CVE Kennungen: : CVE-2016-3267
  Advisory Date: 11 de października de 2016

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS16-118) Cumulative Security Update for Internet Explorer (3192887)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user, and thus install malicious code without restriction.


  • (MS16-119) Cumulative Security Update for Microsoft Edge (3192890)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS16-120) Security Update for Microsoft Graphics Component (3192884)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.


  • (MS16-121) Security Update for Microsoft Office (3194063)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files.


  • (MS16-122) Security Update for Microsoft Video Control (3195360)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


  • (MS16-123) Security Update for Windows Kernel-Mode Drivers (3192892)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.


  • (MS16-124) Security Update for Windows Registry (3193227)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.


  • (MS16-125) Security Update for Diagnostics Hub (3193229)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  • (MS16-126) Security Update for Microsoft Internet Messaging API (3196067)
    Risk Rating: Moderate

    This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory.


  • (MS16-127) (Security Update for Adobe Flash Player (3194343) Security Update for Windows Secure Kernel Mode (3185876)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS16-126, MS16-118 CVE-2016-3298 1007985 Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3298) 11-Oct-16 YES
MS16-119 CVE-2016-7189 1007983 Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-7189) 11-Oct-16 YES
MS16-119 CVE-2016-3386 1007984 MMicrosoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3386) 11-Oct-16 YES
MS16-121 CVE-2016-7193 1007979 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7193) 11-Oct-16 YES
MS16-125 CVE-2016-7188 1007995 Microsoft Windows Diagnostics Hub Elevation Of Privilege (CVE-2016-7188) 11-Oct-16 YES
MS16-120 CVE-2016-3263 1007978 Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-3263) 11-Oct-16 YES
MS16-118 CVE-2016-3385 1007980 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3385) 11-Oct-16 YES
MS16-118, MS16-119 CVE-2016-3331 1007986 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3331) 11-Oct-16 YES
MS16-123 CVE-2016-3341, CVE-2016-7191, CVE-2016-3266, CVE-2016-7185, CVE-2016-3376 1007975 Microsoft Windows Multiple Security Vulnerabilities (MS16-123) 11-Oct-16 YES
MS16-118 CVE-2016-3383 1007981 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3383) 11-Oct-16 YES
MS16-120 CVE-2016-3270, CVE-2016-7182 1007976 Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-120) 11-Oct-16 YES
MS16-120 CVE-2016-3262 1007977 Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-3262) 11-Oct-16 YES
MS16-118, MS16-119 CVE-2016-3387, CVE-2016-3388 1007989 Microsoft Windows Multiple Security Vulnerabilities (MS16-118, MS16-119) 11-Oct-16 YES
MMS16-118, MS16-119 CVE-2016-3267 1007991 Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3267) 11-Oct-16 YES
MS16-119 CVE-2016-7194 1007940 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358) 14-Sep-16 YES
MS16-115, MS16-105 CVE-2016-3374 1007994 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7194) 11-Oct-16 YES
MS16-124 CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079 1007988 Microsoft Windows Multiple Security Vulnerabilities (MS16-124) 11-Oct-16 YES
MS16-120 CVE-2016-3209 1007974 Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-3209) 11-Oct-16 YES
MS16-119 CVE-2016-7190 1007982 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364) 14-Sep-16 YES
MS16-107 CVE-2016-3357 1007939 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7190) 11-Oct-16 YES
MS16-118, MS16-119 CVE-2016-3382 1007987 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3382) 11-Oct-16 YES

  SOLUTION