9316
10484
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10789
Remote Code Execution
10788
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
4393
Remote Code Execution
9316
Remote Code Execution
10484
Critical
10729
Critical
10735
Critical
10789
Critical
10788
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
4393
Critical
9316
Critical
10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3155178
https://www.microsoft.com/downloads/details.aspx?familyid=04531128-2a38-4b9f-b63a-a368fc789f0a
10047
Security Update
3155178
https://www.microsoft.com/downloads/details.aspx?familyid=44d46d9c-15be-4d89-9328-0c69eebe6eef
10048
Security Update
3155178
https://www.microsoft.com/downloads/details.aspx?familyid=71f0cfd3-5f77-4f74-9659-ea14283f0845
10481
Security Update
3155178
https://www.microsoft.com/downloads/details.aspx?familyid=3cfe2d76-a1dc-4665-9404-4e240e54b0c5
10482
Security Update
3155178
https://www.microsoft.com/downloads/details.aspx?familyid=cdd0425e-7697-4c30-8805-8759a6f31733
4393
Security Update
3155178
https://www.microsoft.com/downloads/details.aspx?familyid=93d28098-0dc3-46ae-8041-48c2009d4f36
9316
Security Update
3155178
10484
Security Update
<p><strong>Do not open suspicious file attachments</strong>
Do not open Windows Journal (.jnt) files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.</p>
<p><strong>On Windows Vista or Windows 7:</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Control Panel</strong> and then click <strong>Programs</strong>.</li>
<li>Click <strong>Turn Windows Features on or off</strong>.</li>
<li>Uncheck <strong>Tablet PC Components (Tablet PC Optional Components on Windows Vista Systems)</strong>.</li>
<li>Click <strong>OK</strong>.</li>
</ol>
<p><strong>Impact of workaround</strong>.<br />
Users will be unable to use Windows Journal or other Tablet PC Components.</p>
<p><strong>Note</strong> Windows 8.1 does not provide a mechanism to disable Windows Journal.</p>
<p><strong>How to undo the workaround.</strong></p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Control Panel</strong> and then click <strong>Programs</strong>.</li>
<li>Click <strong>Turn Windows Features on or off</strong>.</li>
<li>Check <strong>Tablet PC Components (Tablet PC Optional Components on Windows Vista Systems)</strong>.</li>
<li>Click <strong>OK</strong>.</li>
</ol>
<p><strong>Remove the .jnt file type association</strong>
<strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.</p>
<p><strong>Interactive Method:</strong>
To remove the .jnt file type association using the interactive method, follow these steps:</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>regedit</strong>, and then click <strong>OK</strong>.</li>
<li>Expand <strong>HKEY_CLASSES_ROOT</strong>, click <strong>jntfile</strong>, and then click the <strong>File</strong> menu and select <strong>Export</strong>.</li>
<li>In the <strong>Export Registry File</strong> dialog box, type <strong>jntfile HKCR file association registry backup.reg</strong> and click <strong>Save</strong>. This will create a backup of this registry key in the My Documents folder by default.</li>
<li>Press the <strong>Delete</strong> key on the keyboard to delete the registry key. When prompted to delete the registry value, click <strong>Yes</strong>.</li>
<li>Expand <strong>HKEY_CURRENT_USER</strong>, then <strong>Software</strong>, then <strong>Microsoft</strong>, then <strong>Windows</strong>, then <strong>CurrentVersion</strong>, then <strong>Explorer</strong>, and then <strong>FileExts</strong>.</li>
<li>Click <strong>.jnt</strong> and then click the <strong>File</strong> menu and select <strong>Export</strong>.</li>
<li>In the <strong>Export Registry File</strong> dialog box, type <strong>.jnt HKCU file association registry backup.reg</strong> and then click <strong>Save</strong>. This will create a backup of this registry key in the My Documents folder by default.</li>
<li>Press the <strong>Delete</strong> key on the keyboard to delete the registry key. When prompted to delete the registry value, click <strong>Yes</strong>.</li>
</ol>
<p><strong>Using a Managed Script:</strong>
To remove the .jnt file type association using an interactive, managed script, follow these steps:</p>
<ol>
<li>Make a backup copy of the registry keys using a managed deployment script with the following commands:</li>
</ol>
<pre><code> Regedit.exe /e jntfile_HKCR_registry_backup.reg HKEY_CLASSES_ROOT\jntfile
Regedit.exe /e jnt_HKCU_registry_backup.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jnt
</code></pre>
<ol start="2">
<li>Save the following to a file with a .reg extension (e.g., Delete_jnt_file_association.reg):</li>
</ol>
<pre><code> [-HKEY_CLASSES_ROOT\jntfile]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jnt]
</code></pre>
<ol start="3">
<li>Run the above registry script created in step 2 on the target machine with the following command:
<code>Regedit.exe /s Delete_jnt_file_association.reg</code></li>
</ol>
<p><strong>Impact of workaround.</strong>
Double-clicking a .jnt file will no longer launch journal.exe.</p>
<p><strong>How to undo the workaround</strong>:
Restore the registry key by using Registry Editor to restore the settings saved in the .REG files.</p>
<p><strong>Remove Windows Journal by disabling the Windows feature that installs it</strong>
On Windows Vista and Windows 7 systems, follow these steps:</p>
<ol>
<li>Click Start, click Control Panel, and then click Programs.</li>
<li>Click Turn Windows Features on or off and then clear the check box for either Tablet PC Optional Components (Windows Vista systems) or Tablet PC Components (Windows 7 systems).</li>
<li>Click OK.</li>
</ol>
<p><strong>Impact of workaround</strong>.
Windows Journal is removed from the system.</p>
<p><strong>How to undo the workaround</strong>:
To reinstall Windows Journal on Windows Vista or Windows 7 systems, follow these steps:</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Control Pane</strong>l, and then click <strong>Programs</strong>.</li>
<li>Click <strong>Turn Windows Features on or off</strong> and then select the check box for either <strong>Tablet PC Optional Components</strong> (Windows Vista systems) or <strong>Tablet PC Components</strong> (Windows 7 systems).</li>
<li>Click <strong>OK</strong>.</li>
</ol>
<p><strong>Deny access to Journal.exe</strong>
To deny access to Journal.exe, enter the following commands at an administrative command prompt:</p>
<pre><code> takeown.exe /f "%ProgramFiles%\Windows Journal\Journal.exe"
icacls.exe "%ProgramFiles%\Windows Journal\Journal.exe" /deny everyone:(F)
</code></pre>
<p><strong>Impact of workaround</strong>.
Windows Journal becomes inaccessible.</p>
<p><strong>How to undo the workaround:</strong>
To reinstate access to Journal.exe, enter the following commands at an administrative command prompt:
<code>icacls.exe "%ProgramFiles%\Windows Journal\Journal.exe" /remove:d everyone</code></p>
Bingchang Liu of <a href="http://www.iie.ac.cn/">VARAS@IIE</a>
Jason Kratzer, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Microsoft Office Graphics Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>There are multiple ways an attacker could exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability and then convince a user to view the website. An attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by getting the user to click a link in an email or instant message that takes the user to the attacker's website, or by opening an attachment sent through email.</p>
<p>In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince a user to open the document file.</p>
<p>Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.</p>
<p>The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.</p>
<p><strong>I have Microsoft Word 2010 installed. Why am I not being offered the 3115121 update?</strong>
The 3115121 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.</p>
<p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong>
When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p>
<p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.
