Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its May batch of patches:

  • (MS16-051) Cumulative Security Update for Internet Explorer (3155533)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-052) Cumulative Security Update for Microsoft Edge (3155538)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-053) Cumulative Security Update for JScript and VBScript (3156764)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-054) Security Update for Microsoft Office (3155544)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS16-055) Security Update for Microsoft Graphics Component (3156754)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website.


  • (MS16-056) Security Update for Windows Journal (3156761)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.


  • (MS16-057) Security Update for Windows Shell (3156987)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-058) Security Update for Windows IIS (3141083)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-059) Security Update for Windows Media Center (3150220)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-061) Security Update for Microsoft RPC (3155520)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.


  • (MS16-062) Security Update for Windows Kernel-Mode Drivers (3158222)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  • (MS16-064) Security Update for Adobe Flash Player (3157993)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


  • (MS16-065) Security Update for .NET Framework (3156757)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.


  • (MS16-066) Security Update for Virtual Secure Mode (3155451)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.


  • (MS16-067) Security Update for Volume Manager Driver (3155784)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.


Microsoft addresses the following vulnerabilities in its April batch of patches:

  • (MS16-037) Cumulative Security Update for Internet Explorer (3148531)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Users with administrative privileges are more affected.


  • (MS16-038) Cumulative Security Update for Microsoft Edge (3148532)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Edge. The more severe of the vulnerabilities could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


  • (MS16-039) Security Update for Microsoft Graphics Component (3148522)
    Risk Rating: Critical

    This security update resolves a vulnerability found in Microsoft Windows, .NET Framework, Office, Skype for Business, and Microsoft Lync. When exploited successfully, the vulnerability could allow remote code execution.


  • (MS16-040) Security Update for Microsoft XML Core Services (3148541)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution when successfully exploited by an attacker.


  • (MS16-041) Security Update for .NET Framework (3148789)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-042) Security Update for Microsoft Office (3148775)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution when exploited successfully.


  • (MS16-044) Security Update for Windows OLE (3146706)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, this vulnerability could allow remote code execution.


  • (MS16-045) Security Update for Windows Hyper-V (3143118)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if successfully exploited by an attacker.


  • (MS16-046) Security Update for Secondary Logon (3148538)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an attacker to run arbitrary code as an administrator on the vulnerable machine.


  • (MS16-047) Security Update for SAM and LSAD Remote Protocols (3148527)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


  • (MS16-048) Security Update for CSRSS (3148528)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could allow security bypass.


  • (MS16-049) Security Update for HTTP.sys (3148795)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, the vulnerability could allow denial of service.


  • (MS16-050) Security Update for Adobe Flash Player (3154132)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Adobe Flash Player installed on Windows 8.1 and later versions.


Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391)
 Severity:    
 Advisory Date:  06 Apr 2016

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Trend Micro researcher Jack Tang discovered and reported details about this vulnerability to Microsoft. The said company acknowledged Tang’s research contribution.

Adobe Flash Player Vulnerability (CVE-2016-1019)
 Severity:    
 Advisory Date:  06 Apr 2016

This vulnerability, tagged as ‘critical’ is found in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Once successfully exploited, it could cause crash and allow remote attackers to take control of the affected system. As such, this compromises the security of the systems.

We are currently monitoring this for any attacks or threats that may leverage this vulnerability. Adobe will release an emergency patch to address the said vulnerability.

Microsoft addresses the following vulnerabilities in its March batch of patches:

  • (MS16-023) Cumulative Security Update for Internet Explorer (3142015)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Users with administrative privileges are more affected.


  • (MS16-024) Cumulative Security Update for Microsoft Edge (3142019)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Edge. The more severe of the vulnerabilities could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


  • (MS16-025) Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When exploited successfully, the vulnerability could allow remote code execution.


  • (MS16-026) Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution when successfully exploited by an attacker.


  • (MS16-027) Security Update for Windows Media to Address Remote Code Execution (3143146)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft windows. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-028) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution.


  • (MS16-029) Security Update for Microsoft Office to Address Remote Code Execution (3141806)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution if these vulnerabilties are successfully exploited.


  • (MS16-030) Security Update for Windows OLE to Address Remote Code Execution (3143136)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-031) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-032) Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


  • (MS16-033) Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


  • (MS16-034) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
    Risk Rating: Important

    This security update resolves aseveral vulnerabilities in Microsoft Windows. These vulnerabilities could allow privilege elevation when exploited successfully by an attacker.


