Advisory Date: 09 August 2016

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its August batch of patches:

  • (MS16-095) Cumulative Security Update for Internet Explorer (3177356)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-096) Cumulative Security Update for Microsoft Edge (3177358)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-097) Security Update for Microsoft Graphics Component (3177393)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Ms Office, Skype for Business, and MS Lync. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-098) Security Update for Windows Kernel-Mode Drivers (3178466)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow elevation of privilege.


  • (MS16-099) Security Update for Microsoft Office (3177451)
    Risk Rating: Critical

    This security update resolves a vulnerabilities in Microsoft Office, the most severe of which could allow remote code execution. An attacker must persuade a user to open a specially crafted Microsoft Office file to exploit these vulnerabilities.


  • (MS16-100) Security Update for Secure Boot (3179577)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow the bypass of Windows embedded security features.


  • (MS16-101) Security Update for Windows Authentication Methods (3178465)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow elevation of privilege if an attacker runs a specific application to exploit it.


  • (MS16-102) Security Update for Microsoft Windows PDF Library (3182248)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows when viewing online PDF content. When exploited, an attacker could gain the same rights as the currently logged on user.


  • (MS16-103) Security Update for ActiveSyncProvider (3182332)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS16-095 CVE-2016-3288 1007873 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3288) 9-Aug-16 YES
MS16-095, MS16-096 CVE-2016-3327 1007879 Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3327) 9-Aug-16 YES
MS16-099 CVE-2016-3316 1007885 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316) 9-Aug-16 YES
MS16-097 CVE-2016-3304 1007883 Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304) 9-Aug-16 YES
MS16-095 CVE-2016-3321 1007896 Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321) 9-Aug-16 YES
MS16-097 CVE-2016-3303 1007882 Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3303) 9-Aug-16 YES
MS16-099 CVE-2016-3317 1007886 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3317) 9-Aug-16 YES
MS16-095, MS16-096 CVE-2016-3289 1007874 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3289) 9-Aug-16 YES
MS16-095, MS16-096 CVE-2016-3326 1007878 Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326) 9-Aug-16 YES
MS16-095 CVE-2016-3290 1007875 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3290) 9-Aug-16 YES
MS16-099 CVE-2016-3313 1007884 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313) 9-Aug-16 YES
MS16-095, MS16-096 CVE-2016-3293 1007876 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3293) 9-Aug-16 YES
MS16-099 CVE-2016-3318 1007887 Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318) 9-Aug-16 YES
MS16-097 CVE-2016-3301 1007881 Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301) 9-Aug-16 YES
MS16-095, MS16-096 CVE-2016-3322 1007877 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3322) 9-Aug-16 YES
MS16-095 CVE-2016-3321 1007897 Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321) 9-Aug-16 YES
MS16-096, MS16-102 CVE-2016-3319 1007880 Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319) 9-Aug-16 YES

  SOLUTION