For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p>
Microsoft Office
CVE-2016-0183
1160
10150
10521
10522
4497
10525
10162
10513
10514
9432-10495
Remote Code Execution
1160
Remote Code Execution
10150
Remote Code Execution
10521
Remote Code Execution
10522
Remote Code Execution
4497
Remote Code Execution
10525
Remote Code Execution
10162
Remote Code Execution
10513
Remote Code Execution
10514
Remote Code Execution
9432-10495
Critical
1160
Critical
10150
Critical
10521
Critical
10522
Critical
4497
Critical
10525
Critical
10162
Critical
10513
Critical
10514
Critical
9432-10495
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely
3115480
https://www.microsoft.com/downloads/details.aspx?familyid=cd87f679-d48b-43c3-8633-3000be6d2ed6
3115393
1160
Maybe
Security Update
3115479
https://www.microsoft.com/downloads/details.aspx?familyid=c1b3b442-ae5a-457a-8071-c8b5c5de7300
3115395
1160
Maybe
Security Update
3114893
https://www.microsoft.com/downloads/details.aspx?familyid=906af6d4-1c36-412a-a6ec-eb1386ed4039
3114742
10150
Maybe
Security Update
3115121
https://www.microsoft.com/downloads/details.aspx?familyid=755d5fdf-b538-4b38-9b8e-bca883a8dcff
3114990
10521
Maybe
Security Update
3115121
https://www.microsoft.com/downloads/details.aspx?familyid=b87e9357-e882-49a6-aaf8-6b17f8ea3e93
3114990
10522
Maybe
Security Update
3115464
https://www.microsoft.com/downloads/details.aspx?familyid=b80d14eb-7f3f-4a5c-b225-f869206ddaae
3115309
4497
Maybe
Security Update
3115124
https://www.microsoft.com/downloads/details.aspx?familyid=c56a4fc1-baa1-45df-905e-826845c2976d
3114994
10525
Maybe
Security Update
3115465
https://www.microsoft.com/downloads/details.aspx?familyid=af8ed0c8-e9f6-4011-92a7-0cdb2bd202aa
3115311
10162
Maybe
Security Update
3115123
https://www.microsoft.com/downloads/details.aspx?familyid=37f75e69-8d92-4c5c-abc2-62374aefe596
3114993
10513
Maybe
Security Update
3115123
https://www.microsoft.com/downloads/details.aspx?familyid=164dabd4-7638-4c9d-ae88-5eaa801139c4
3114993
10514
Maybe
Security Update
3115117
https://www.microsoft.com/downloads/details.aspx?familyid=23bb75c9-b0d6-4f6e-9f03-e570c5687663
3114988
9432-10495
Maybe
Security Update
<p><strong>Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources.</strong>
<strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.</p>
<p><strong>For Office 2007</strong></p>
<ol>
<li>Run <strong>regedit.exe</strong> as Administrator and navigate to the following subkey:
<code>[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] </code></li>
<li>Set the <strong>RtfFiles</strong> DWORD value to <strong>1</strong>.
<strong>Note</strong> To use 'FileOpenBlock' with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied.</li>
</ol>
<p><strong>For Office 2010</strong></p>
<ol>
<li>Run <strong>regedit.exe</strong> as Administrator and navigate to the following subkey:
<code>[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock]</code></li>
<li>Set the RtfFiles DWORD value to <strong>2</strong>.</li>
<li>Set the OpenInProtectedView DWORD value to <strong>0</strong>.</li>
</ol>
<p><strong>For Office 2013</strong></p>
<ol>
<li>Run <strong>regedit.exe</strong> as Administrator and navigate to the following subkey:
<code>[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]</code></li>
<li>Set the <strong>RtfFiles</strong> DWORD value to <strong>2</strong>.</li>
<li>Set the OpenInProtectedView DWORD value to** 0**.</li>
</ol>
<p><strong>Impact of Workaround</strong>.
Users who have configured the File Block policy and have not configured a special “exempt directory” as discussed in <a href="https://support.microsoft.com/kb/922849">Microsoft Knowledge Base Article 922849</a> will be unable to open documents saved in the RTF format.</p>
<p><strong>How to undo the workaround</strong>
<strong>For Office 2007</strong></p>
<ol>
<li>Run <strong>regedit.exe</strong> as Administrator and navigate to the following subkey:
<code>[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] </code></li>
<li>Set the <strong>RtfFiles</strong> DWORD value to <strong>0</strong>.</li>
</ol>
<p><strong>For Office 2010</strong></p>
<ol>
<li>Run <strong>regedit.exe</strong> as Administrator and navigate to the following subkey:
<code>[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock] </code></li>
<li>Set the <strong>RtfFiles</strong> DWORD value to <strong>0</strong>.</li>
<li>Leave the <strong>OpenInProtectedView</strong> DWORD value set to <strong>0</strong>.</li>
</ol>
<p><strong>For Office 2013</strong></p>
<ol>
<li>Run <strong>regedit.exe</strong> as Administrator and navigate to the following subkey:
<code>[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock]</code></li>
<li>Set the <strong>RtfFiles</strong> DWORD value to <strong>0</strong>.</li>
<li>Leave the <strong>OpenInProtectedView</strong> DWORD value set to <strong>0</strong>.</li>
</ol>
<p><strong>Prevent Word from loading RTF files</strong>
<strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.</p>
<p><strong>Interactive managed script method</strong>
**For Word 2007 **</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, in the <strong>Open</strong> box, type <strong>regedit</strong>, and then click <strong>OK</strong>.</li>
<li>Locate and then click the following registry subkey:
<code>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock </code>
Note that if the <strong>FileOpenBlock</strong> subkey does not exist, you must create it. To do this, follow these steps:
<ol>
<li>Select the <strong>Security</strong> subkey.</li>
<li>On the <strong>Edit</strong> menu, point to <strong>New</strong>, and then click <strong>Key</strong>.</li>
<li>Type <strong>FileOpenBlock</strong>, and then press <strong>Enter</strong>.</li>
</ol>
</li>
<li>After you select the <strong>FileOpenBlock</strong> subkey, locate the DWORD value <strong>RtfFiles</strong>.
Note that if this value does not exist, you must create it. To do this, follow these steps:
<ol>
<li>On the <strong>Edit</strong> menu, point to <strong>New</strong>, and then click <strong>DWORD</strong> value.</li>
<li>Type <strong>RtfFiles</strong> and then press <strong>Enter</strong>.</li>
<li>Right-click <strong>RtfFiles</strong> and then click <strong>Modify</strong>.</li>
<li>In the <strong>Value</strong> data box, type <strong>1</strong>, and then click <strong>OK</strong>.</li>
<li>On the <strong>File</strong> menu, click <strong>Exit</strong> to exit Registry Editor.</li>
</ol>
</li>
</ol>
<p><strong>Managed deployment script method</strong>
**For Word 2007 **</p>
<ol>
<li>Save the following to a file with a .reg extension (For example Disable_RTF_In_Word.reg):</li>
</ol>
<pre><code> [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock]
"RtfFiles"=dword:00000001
</code></pre>
<ol start="2">
<li>Run the above registry script created in step 1 on the target machine with the following command from an administrator command prompt:
<strong>Regedit / s Disable_RTF_In_Word.reg</strong>
<strong>Note</strong> RTF files will not be readable by Word.</li>
</ol>
Lucas Leong of <a href="http://www.trend.com/">Trend Micro</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-05-25T07:00:00Z
<p>Corrected the updates replaced for Microsoft Office 2013 to 3114486 in MS16-004, and for CVE-2016-0183, clarified that the Preview Pane is an attack vector for this vulnerability. These are informational changes only.</p>
2.0
2016-08-09T07:00:00Z
<p>Bulletin revised to inform customers of additional security updates for Microsoft Office 2007 (3114893), Microsoft Word 2007 Service Pack 3 (3115465), Microsoft Office Compatibility Pack Service Pack 3 (3115464), Microsoft Word Viewer (3115480), and Microsoft Word Viewer (3115479). The updates add to the original release to comprehensively address CVE-2016-0183. Microsoft recommends that customers running this affected software install the security updates to be fully protected from the vulnerabilities described in this bulletin. Customers running all other affected software who already successfully installed the updates from the original release do not need to take any action. See the Microsoft Knowledge Base Article on each respective update for more information and download links.</p>
Direct3D Use After Free RCE Vulnerability
<p>A remote code execution vulnerability exists when the Windows GDI component fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>There are multiple ways an attacker could exploit the vulnerability:</p>
<ul>
<li>In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website or by opening an attachment sent through email.</li>
<li>In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince a user to open the document file.</li>
</ul>
<p>The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in the memory.</p>
Microsoft Graphics Component
CVE-2016-0184
10729
10735
10789
10788
10047
10048
10481
10482
10484
9312
10287
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10789
Remote Code Execution
10788
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10050
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Remote Code Execution
4393
Remote Code Execution
9316
Critical
10729
Critical
10735
Critical
10789
Critical
10788
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9318
Critical
9344
Critical
10050
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Critical
4393
Critical
9316
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=9c73b167-8538-495e-bd5d-f88068cfebbe
10047