  • (MS16-035) Security Update for .NET Framework to Address Security Feature Bypass (3141780)
    Risk Rating: Important

    This security update resolves a vulnerability in .NET Framework. This update addresses the vulnerability by correcting the validation points for XML documents.


Microsoft addresses the following vulnerabilities in its February batch of patches:

  • (MS16-009) Cumulative Security Update for Internet Explorer (3134220)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.


  • (MS16-011) Cumulative Security Update for Microsoft Edge (3134225)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Edge. The vulnerability could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


  • (MS16-012) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution. Note that accounts that have administrator privileges are more impacted.


  • (MS16-013) Security Update for Windows Journal to Address Remote Code Execution (3134811)
    Risk Rating: Critical

    This security update resolves a vulnerabilitiy in Microsoft Windows. The vulnerabiliy could allow remote code execution when successfully exploited by an attacker using a specially crafted Journal file.


  • (MS16-014) Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft windows. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-015) Security Update for Microsoft Office to Address Remote Code Execution (3134226)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution. Note that accounts that have administrator privileges are more impacted.


  • (MS16-016) Security Update for WebDAV to Address Elevation of Privilege (3136041)
    Risk Rating: Important

    This security update resolves a vulnerability in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client. The vulnerability could allow elevation of privilege when successfully exploited.


  • (MS16-017) Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-018) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-019) Security Update for .NET Framework to Address Denial of Service (3137893)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could cause denial of service (DoS) when exploited successfully by an attacker.


  • (MS16-020) Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
    Risk Rating: Important

    This security update resolves a vulnerability in Active Directory Federation Services. The vulnerability could cause denial of service (DoS) when exploited successfully by an attacker.


  • (MS16-021) Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
    Risk Rating: Important

    This security update resolves a vulnerability in Windows Network Policy Server (NPS). The vulnerability could cause denial of service (DoS) when exploited successfully by an attacker.


  • (MS16-022) Security Update for Adobe Flash Player (3135782)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Adobe Flash Player installed on certain Microsoft Windows operating systems. The vulnerabilities could allow remote code execution on the affected system.


Trend Micro researchers discovered a vulnerability that affects OS X below 10.11.3. It occurs by sending one special constructed IOConnectCallMethod requests to AppleGraphicsPowerManagement module. If an attacker sends a request once, Kernel memory heap corruption happens in method AppleGraphicsPowerManagement`AGPM:etBoost. As such, this would lead an attacker to execute arbitrary code with Kernel privileges.

While this vulnerability is not easy to exploit due to the lack of Kernel information leak and heap control, we recommend users to upgrade their OS X to latest version.

Array Overflow Vulnerability in IOAcceleratorFamily2 Module (CVE-2016-1718)
 Severity:    
 Advisory Date:  19 Jan 2016

This vulnerability affects OS X below 10.11.3. It occurs by sending two special requests to IOAcceleratorFamily2 module. As such, an array overflow happens in method IOAccelDispalyMachine2::getFramebufferCount. This may lead to local privilege escalation. While this vulnerability is not easy to exploit, we advise users to upgrade their OS X to the latest version.

Trend Micro researcher Juwei Lin disclosed details about this vulnerability to Apple.

Memory Corruption Vulnerability in Kernel (CVE-2016-1721)
 Severity:    
 Advisory Date:  19 Jan 2016

Trend Micro researchers discovered this vulnerability which is rated by Apple as ‘Critical.’ It affects OS X below 10.11.3 and iOS below 9.2.1. Once successfully exploited, an attacker can execute arbitrary codes with Kernel privileges. In addition, once attackers bypass KASLR using vulnerability, they can root the affected system and/or device when a user installs and runs a malicious app.

We advise users to update their systems and devices to the latest OS X and iOS versions.

Microsoft addresses the following vulnerabilities in its January batch of patches:

  • (MS16-001) Cumulative Security Update for Internet Explorer (3124903)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-002) Cumulative Security Update for Microsoft Edge (3124904)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow attacker remote code execution if a user views a maliciously-crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS16-003) Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
    Risk Rating: Critical

    This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-004) Security Update for Microsoft Office to Address Remote Code Execution (3124585)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS16-005) Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.


  • (MS16-006) Security Update for Silverlight to Address Remote Code Execution (3126036)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website.


  • (MS16-007) Security Update for Microsoft Windows to Address Remote Code Execution (3124901) (3108670)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-008) Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  • (MS16-010) Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.