Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS16-118) Cumulative Security Update for Internet Explorer (3192887)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user, and thus install malicious code without restriction.


  • (MS16-119) Cumulative Security Update for Microsoft Edge (3192890)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS16-120) Security Update for Microsoft Graphics Component (3192884)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.


  • (MS16-121) Security Update for Microsoft Office (3194063)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files.


  • (MS16-122) Security Update for Microsoft Video Control (3195360)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


  • (MS16-123) Security Update for Windows Kernel-Mode Drivers (3192892)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.


  • (MS16-124) Security Update for Windows Registry (3193227)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.


  • (MS16-125) Security Update for Diagnostics Hub (3193229)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  • (MS16-126) Security Update for Microsoft Internet Messaging API (3196067)
    Risk Rating: Moderate

    This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory.


  • (MS16-127) (Security Update for Adobe Flash Player (3194343) Security Update for Windows Secure Kernel Mode (3185876)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS16-104) Cumulative Security Update for Internet Explorer (3183038)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-105) Cumulative Security Update for Microsoft Edge (3183043)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-106) Security Update for Microsoft Graphics Component (3185848)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-107) Security Update for Microsoft Office (3185852)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office, the more severe of which could allow remote code execution.


  • (MS16-108) Security Update for Microsoft Exchange Server (3185883)
    Risk Rating: Critical

    This security update resolves a vulnerabilities in Microsoft Exchange Server, the most severe of which could allow remote code execution in certain Oracle Outside In libraries built into Exchange server.


  • (MS16-109) Security Update for Silverlight (3182373)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Silverlight that could allow remote code execution. The vulnerability is exploited when a user visits a compromised website that contains a specially crafted Silverlight application.


  • (MS16-110) Security Update for Windows (3178467)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow remote code execution if an attacker runs a specialy crafted request to exploit it.


  • (MS16-111) Security Update for Windows Kernel (3186973)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When exploited, an attacker could gain the same rights as the currently logged on user.


  • (MS16-112) Security Update for Windows Lock Screen (3178469)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege.


  • (MS16-113) Security Update for Windows Secure Kernel Mode (3185876)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure. The vulnerability lies in the improper handling of objects in memory by the Windows Secure Kernel Mode.


  • (MS16-114) Security Update for SMBv1 Server (3185879)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution in certain versions of the operating system. The attacker sends specially crafted packets to a vulnerable SMBv1 Server.


  • (MS16-115) Security Update for Microsoft Windows PDF Library (3188733)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows that could allow information disclosure. An attacker must host a specially crafted PDF document or content online to exploit these vulnerablities.


  • (MS16-116) Security Update in OLE Automation for VBScript Scripting Engine (3188724)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution. This bulletin requires installation of two updates prior to installing the update in this bulletin.


  • (MS16-117) Security Update for Adobe Flash Player (3188128)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Adobe Flash Player installed on certain versions of Microsoft Windows operating systems.


Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS16-095) Cumulative Security Update for Internet Explorer (3177356)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-096) Cumulative Security Update for Microsoft Edge (3177358)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-097) Security Update for Microsoft Graphics Component (3177393)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Ms Office, Skype for Business, and MS Lync. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-098) Security Update for Windows Kernel-Mode Drivers (3178466)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow elevation of privilege.


  • (MS16-099) Security Update for Microsoft Office (3177451)
    Risk Rating: Critical

    This security update resolves a vulnerabilities in Microsoft Office, the most severe of which could allow remote code execution. An attacker must persuade a user to open a specially crafted Microsoft Office file to exploit these vulnerabilities.


  • (MS16-100) Security Update for Secure Boot (3179577)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow the bypass of Windows embedded security features.


  • (MS16-101) Security Update for Windows Authentication Methods (3178465)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow elevation of privilege if an attacker runs a specific application to exploit it.


  • (MS16-102) Security Update for Microsoft Windows PDF Library (3182248)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows when viewing online PDF content. When exploited, an attacker could gain the same rights as the currently logged on user.


  • (MS16-103) Security Update for ActiveSyncProvider (3182332)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure.