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=1e6db469-4ae3-4447-8f3b-b01fffb22240
10048
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=4925a953-fa2b-4b7e-8f20-0681fd8e4130
10481
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=2db14973-f73a-4639-93ab-b532aaf95b33
10482
Security Update
3156016
10484
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=a9741830-2352-4a9e-bdf8-0426b0dd394b
9312
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=a9741830-2352-4a9e-bdf8-0426b0dd394b
10287
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=02eea677-b566-4816-88dd-c8cda16c9d77
9318
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=02eea677-b566-4816-88dd-c8cda16c9d77
9344
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=731272e4-6fbd-4f8d-8e43-826033b77157
10050
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=1e6db469-4ae3-4447-8f3b-b01fffb22240
10051
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=1e6db469-4ae3-4447-8f3b-b01fffb22240
10049
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=8b461bed-5b9f-492f-bd71-1a29b4cf29b4
10378
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=8b461bed-5b9f-492f-bd71-1a29b4cf29b4
10379
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=2db14973-f73a-4639-93ab-b532aaf95b33
10483
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=2db14973-f73a-4639-93ab-b532aaf95b33
10543
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=a9741830-2352-4a9e-bdf8-0426b0dd394b
4393
Security Update
3156016
https://www.microsoft.com/downloads/details.aspx?familyid=02eea677-b566-4816-88dd-c8cda16c9d77
9316
Security Update
Henry Li (zenhumany) of <a href="http://www.trendmicro.com/">Trend Micro</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Windows Media Center Remote Code Execution Vulnerability
<p>A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Workstations are primarily at risk of this vulnerability.</p>
<p>To exploit the vulnerability, user interaction is required. In a web-browsing scenario, a user would have to navigate to a compromised website that an attacker is using to host a malicious .mcl file. In an email attack scenario, an attacker would have to convince a user who is logged on to a vulnerable workstation to click a specially crafted link in an email.</p>
<p>The security update addresses the vulnerability by correcting how Windows Media Center handles certain resources in the .mcl file.</p>
Windows Media
CVE-2016-0185
4393
9316
10047
10048
10481
10482
Remote Code Execution
4393
Remote Code Execution
9316
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Important
4393
Important
9316
Important
10047
Important
10048
Important
10481
Important
10482
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely
3150220
https://www.microsoft.com/downloads/details.aspx?familyid=8206f431-c2f4-4c4b-971c-f185a5f88673
3108669
4393
Security Update
3150220
https://www.microsoft.com/downloads/details.aspx?familyid=b939f8c1-b282-4534-a833-2e77fb08378e
3108669
9316
Security Update
3150220
https://www.microsoft.com/downloads/details.aspx?familyid=a8927a54-1bd8-4e7f-9811-aa43be7be4f2
3108669
10047
Security Update
3150220
https://www.microsoft.com/downloads/details.aspx?familyid=e52f373e-369d-4347-b304-1dfd74c86749
3108669
10048
Security Update
3150220
https://www.microsoft.com/downloads/details.aspx?familyid=d8e79aa9-b405-4a18-a101-806049ca6cbe
3108669
10481
Security Update
3150220
https://www.microsoft.com/downloads/details.aspx?familyid=18cdf435-a1f5-4d5d-9e63-f2de7d910d85
3108669
10482
Security Update
<p><strong>Remove the MCL file association</strong></p>
<p><strong>To use the interactive method</strong>:
<strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.</p>
<ol>
<li>Click <strong>Start</strong>, click <strong>Run</strong>, type <strong>regedit</strong>, and then click <strong>OK</strong>.</li>
<li>Expand <strong>HKEY_CLASSES_ROOT</strong>, click .<strong>MCL</strong>, and then click the <strong>File</strong> menu and select <strong>Export</strong>.</li>
<li>In the <strong>Export Registry File</strong> dialog box, type <strong>MCL HKCR file association registry backup.reg</strong> and click <strong>Save</strong>. This will create a backup of this registry key in the My Documents folder by default.</li>
<li>Press the <strong>Delete</strong> key to delete the registry key. When prompted to delete the registry value, click <strong>Yes</strong>.</li>
<li>Expand <strong>HKEY_CURRENT_USER</strong>, then <strong>Software</strong>, then <strong>Microsoft</strong>, then <strong>Windows</strong>, then <strong>CurrentVersion</strong>, then <strong>Explorer</strong>, and then <strong>FileExts</strong>.</li>
<li>Click <strong>.MCL</strong>, and then click the <strong>File</strong> menu and select <strong>Export</strong>.</li>
<li>In the <strong>Export Registry File</strong> dialog box, type <strong>MCL HKCU file association registry backup.reg</strong> and click <strong>Save</strong>. This will create a backup of this registry key in the My Documents folder by default.</li>
<li>Press the <strong>Delete</strong> key to delete the registry key. When prompted to delete the registry value, click <strong>Yes</strong>.</li>
</ol>
<p><strong>To use the managed deployment script method:</strong></p>
<ol>
<li>Make a backup copy of the registry keys from a managed deployment script using the following commands:</li>
</ol>
<pre><code> Regedit.exe /e MCL_HKCR_registry_backup.reg HKEY_CLASSES_ROOT\.MCL
Regedit.exe /e MCL_HKCU_registry_backup.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MCL
</code></pre>
<ol start="2">
<li>Save the following to a file with a .reg extension (for example, Delete_MCL_file_association.reg):</li>
</ol>
<pre><code> [-HKEY_CLASSES_ROOT\.MCL]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
FileExts\.MCL]
</code></pre>
<ol start="3">
<li>Run the registry script that you created in Step 2 on the target machine using the following command:
<code>Regedit.exe /s Delete_EXTENSION_file_association.reg</code></li>
</ol>
<p><strong>How to undo the workaround</strong>.</p>
<ol>
<li>Restore the registry key by using Regedit to restore the settings saved in the .REG file.</li>
</ol>
Eduardo Braun Prado, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Scripting Engine Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p>
<p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p>
Microsoft Edge
CVE-2016-0186
10724-10729
10724-10735
10724-10789
10724-10788
Remote Code Execution
10724-10729
Remote Code Execution
10724-10735
Remote Code Execution
10724-10789
Remote Code Execution
10724-10788
Critical
10724-10729
Critical
10724-10735
Critical
10724-10789
Critical
10724-10788
Publicly Disclosed:No;Exploited:No
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10788
Maybe
Security Update
Brian Pak (cai) from Theori and Simon Zuckerbraun, working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative (ZDI)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Scripting Engine Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p>
<p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p>
<p><strong>For my particular system and Internet Explorer configuration, which update addresses the vulnerabilities discussed in CVE-2016-0187 or CVE-2016-0189?</strong>
CVE-2016-0187 and CVE-2016-0189 are vulnerabilities in the JScript and VBScript engines. Although the attack vector is through Internet Explorer, the vulnerabilities are addressed by the updates released in this bulletin (MS16-051) for systems running Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. For Internet Explorer 7 and earlier, the vulnerabilities are addressed by the updates described in <a href="http://go.microsoft.com/fwlink/?LinkId=786478">MS16-053</a>.</p>
<p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong>
Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as En<a href="https://technet.microsoft.com/library/dd883248">hanced Security Configuration</a>. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p>
<p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong>
Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p>
<p>For more information about EMET, see the<a href="https://technet.microsoft.com/security/jj653751"> Enhanced Mitigation Experience Toolkit</a>.</p>
<p><strong>Why do I see both JScript.dll and VBScript.dll in the packages for this cumulative security update?</strong>
This security update ships as a cumulative update for the JScript and VBScript scripting engines. While both engines are included in this release, the components affected by the security fixes covered by this bulletin are listed above in the section <strong>Affected Software</strong>.</p>
<p><strong>How do I determine which versions of JScript and VBScript scripting engines are installed on my system?</strong>
The JScript and VBScript scripting engines are installed with supported releases of Microsoft Windows. In addition, installing a newer version of Internet Explorer on a system can change the versions of the JScript and VBScript scripting engines that are installed.</p>
<p>To determine which versions of the JScript or VBScript scripting engines are installed on your system, perform the following steps:</p>
<ol>
<li>Open Windows Explorer.</li>
<li>Navigate to the <strong>%systemroot%\system32</strong> directory.</li>
<li>For VBScript, right-click <strong>vbscript.dll</strong>, select <strong>Properties</strong>, and then click the <strong>Details</strong> tab.</li>
<li>For JScript, right-click <strong>jscript.dll</strong>, select Properties, and then click the <strong>Details</strong> tab.</li>
</ol>
<p>The version number is listed in the <strong>File Version</strong> field. If your file version starts with 5.8, for example 5.8.7600.16385, then VBScript 5.8 is installed on your system.</p>
<p><strong>Once I know the versions of the JScript or VBScript scripting engine installed on my system, where do I get the update?</strong>
The affected software in this bulletin apply to systems without Internet Explorer installed and to systems with Internet Explorer 7 or earlier versions installed. Customers with systems running Internet Explorer 8 or later should apply the Internet Explorer Cumulative Update (<a href="http://go.microsoft.com/fwlink/?LinkId=785873">MS16-051</a>), which also addresses the vulnerabilities discussed in this bulletin.</p>
Internet Explorer
CVE-2016-0187
10049
10555-10378
10486-10729
10486-10735
10486-10789
10486-10788
10336-9316
10336-4393
10336-9312
10336-9318
10486-10481
10486-10482
10486-10483
10486-10484
10486-10047
10486-10048
10486-10051
Remote Code Execution
10049
Remote Code Execution
10555-10378
Remote Code Execution
10486-10729
Remote Code Execution
10486-10735
Remote Code Execution
10486-10789
Remote Code Execution
10486-10788
Remote Code Execution
10336-9316
Remote Code Execution
10336-4393
Remote Code Execution
10336-9312
Remote Code Execution
10336-9318
Remote Code Execution
10486-10481
Remote Code Execution
10486-10482
Remote Code Execution
10486-10483
Remote Code Execution
10486-10484
Remote Code Execution
10486-10047
Remote Code Execution
10486-10048
Remote Code Execution
10486-10051
Moderate
10049
Moderate
10555-10378
Critical
10486-10729
Critical
10486-10735
Critical
10486-10789
Critical
10486-10788
Critical
10336-9316
Critical
10336-4393
Moderate
10336-9312
Moderate
10336-9318
Critical
10486-10481
Critical
10486-10482
Moderate
10486-10483
Critical
10486-10484
Critical
10486-10047
Critical
10486-10048
Moderate
10486-10051
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3155413
https://www.microsoft.com/downloads/details.aspx?familyid=2610643b-0a4f-4b2b-8b99-7038c10ce5cb
3124625
10049
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10555-10378
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10788
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=00a3db9b-4389-4425-b375-2a918a500f6a
3148198
10336-9316
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10336-4393
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10336-9312
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=00a3db9b-4389-4425-b375-2a918a500f6a
3148198
10336-9318
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10481
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10482
Maybe
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10483
Security Update
3154070
3148198
10486-10484
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=6d7f5881-b9a7-4469-9cab-5182296765de
3148198
10486-10047
Maybe
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10048
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10051
Security Update
<p><strong>Restrict access to VBScript.dll and JScript.dll</strong>
For 32-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> takeown /f %windir%\system32\vbscript.dll
cacls %windir%\system32\vbscript.dll /E /P everyone:N
cacls %windir%\system32\jscript.dll /E /P everyone:N
</code></pre>
<p>For 64-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> takeown /f %windir%\syswow64\vbscript.dll
cacls %windir%\syswow64\vbscript.dll /E /P everyone:N
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
</code></pre>
<p><strong>Impact of Workaround</strong>.
Websites that use VBScript or JScript may not work properly.</p>
<p><strong>How to undo the workaround</strong>.
For 32-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> cacls %windir%\system32\vbscript.dll /E /R everyone
cacls %windir%\system32\jscript.dll /E /R everyone
</code></pre>
<p>For 64-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> cacls %windir%\syswow64\vbscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone
</code></pre>
<a href="https://twitter.com/4b5f5f4b">Kai Kang (@4B5F5F4B)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Internet Explorer Security Feature Bypass Vulnerability
<p>A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies.</p>
<p>To exploit the vulnerability, a user could either visit a malicious website or an attacker with access to the system could run a specially crafted application. An attacker could then leverage the vulnerability to run unsigned malicious code as though it were signed by a trusted source.</p>
<p>The update addresses the vulnerability by correcting how Internet Explorer validates UMCI policies.</p>
<p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong>
Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p>
<p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong>
Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p>
<p>For more information about EMET, see the <a href="https://technet.microsoft.com/security/jj653751">Enhanced Mitigation Experience Toolkit</a>.</p>
Internet Explorer
CVE-2016-0188
10486-10729
10486-10735
Security Feature Bypass
10486-10729
Security Feature Bypass
10486-10735
Important
10486-10729
Important
10486-10735
Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:N/A
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10735
Security Update
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Scripting Engine Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p>
<p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p>
<p><strong>For my particular system and Internet Explorer configuration, which update addresses the vulnerabilities discussed in CVE-2016-0187 or CVE-2016-0189?</strong>
CVE-2016-0187 and CVE-2016-0189 are vulnerabilities in the JScript and VBScript engines. Although the attack vector is through Internet Explorer, the vulnerabilities are addressed by the updates released in this bulletin (MS16-051) for systems running Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. For Internet Explorer 7 and earlier, the vulnerabilities are addressed by the updates described in <a href="http://go.microsoft.com/fwlink/?LinkId=786478">MS16-053</a>.</p>
<p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong>
Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as En<a href="https://technet.microsoft.com/library/dd883248">hanced Security Configuration</a>. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p>
<p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong>
Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p>
<p>For more information about EMET, see the<a href="https://technet.microsoft.com/security/jj653751"> Enhanced Mitigation Experience Toolkit</a>.</p>
<p><strong>Why do I see both JScript.dll and VBScript.dll in the packages for this cumulative security update?</strong>
This security update ships as a cumulative update for the JScript and VBScript scripting engines. While both engines are included in this release, the components affected by the security fixes covered by this bulletin are listed above in the section <strong>Affected Software</strong>.</p>
<p><strong>How do I determine which versions of JScript and VBScript scripting engines are installed on my system?</strong>
The JScript and VBScript scripting engines are installed with supported releases of Microsoft Windows. In addition, installing a newer version of Internet Explorer on a system can change the versions of the JScript and VBScript scripting engines that are installed.</p>
<p>To determine which versions of the JScript or VBScript scripting engines are installed on your system, perform the following steps:</p>
<ol>
<li>Open Windows Explorer.</li>
<li>Navigate to the <strong>%systemroot%\system32</strong> directory.</li>
<li>For VBScript, right-click <strong>vbscript.dll</strong>, select <strong>Properties</strong>, and then click the <strong>Details</strong> tab.</li>
<li>For JScript, right-click <strong>jscript.dll</strong>, select Properties, and then click the <strong>Details</strong> tab.</li>
</ol>
<p>The version number is listed in the <strong>File Version</strong> field. If your file version starts with 5.8, for example 5.8.7600.16385, then VBScript 5.8 is installed on your system.</p>
<p><strong>Once I know the versions of the JScript or VBScript scripting engine installed on my system, where do I get the update?</strong>
The affected software in this bulletin apply to systems without Internet Explorer installed and to systems with Internet Explorer 7 or earlier versions installed. Customers with systems running Internet Explorer 8 or later should apply the Internet Explorer Cumulative Update (<a href="http://go.microsoft.com/fwlink/?LinkId=785873">MS16-051</a>), which also addresses the vulnerabilities discussed in this bulletin.</p>
Internet Explorer
CVE-2016-0189
4393
9316
9312
9318
9311
10287
9344
10049
10486-10481
10486-10482
10486-10483
10486-10484
10486-10047
10486-10048
10486-10051
10555-10378
10486-10729
10486-10735
10486-10789
10486-10788
10336-9316
10336-4393
10336-9312
10336-9318
Remote Code Execution
4393
Remote Code Execution
9316
Remote Code Execution
9312
Remote Code Execution
9318
Remote Code Execution
9311
Remote Code Execution
10287
Remote Code Execution
9344
Remote Code Execution
10049
Remote Code Execution
10486-10481