Microsoft addresses the following vulnerabilities in its July batch of patches:

  • (MS16-084) Cumulative Security Update for Internet Explorer (3169991)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-085) Cumulative Security Update for Microsoft Edge (3169999)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-086) Cumulative Security Update for JScript and VBScript (3169996)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-087) Security Update for Windows Print Spooler Components (3170005)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows print spooler components, the more severe of which could allow remote code execution via man-in-the-middle (MiTM) attack.


  • (MS16-088) Security Update for Microsoft Office (3170008)
    Risk Rating: Critical

    This security update resolves a vulnerabilities in Microsoft Office, the most severe of which could allow remote code execution. An attacker must persuade a user to open a specially crafted Microsoft Office file to exploit these vulnerabilities.


  • (MS16-089) Security Update for Windows Secure Kernel Mode (3170050)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure when successfully exploited by an attacker.


  • (MS16-090) Security Update for Windows Kernel-Mode Drivers (3171481)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow elevation of privilege if an attacker runs a specific application to exploit it.


  • (MS16-091) Security Update for .NET Framework (3170048)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege.


  • (MS16-092) Security Update for Windows Kernel (3171910)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows that could allow security feature bypass.


  • (MS16-093) Security Update for Adobe Flash Player (3174060)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player installed in several Windows operating systems.


  • (MS16-094) Security Update for Secure Boot (3177404)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow bypass of Secure Boot security feature when successfully exploited.


Microsoft addresses the following vulnerabilities in its June batch of patches:

  • (MS16-063) Cumulative Security Update for Internet Explorer (3163649)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-068) Cumulative Security Update for Microsoft Edge (3163656)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-069) Cumulative Security Update for JScript and VBScript (3163640)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-070) Security Update for Microsoft Office (3163610)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office, the more severe of which could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS16-071) Security Update for Microsoft Windows DNS Server (3164065)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution.


  • (MS16-072) Security Update for Group Policy (3163622)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege via a man-in-the-middle (MiTM) attack.


  • (MS16-073) Security Update for Windows Kernel-Mode Drivers (3164028)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker runs a specific application to exploit it.


  • (MS16-074) Security Update for Microsoft Graphics Component (3164036)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege.


  • (MS16-075) Security Update for Windows SMB Server (3164038)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege.


  • (MS16-076) Security Update for Netlogon (3167691)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution when successfully exploited.


  • (MS16-077) Security Update for WPAD (3165191)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege.


  • (MS16-078) Security Update for Windows Diagnostic Hub (3165479)
    Risk Rating: Important

    This security update resolves a vulnerability that could allow elevation of privilege.


  • (MS16-079) Security Update for Microsoft Exchange Server (3160339)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server, the most severe of which could cause information disclosure.


  • (MS16-080) Security Update for Microsoft Windows PDF (3164302)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the most severe of which could allow remote code execution by opening a specially crafted .PDF file.


  • (MS16-081) Security Update for Active Directory (3160352)
    Risk Rating: Important

    This security update resolves a vulnerability in Active Directory that could allow denial of service.


  • (MS16-082) Security Update for Microsoft Windows Search Component (3165270)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow denial of service.


Microsoft addresses the following vulnerabilities in its May batch of patches:

  • (MS16-051) Cumulative Security Update for Internet Explorer (3155533)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-052) Cumulative Security Update for Microsoft Edge (3155538)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-053) Cumulative Security Update for JScript and VBScript (3156764)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-054) Security Update for Microsoft Office (3155544)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS16-055) Security Update for Microsoft Graphics Component (3156754)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website.


  • (MS16-056) Security Update for Windows Journal (3156761)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.


  • (MS16-057) Security Update for Windows Shell (3156987)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-058) Security Update for Windows IIS (3141083)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-059) Security Update for Windows Media Center (3150220)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.


  • (MS16-061) Security Update for Microsoft RPC (3155520)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.


  • (MS16-062) Security Update for Windows Kernel-Mode Drivers (3158222)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  • (MS16-064) Security Update for Adobe Flash Player (3157993)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


  • (MS16-065) Security Update for .NET Framework (3156757)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.


  • (MS16-066) Security Update for Virtual Secure Mode (3155451)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.