Remote Code Execution
10486-10482
Remote Code Execution
10486-10483
Remote Code Execution
10486-10484
Remote Code Execution
10486-10047
Remote Code Execution
10486-10048
Remote Code Execution
10486-10051
Remote Code Execution
10555-10378
Remote Code Execution
10486-10729
Remote Code Execution
10486-10735
Remote Code Execution
10486-10789
Remote Code Execution
10486-10788
Remote Code Execution
10336-9316
Remote Code Execution
10336-4393
Remote Code Execution
10336-9312
Remote Code Execution
10336-9318
Critical
4393
Critical
9316
Moderate
9312
Moderate
9318
Moderate
9311
Moderate
10287
Moderate
9344
Moderate
10049
Critical
10486-10481
Critical
10486-10482
Moderate
10486-10483
Critical
10486-10484
Critical
10486-10047
Critical
10486-10048
Moderate
10486-10051
Moderate
10555-10378
Critical
10486-10729
Critical
10486-10735
Critical
10486-10789
Critical
10486-10788
Critical
10336-9316
Critical
10336-4393
Moderate
10336-9312
Moderate
10336-9318
Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected
3158991
https://www.microsoft.com/downloads/details.aspx?familyid=c4789a8c-e4b8-4574-ba7b-8e4dc27cc407
3124624
4393
Security Update
3158991
https://www.microsoft.com/downloads/details.aspx?familyid=6793633f-6c04-4143-99f2-ba5156cfc5a8
3124624
9316
Security Update
3158991
https://www.microsoft.com/downloads/details.aspx?familyid=c4789a8c-e4b8-4574-ba7b-8e4dc27cc407
3124624
9312
Security Update
3158991
https://www.microsoft.com/downloads/details.aspx?familyid=6793633f-6c04-4143-99f2-ba5156cfc5a8
3124624
9318
Security Update
3158991
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3158991
3124624
9311
Security Update
3158991
https://www.microsoft.com/downloads/details.aspx?familyid=c4789a8c-e4b8-4574-ba7b-8e4dc27cc407
3124624
10287
Security Update
3158991
https://www.microsoft.com/downloads/details.aspx?familyid=6793633f-6c04-4143-99f2-ba5156cfc5a8
3124624
9344
Security Update
3155413
https://www.microsoft.com/downloads/details.aspx?familyid=2610643b-0a4f-4b2b-8b99-7038c10ce5cb
3124625
10049
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10481
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10482
Maybe
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10483
Security Update
3154070
3148198
10486-10484
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=6d7f5881-b9a7-4469-9cab-5182296765de
3148198
10486-10047
Maybe
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10048
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10051
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10555-10378
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10788
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=00a3db9b-4389-4425-b375-2a918a500f6a
3148198
10336-9316
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10336-4393
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10336-9312
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=00a3db9b-4389-4425-b375-2a918a500f6a
3148198
10336-9318
Security Update
<p><strong>Restrict access to VBScript.dll and JScript.dll</strong>
For 32-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> takeown /f %windir%\system32\vbscript.dll
cacls %windir%\system32\vbscript.dll /E /P everyone:N
cacls %windir%\system32\jscript.dll /E /P everyone:N
</code></pre>
<p>For 64-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> takeown /f %windir%\syswow64\vbscript.dll
cacls %windir%\syswow64\vbscript.dll /E /P everyone:N
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
</code></pre>
<p><strong>Impact of Workaround</strong>.
Websites that use VBScript or JScript may not work properly.</p>
<p><strong>How to undo the workaround</strong>.
For 32-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> cacls %windir%\system32\vbscript.dll /E /R everyone
cacls %windir%\system32\jscript.dll /E /R everyone
</code></pre>
<p>For 64-bit systems, enter the following command at an administrative command prompt:</p>
<pre><code> cacls %windir%\syswow64\vbscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone
</code></pre>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.</p>
<p>An attacker who successfully exploited this vulnerability could obtain access to file and directory information on the mounting user’s USB disk.</p>
<p>This update addresses the vulnerability by ensuring that access to USB disks over RDP is correctly enforced to prevent non-mounting session access.</p>
Volume Manager Driver
CVE-2016-0190
10483
10543
10378
10379
Information Disclosure
10483
Information Disclosure
10543
Information Disclosure
10378
Information Disclosure
10379
Important
10483
Important
10543
Important
10378
Important
10379
Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Unlikely
3155784
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3155784
10483
Security Update
3155784
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3155784
10543
Security Update
3155784
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3155784
10378
Security Update
3155784
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3155784
10379
Security Update
Sandeep Kumar of <a href="http://www.citrix.com/">Citrix Systems Inc.</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-05-13T07:00:00Z
<p>Bulletin revised to change the vulnerability severity rating for Windows 8.1 and Windows RT 8.1 to Not applicable, because these operating systems are not affected by the vulnerability described in this bulletin. Customers who have applied security update 3155784 do not need to take any further action. This is an informational change only.</p>
Scripting Engine Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p>
<p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p>
Microsoft Edge
CVE-2016-0191
10724-10729
10724-10735
10724-10789
10724-10788
Remote Code Execution
10724-10729
Remote Code Execution
10724-10735
Remote Code Execution
10724-10789
Remote Code Execution
10724-10788
Critical
10724-10729
Critical
10724-10735
Critical
10724-10789
Critical
10724-10788
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10788
Maybe
Security Update
Lokihart, working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative (ZDI)</a>
Simon Zuckerbraun - Trend Micro Zero Day Initiative working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Microsoft Browser Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p>
<p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>
Microsoft Browsers
CVE-2016-0192
10555-10378
10486-10729
10486-10735
10486-10789
10486-10788
10336-9316
10336-4393
10336-9312
10336-9318
10724-10729
10724-10735
10724-10789
10724-10788
10486-10481
10486-10482
10486-10483
10486-10484
Remote Code Execution
10555-10378
Remote Code Execution
10486-10729
Remote Code Execution
10486-10735
Remote Code Execution
10486-10789
Remote Code Execution
10486-10788
Remote Code Execution
10336-9316
Remote Code Execution
10336-4393
Remote Code Execution
10336-9312
Remote Code Execution
10336-9318
Remote Code Execution
10724-10729
Remote Code Execution
10724-10735
Remote Code Execution
10724-10789
Remote Code Execution
10724-10788
Remote Code Execution
10486-10481
Remote Code Execution
10486-10482
Remote Code Execution
10486-10483
Remote Code Execution
10486-10484
Moderate
10555-10378
Critical
10486-10729
Critical
10486-10735
Critical
10486-10789
Critical
10486-10788
Critical
10336-9316
Critical
10336-4393
Moderate
10336-9312
Moderate
10336-9318
Critical
10724-10729
Critical
10724-10735
Critical
10724-10789
Critical
10724-10788
Critical
10486-10481
Critical
10486-10482
Moderate
10486-10483
Critical
10486-10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10555-10378
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10788
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=00a3db9b-4389-4425-b375-2a918a500f6a
3148198
10336-9316
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10336-4393
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10336-9312
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=00a3db9b-4389-4425-b375-2a918a500f6a
3148198
10336-9318
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10788
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10481
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10482
Maybe
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10483
Security Update
3154070
3148198
10486-10484
Security Update
Zheng Huang of the <a href="http://xteam.baidu.com/">Baidu Security Lab</a>, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Scripting Engine Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p>
<p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p>
Microsoft Edge
CVE-2016-0193
10724-10729
10724-10735
10724-10789
10724-10788
Remote Code Execution
10724-10729
Remote Code Execution
10724-10735
Remote Code Execution
10724-10789
Remote Code Execution
10724-10788
Critical
10724-10729
Critical
10724-10735
Critical
10724-10789
Critical
10724-10788
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10724-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10724-10788
Maybe
Security Update
Zhen Feng, Wen Xu of Tencent KeenLab, working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative (ZDI)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Internet Explorer Information Disclosure Vulnerability
<p>An information disclosure vulnerability exists when Internet Explorer does not properly handle file access permissions, which could allow an attacker to disclose the contents of arbitrary files on the user's computer. An attacker who successfully exploited the vulnerability could potentially read data that was not intended to be disclosed. Note that the vulnerability would not allow an attacker to execute code or to elevate a user’s rights directly, but the vulnerability could be used to obtain information in an attempt to further compromise the affected system.</p>
<p>In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site.</p>
<p>The update addresses the vulnerability by helping to ensure that file access permissions are properly validated before returning file data to the user.</p>
Internet Explorer
CVE-2016-0194
10555-10378
10486-10729
10486-10735
10486-10789
10486-10788
10486-10481
10486-10482
10486-10483
10486-10484
Information Disclosure
10555-10378
Information Disclosure
10486-10729
Information Disclosure
10486-10735
Information Disclosure
10486-10789
Information Disclosure
10486-10788
Information Disclosure
10486-10481
Information Disclosure
10486-10482
Information Disclosure
10486-10483
Information Disclosure
10486-10484
Low
10555-10378
Important
10486-10729
Important
10486-10735
Important
10486-10789
Important
10486-10788
Important
10486-10481
Important
10486-10482
Low
10486-10483
Important
10486-10484
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10555-10378
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10486-10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10486-10788
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10481
Maybe
Security Update
3154070
https://www.microsoft.com/downloads/details.aspx?familyid=f6835223-3265-4a3a-875a-0aa86aa60825
3148198
10486-10482
Maybe
Security Update
3154070
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3154070
3148198
10486-10483
Security Update
3154070
3148198
10486-10484
Security Update
SandboxEscaper working with <a href="https://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Windows Imaging Component Memory Corruption Vulnerability
<p>A remote code execution vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>There are multiple ways an attacker could exploit this vulnerability:</p>
<ul>
<li>In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website or by opening an attachment sent through email.</li>
<li>In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.</li>
</ul>
<p>The security update addresses the vulnerability by correcting how the Windows Imaging Component handles objects in the memory.</p>
Microsoft Graphics Component
CVE-2016-0195
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
10729
10735
10789
10788
Remote Code Execution
10047
Remote Code Execution
10048
Remote Code Execution
10481
Remote Code Execution
10482
Remote Code Execution
10484
Remote Code Execution
9312
Remote Code Execution
10287
Remote Code Execution
9311
Remote Code Execution
9318
Remote Code Execution
9344
Remote Code Execution
10050
Remote Code Execution
10051
Remote Code Execution
10049
Remote Code Execution
10378
Remote Code Execution
10379
Remote Code Execution
10483
Remote Code Execution
10543
Remote Code Execution
4393
Remote Code Execution
9316
Remote Code Execution
10729
Remote Code Execution
10735
Remote Code Execution
10789
Remote Code Execution
10788
Critical
10047
Critical
10048
Critical
10481
Critical
10482
Critical
10484
Critical
9312
Critical
10287
Critical
9311
Critical
9318
Critical
9344
Critical
10050
Critical
10051
Critical
10049
Critical
10378
Critical
10379
Critical
10483
Critical
10543
Critical
4393
Critical
9316
Critical
10729
Critical
10735
Critical
10789
Critical
10788
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=6193000d-bfd7-4e3c-baaa-f75386d56366
10047
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=a6b93874-9578-4040-9939-0092ea660c55
10048
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=363293cb-c626-4474-bdad-6e687126a82a
3035132
10481
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=48d28796-e9cc-4d4c-b002-45b18955cf6f
3035132
10482
Security Update
3156019
3035132
10484
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=050415ab-113c-40a7-acc7-52192727b1f0
9312
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=050415ab-113c-40a7-acc7-52192727b1f0
10287
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=96ab38be-2633-4e27-a073-927e505e9934
9311
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=661b59d9-bf85-4d0b-ad9d-9b53e01bc988
9318
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=661b59d9-bf85-4d0b-ad9d-9b53e01bc988
9344
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=70b30200-e126-4f61-8044-6933e735f77b
10050
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=a6b93874-9578-4040-9939-0092ea660c55
10051
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=a6b93874-9578-4040-9939-0092ea660c55
10049
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=6bae0615-bfff-44fe-b1f6-e9fce52081b8
3035132
10378
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=6bae0615-bfff-44fe-b1f6-e9fce52081b8
3035132
10379
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=48d28796-e9cc-4d4c-b002-45b18955cf6f
3035132
10483
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=48d28796-e9cc-4d4c-b002-45b18955cf6f
3035132
10543
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=050415ab-113c-40a7-acc7-52192727b1f0
4393
Security Update
3156019
https://www.microsoft.com/downloads/details.aspx?familyid=661b59d9-bf85-4d0b-ad9d-9b53e01bc988
9316
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Win32k Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p>
Windows Kernel-Mode Drivers
CVE-2016-0196
10729
10735
10789
10788
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9311
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
4393
Elevation of Privilege
9316
Important
10729
Important
10735
Important
10789
Important
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=ae0c2184-6d16-4e43-8d56-7a8c32f9156e
3139852
10047
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10048
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=3c8098f4-cc5f-4fc8-bc50-dfbae0ec3630
3145739
10481
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10482
Security Update
3153199
3145739
10484
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
9312
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
10287
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=90bba387-4e29-4c7a-b32f-5b31256d7287
3139852
9311
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9318
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9344
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=cda09e12-3592-4fda-988a-d2db9e5271ca
3139852
10050
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10051
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=662a0984-d4fc-45f9-8b32-99952ae259d2
3139852
10049
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10378
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=c09390c4-861d-4373-baae-472c16aefa17
3145739
10379
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10483
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=25ffb6db-38e9-4f04-aac1-8eafd997704b
3145739
10543
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=d9f74705-d48f-440b-96c1-d2618d1cc530
3139852
4393
Security Update
3153199
https://www.microsoft.com/downloads/details.aspx?familyid=e564396a-0df9-4677-8687-6a93acd17026
3139852
9316
Security Update
<a href="http://www.360.com/">Qihoo 360 Vulcan Team</a>, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a>
Dhanesh Kizhakkinan of <a href="https://www.fireeye.com/">FireEye, Inc.</a>
Anonymous working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative</a>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.</p>
<p>An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>The update addresses the vulnerability by correcting the way the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) handles certain calls and escapes, to preclude improper memory mapping and to prevent unintended elevation from user mode.</p>
Windows Kernel-Mode Drivers
CVE-2016-0197
10047
10048
10481
10482
10484
9312
10287
9311
9318
9344
10050
10051
10049
10378
10379
10483
10543
4393
9316
10729
10735
10789
10788
Elevation of Privilege
10047
Elevation of Privilege
10048
Elevation of Privilege
10481
Elevation of Privilege
10482
Elevation of Privilege
10484
Elevation of Privilege
9312
Elevation of Privilege
10287
Elevation of Privilege
9311
Elevation of Privilege
9318
Elevation of Privilege
9344
Elevation of Privilege
10050
Elevation of Privilege
10051
Elevation of Privilege
10049
Elevation of Privilege
10378
Elevation of Privilege
10379
Elevation of Privilege
10483
Elevation of Privilege
10543
Elevation of Privilege
4393
Elevation of Privilege
9316
Elevation of Privilege
10729
Elevation of Privilege
10735
Elevation of Privilege
10789
Elevation of Privilege
10788
Important
10047
Important
10048
Important
10481
Important
10482
Important
10484
Important
9312
Important
10287
Important
9311
Important
9318
Important
9344
Important
10050
Important
10051
Important
10049
Important
10378
Important
10379
Important
10483
Important
10543
Important
4393
Important
9316
Important
10729
Important
10735
Important
10789
Important
10788
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=dde0692a-c579-4f57-928d-0d7999b80926
2976897
10047
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=70e685a3-5639-495f-ba47-9e01bee7aea5
2976897
10048
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=de24c56f-a06f-4215-8374-08b55cb426be
10481
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=98542b3d-86aa-4c87-8ed5-dc8e80f5537d