  • (MS16-067) Security Update for Volume Manager Driver (3155784)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.


Microsoft addresses the following vulnerabilities in its April batch of patches:

  • (MS16-037) Cumulative Security Update for Internet Explorer (3148531)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Users with administrative privileges are more affected.


  • (MS16-038) Cumulative Security Update for Microsoft Edge (3148532)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Edge. The more severe of the vulnerabilities could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


  • (MS16-039) Security Update for Microsoft Graphics Component (3148522)
    Risk Rating: Critical

    This security update resolves a vulnerability found in Microsoft Windows, .NET Framework, Office, Skype for Business, and Microsoft Lync. When exploited successfully, the vulnerability could allow remote code execution.


  • (MS16-040) Security Update for Microsoft XML Core Services (3148541)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution when successfully exploited by an attacker.


  • (MS16-041) Security Update for .NET Framework (3148789)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-042) Security Update for Microsoft Office (3148775)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution when exploited successfully.


  • (MS16-044) Security Update for Windows OLE (3146706)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, this vulnerability could allow remote code execution.


  • (MS16-045) Security Update for Windows Hyper-V (3143118)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if successfully exploited by an attacker.


  • (MS16-046) Security Update for Secondary Logon (3148538)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an attacker to run arbitrary code as an administrator on the vulnerable machine.


  • (MS16-047) Security Update for SAM and LSAD Remote Protocols (3148527)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


  • (MS16-048) Security Update for CSRSS (3148528)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could allow security bypass.


  • (MS16-049) Security Update for HTTP.sys (3148795)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, the vulnerability could allow denial of service.


  • (MS16-050) Security Update for Adobe Flash Player (3154132)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Adobe Flash Player installed on Windows 8.1 and later versions.


Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391)
 Severity:    
 Advisory Date:  06 Apr 2016

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Trend Micro researcher Jack Tang discovered and reported details about this vulnerability to Microsoft. The said company acknowledged Tang’s research contribution.

Adobe Flash Player Vulnerability (CVE-2016-1019)
 Severity:    
 Advisory Date:  06 Apr 2016

This vulnerability, tagged as ‘critical’ is found in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Once successfully exploited, it could cause crash and allow remote attackers to take control of the affected system. As such, this compromises the security of the systems.

We are currently monitoring this for any attacks or threats that may leverage this vulnerability. Adobe will release an emergency patch to address the said vulnerability.

Microsoft addresses the following vulnerabilities in its March batch of patches:

  • (MS16-023) Cumulative Security Update for Internet Explorer (3142015)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. Users with administrative privileges are more affected.


  • (MS16-024) Cumulative Security Update for Microsoft Edge (3142019)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Edge. The more severe of the vulnerabilities could allow remote code execution if a user visits a specially crafted webpage while using Microsoft Edge. Note that accounts that have administrator privileges are more impacted.


  • (MS16-025) Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When exploited successfully, the vulnerability could allow remote code execution.


  • (MS16-026) Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution when successfully exploited by an attacker.


  • (MS16-027) Security Update for Windows Media to Address Remote Code Execution (3143146)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft windows. The most severe of the vulnerabilities could allow remote code execution.


  • (MS16-028) Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
    Risk Rating: Critical

    This security update resolves several vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution.


  • (MS16-029) Security Update for Microsoft Office to Address Remote Code Execution (3141806)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The more severe of the vulnerabilities could allow remote code execution if these vulnerabilties are successfully exploited.


  • (MS16-030) Security Update for Windows OLE to Address Remote Code Execution (3143136)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-031) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if successfully exploited by an attacker.


  • (MS16-032) Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


  • (MS16-033) Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. When successfully exploited, an attacker could elevate privileges on the vulnerable system.


  • (MS16-034) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
    Risk Rating: Important

    This security update resolves aseveral vulnerabilities in Microsoft Windows. These vulnerabilities could allow privilege elevation when exploited successfully by an attacker.


  • (MS16-035) Security Update for .NET Framework to Address Security Feature Bypass (3141780)
    Risk Rating: Important

    This security update resolves a vulnerability in .NET Framework. This update addresses the vulnerability by correcting the validation points for XML documents.