10482
Security Update
3156017
10484
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=cb8c7c7e-fa45-4c2f-bc9a-675e9f1a2815
2976897
9312
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=cb8c7c7e-fa45-4c2f-bc9a-675e9f1a2815
2976897
10287
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=c5fcabbd-2176-416a-a2b7-efdeb94c7b6d
2976897
9311
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=d275da42-c44f-4058-9f82-5fe0bee38438
2976897
9318
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=d275da42-c44f-4058-9f82-5fe0bee38438
2976897
9344
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=3f52800b-74ea-4208-a780-95065b8dface
2976897
10050
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=70e685a3-5639-495f-ba47-9e01bee7aea5
2976897
10051
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=70e685a3-5639-495f-ba47-9e01bee7aea5
2976897
10049
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=c1001d97-3ac9-45ea-9669-8d39d8eca6d3
2976897
10378
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=c1001d97-3ac9-45ea-9669-8d39d8eca6d3
2976897
10379
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=98542b3d-86aa-4c87-8ed5-dc8e80f5537d
10483
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=98542b3d-86aa-4c87-8ed5-dc8e80f5537d
10543
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=cb8c7c7e-fa45-4c2f-bc9a-675e9f1a2815
2976897
4393
Security Update
3156017
https://www.microsoft.com/downloads/details.aspx?familyid=d275da42-c44f-4058-9f82-5fe0bee38438
2976897
9316
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10729
Security Update
3156387
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156387
3147461
10735
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10789
Maybe
Security Update
3156421
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3156421
3147458
10788
Maybe
Security Update
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
Microsoft Office Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.</p>
<p><strong>I have Microsoft Word 2010 installed. Why am I not being offered the 3115121 update?</strong>
The 3115121 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.</p>
<p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong>
When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p>
<p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.
For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p>
Microsoft Office
CVE-2016-0198
1160
10162
10513
10514
4497
10606
10604
10605
10746
10747
10025
10521
10522
10670
Remote Code Execution
1160
Remote Code Execution
10162
Remote Code Execution
10513
Remote Code Execution
10514
Remote Code Execution
4497
Remote Code Execution
10606
Remote Code Execution
10604
Remote Code Execution
10605
Remote Code Execution
10746
Remote Code Execution
10747
Remote Code Execution
10025
Remote Code Execution
10521
Remote Code Execution
10522
Remote Code Execution
10670
Critical
1160
Critical
10162
Critical
10513
Critical
10514
Critical
4497
Critical
10606
Critical
10604
Critical
10605
Critical
10746
Critical
10747
Critical
10025
Critical
10521
Critical
10522
Critical
10670
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
3115132
https://www.microsoft.com/downloads/details.aspx?familyid=6e05c374-bb53-4311-a01c-72d36e69f07b
3114987
1160
Maybe
Security Update
3115116
https://www.microsoft.com/downloads/details.aspx?familyid=a58f32c8-e216-4b89-89a8-6ccfdfa399c5
3114983
10162
Maybe
Security Update
3115123
https://www.microsoft.com/downloads/details.aspx?familyid=37f75e69-8d92-4c5c-abc2-62374aefe596
3114993
10513
Maybe
Security Update
3115123
https://www.microsoft.com/downloads/details.aspx?familyid=164dabd4-7638-4c9d-ae88-5eaa801139c4
3114993
10514
Maybe
Security Update
3115115
https://www.microsoft.com/downloads/details.aspx?familyid=0ea0f80e-1c6b-4e92-9ce0-4b18081bd536
3114982
4497
Maybe
Security Update
3115025
3114937
10606
Maybe
Security Update
3115025
https://www.microsoft.com/downloads/details.aspx?familyid=f19e1a90-58ec-4065-ae94-99d9649efe63
3114937
10604
Maybe
Security Update
3115025
https://www.microsoft.com/downloads/details.aspx?familyid=13786206-f828-4d38-9c96-546aa26da14d
3114937
10605
Maybe
Security Update
3115094
https://www.microsoft.com/downloads/details.aspx?familyid=4f15a91d-f190-4c92-9cb4-bfdf2fb4fde4
3114855
10746
Maybe
Security Update
3115094
https://www.microsoft.com/downloads/details.aspx?familyid=89abe1dd-35fd-4818-8477-5c9a8239db23
3114855
10747
Maybe
Security Update
3155776
https://www.microsoft.com/downloads/details.aspx?familyid=6d430fa4-a261-49d8-95d4-0c9b53ac19f9
3154208
10025
Maybe
Security Update
3115121
https://www.microsoft.com/downloads/details.aspx?familyid=755d5fdf-b538-4b38-9b8e-bca883a8dcff
3114990
10521
Maybe
Security Update
3115121
https://www.microsoft.com/downloads/details.aspx?familyid=b87e9357-e882-49a6-aaf8-6b17f8ea3e93
3114990
10522
Maybe
Security Update
3155777
http://go.microsoft.com/fwlink/?LinkID=785965
3142577
10670
Security Update
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
March 2016 Adobe Flash Security Update
<p>This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin <a href="http://helpx.adobe.com/security/products/flash-player/apsb16-15.html">APSB16-15</a>:</p>
<p>CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117</p>
<p><strong>How could an attacker exploit these vulnerabilities?</strong>
In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p>
<p>In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.</p>
Adobe Flash Player
ADV160002
10384-10481
10384-10482
10384-10484
10384-10483
10384-10735
10384-10729
10384-10789
10384-10788
10384-10378
Remote Code Execution
10384-10481
Remote Code Execution
10384-10482
Remote Code Execution
10384-10484
Remote Code Execution
10384-10483
Remote Code Execution
10384-10735
Remote Code Execution
10384-10729
Remote Code Execution
10384-10789
Remote Code Execution
10384-10788
Remote Code Execution
10384-10378
Critical
10384-10481
Critical
10384-10482
Critical
10384-10484
Moderate
10384-10483
Critical
10384-10735
Critical
10384-10729
Critical
10384-10789
Critical
10384-10788
Moderate
10384-10378
Publicly Disclosed:No;Exploited:No
3163207
https://www.microsoft.com/downloads/details.aspx?familyid=c34b03f2-7bb7-4d81-b99c-0068e412d8f1
3157993
10384-10481
Yes
Security Update
3163207
https://www.microsoft.com/downloads/details.aspx?familyid=1987b0dc-da5f-458f-80ca-99fbf7a23555
3157993
10384-10482
Yes
Security Update
3163207
3157993
10384-10484
Yes
Security Update
3163207
https://www.microsoft.com/downloads/details.aspx?familyid=1987b0dc-da5f-458f-80ca-99fbf7a23555
3157993
10384-10483
Yes
Security Update
3163207
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3163207
3157993
10384-10735
Yes
Security Update
3163207
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3163207
3157993
10384-10729
Yes
Security Update
3163207
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3163207
3157993
10384-10789
Yes
Security Update
3163207
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3163207
3157993
10384-10788
Yes
Security Update
3163207
https://www.microsoft.com/downloads/details.aspx?familyid=9fbe0e7a-e1ac-4a70-87e4-a1a76647bfbd
3157993
10384-10378
Yes
Security Update
<p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> may be helpful in your situation:</p>
<ul>
<li>In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a website that contains a webpage that is used to exploit any of these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or instant message that takes users to the attacker's website.</li>
<li>Internet Explorer in the Windows 8-style UI will only play Flash content from sites listed on the Compatibility View (CV) list. This restriction requires an attacker to first compromise a website already listed on the CV list. An attacker could then host specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an instant message that takes users to the attacker's website, or by opening an attachment sent through email.</li>
<li>By default, all supported versions of Microsoft Outlook and Windows Live Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables scripts and ActiveX controls, helps reduce the risk of an attacker being able to use any of these vulnerabilities to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of any of these vulnerabilities through the web-based attack scenario.</li>
<li>By default, Internet Explorer on Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode that is known as <a href="https://technet.microsoft.com/library/dd883248.aspx">Enhanced Security Configuration</a>. This mode can help reduce the likelihood of the exploitation of these Adobe Flash Player vulnerabilities in Internet Explorer.</li>
</ul>
<p>Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.</p>
<p><strong>Prevent Adobe Flash Player from running</strong>
You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.</p>
<p><strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To set the kill bit for the control in the registry, perform the following steps:</p>
<ol>
<li><p>Paste the following into a text file and save it with the .reg file extension.</p>
<pre><code> Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
</code></pre>
</li>
<li><p>Double-click the .reg file to apply it to an individual system.</p>
<p>You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.</p>
</li>
</ol>
<p><strong>Note</strong> You must restart Internet Explorer for your changes to take effect.
<strong>Impact of workaround</strong>. There is no impact as long as the object is not intended to be used in Internet Explorer.
<strong>How to undo the workaround.</strong> Delete the registry keys that were added in implementing this workaround.
<strong>Prevent Adobe Flash Player from running in Internet Explorer through Group Policy</strong>
<strong>Note</strong> The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites:</p>
<p><a href="https://technet.microsoft.com/library/hh831791">Group Policy Overview</a>
<a href="https://technet.microsoft.com/library/cc737816%28v=ws.10%29.aspx">What is Group Policy Object Editor?</a>
<a href="https://technet.microsoft.com/library/cc784165%28v=ws.10%29.aspx">Core Group Policy tools and settings</a></p>
<p>To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps:
<strong>Note</strong> This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.</p>
<ol>
<li>Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO.</li>
<li>Navigate to the following node:
<strong>Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Add-on Management</strong></li>
<li>Double-click <strong>Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects</strong>.</li>
<li>Change the setting to Enabled.</li>
<li>Click <strong>Apply</strong> and then click <strong>OK</strong> to return to the Group Policy Management Console.</li>
<li>Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect.
<strong>Prevent Adobe Flash Player from running in Office 2010 on affected systems</strong>
<strong>Note</strong> This workaround does not prevent Adobe Flash Player from running in Internet Explorer.
<strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.</li>
</ol>
<p>To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:</p>
<ol>
<li>Create a text file named Disable_Flash.reg with the following contents:</li>
</ol>
<pre><code> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
"Compatibility Flags"=dword:00000400
</code></pre>
<ol start="2">
<li>Double-click the .reg file to apply it to an individual system.</li>
<li><strong>Note</strong> You must restart Internet Explorer for your changes to take effect.
You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, <a href="http://go.microsoft.com/fwlink/?LinkID=215719">Group Policy collection</a>.
<strong>Prevent ActiveX controls from running in Office 2007 and Office 2010</strong></li>
</ol>
<p>To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:</p>
<ol>
<li>Click File, click Options, click Trust Center, and then click Trust Center Settings.</li>
<li>Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications.</li>
<li>Click OK to save your settings.
<strong>Impact of workaround</strong>. Office documents that use embedded ActiveX controls may not display as intended.
<strong>How to undo the workaround</strong>.</li>
</ol>
<p>To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:</p>
<ol>
<li>Click File, click Options, click Trust Center, and then click Trust Center Settings.</li>
<li>Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications.</li>
<li>Click OK to save your settings.
<strong>Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones</strong>
You can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.</li>
</ol>
<p>To raise the browsing security level in Internet Explorer, perform the following steps:</p>
<ol>
<li>On the Internet Explorer <strong>Tools</strong> menu, click** Internet Option**s.</li>
<li>In the <strong>Internet Options</strong> dialog box, click the <strong>Security</strong> tab, and then click <strong>Internet</strong>.</li>
<li>Under <strong>Security level for this zone</strong>, move the slider to <strong>High</strong>. This sets the security level for all websites you visit to High.</li>
<li>Click <strong>Local intranet</strong>.</li>
<li>Under <strong>Security level for this zone</strong>, move the slider to <strong>High</strong>. This sets the security level for all websites you visit to High.</li>
<li>Click <strong>OK</strong> to accept the changes and return to Internet Explorer.
<strong>Note</strong> If no slider is visible, click <strong>Default Level</strong>, and then move the slider to <strong>High</strong>.
<strong>Note</strong> Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.
<strong>Impact of workaround</strong>. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".
<strong>Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone</strong></li>
</ol>
<p>You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:</p>
<ol>
<li>In Internet Explorer, click <strong>Internet Options</strong> on the <strong>Tools</strong> menu.</li>
<li>Click the <strong>Security</strong> tab.</li>
<li>Click <strong>Internet</strong>, and then click <strong>Custom Level</strong>.</li>
<li>Under <strong>Settings</strong>, in the <strong>Scripting</strong> section, under <strong>Active Scripting</strong>, click <strong>Prompt</strong> or <strong>Disable</strong>, and then click <strong>OK</strong>.</li>
<li>Click <strong>Local intranet</strong>, and then click <strong>Custom Level</strong>.</li>
<li>Under <strong>Settings</strong>, in the <strong>Scripting</strong> section, under <strong>Active Scripting</strong>, click <strong>Prompt</strong> or <strong>Disable</strong>, and then click <strong>OK</strong>.</li>
<li>Click <strong>OK</strong> to return to Internet Explorer, and then click <strong>OK</strong> again.
<strong>Note</strong> Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.
<strong>Impact of workaround</strong>. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click <strong>Yes</strong> to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".
<strong>Add sites that you trust to the Internet Explorer Trusted sites zone</strong>
After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.</li>
</ol>
<p>To do this, perform the following steps:</p>
<ol>
<li>In Internet Explorer, click <strong>Tools</strong>, click <strong>Internet Options</strong>, and then click the <strong>Security</strong> tab.</li>
<li>In the <strong>Select a web content zone to specify its current security settings</strong> box, click <strong>Trusted Sites</strong>, and then click <strong>Sites</strong>.</li>
<li>If you want to add sites that do not require an encrypted channel, click to clear the <strong>Require server verification (https:) for all sites in this zone</strong> check box.</li>
<li>In the <strong>Add this website to the zone</strong> box, type the URL of a site that you trust, and then click <strong>Add</strong>.</li>
<li>Repeat these steps for each site that you want to add to the zone.</li>
<li>Click <strong>OK</strong> two times to accept the changes and return to Internet Explorer.
<strong>Note</strong> Add any sites that you trust not to take malicious action on your system. Two sites in particular that you may want to add are *<strong>.windowsupdate.microsoft.com</strong> and *<strong>.update.microsoft.com</strong>. These are the sites that will host the update, and they require an ActiveX control to install the update.</li>
</ol>
2.1
2017-05-17T07:00:00Z
<p>Changed identifier to reduce confusion with CVE IDs. This is an informational change only.</p>
1.0
2016-05-10T07:00:00Z
<p>Information published.</p>
1.1
2016-05-10T07:00:00Z
<p>Bulletin revised to temporarily redirect an inactive link for Adobe Security Bulletin APSB16-15 to the May 2016 edition of Adobe Security Advisory APSA16-02. The redirection is pending the release of the May 2016 edition of the Adobe Security Bulletin. This is an informational change only.</p>
2.0
2016-05-13T07:00:00Z
<p>Bulletin revised to announce the release of update 3163207 to address the vulnerabilities included in Adobe Security Bulletin APSB16-15. Note that update 3163207 replaces the update previously released in this bulletin (update 3157993). Microsoft strongly recommends that customers install update 3163207 to help be protected from the vulnerabilities described in Adobe Security Bulletin APSB16-15.</p>