Advisory Date: 14 June 2016

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its June batch of patches:

  • (MS16-063) Cumulative Security Update for Internet Explorer (3163649)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-068) Cumulative Security Update for Microsoft Edge (3163656)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-069) Cumulative Security Update for JScript and VBScript (3163640)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-070) Security Update for Microsoft Office (3163610)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office, the more severe of which could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS16-071) Security Update for Microsoft Windows DNS Server (3164065)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution.


  • (MS16-072) Security Update for Group Policy (3163622)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege via a man-in-the-middle (MiTM) attack.


  • (MS16-073) Security Update for Windows Kernel-Mode Drivers (3164028)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker runs a specific application to exploit it.


  • (MS16-074) Security Update for Microsoft Graphics Component (3164036)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege.


  • (MS16-075) Security Update for Windows SMB Server (3164038)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege.


  • (MS16-076) Security Update for Netlogon (3167691)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow remote code execution when successfully exploited.


  • (MS16-077) Security Update for WPAD (3165191)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege.


  • (MS16-078) Security Update for Windows Diagnostic Hub (3165479)
    Risk Rating: Important

    This security update resolves a vulnerability that could allow elevation of privilege.


  • (MS16-079) Security Update for Microsoft Exchange Server (3160339)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server, the most severe of which could cause information disclosure.


  • (MS16-080) Security Update for Microsoft Windows PDF (3164302)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the most severe of which could allow remote code execution by opening a specially crafted .PDF file.


  • (MS16-081) Security Update for Active Directory (3160352)
    Risk Rating: Important

    This security update resolves a vulnerability in Active Directory that could allow denial of service.


  • (MS16-082) Security Update for Microsoft Windows Search Component (3165270)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow denial of service.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS16-063 CVE-2016-3210 1007657 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210) 14-Jun-16 YES
MS16-068 CVE-2016-3199 1007661 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199) 14-Jun-16 YES
MS16-074 CVE-2016-3220 1007698 Microsoft Windows ATMFD.DLL Elevation Of Privilege Vulnerability (CVE-2016-3220) 14-Jun-16 YES
MS16-063 CVE-2016-0199 1007652 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199) 14-Jun-16 YES
MS16-069, MS16-063 CVE-2016-3207 1007656 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207) 14-Jun-16 YES
MS16-063 CVE-2016-0200 1007653 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200) 14-Jun-16 YES
MS16-080, MS16-068 CVE-2016-3201 1007664 Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3201) 14-Jun-16 YES
MS16-068 CVE-2016-3222 1007662 Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222) 14-Jun-16 YES
MS16-080, MS16-068 CVE-2016-3215 1007659 Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3215) 14-Jun-16 YES
MS16-080, MS16-068 CVE-2016-3203 1007665 Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203) 14-Jun-16 YES
MS16-074 CVE-2016-3216 1007668 Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-3216) 14-Jun-16 YES
MS16-069, MS16-063 CVE-2016-3205 1007654 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205) 14-Jun-16 YES
MS16-070 CVE-2016-3233 1007666 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233) 14-Jun-16 YES
MS16-069, MS16-063 CVE-2016-3206 1007655 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206) 14-Jun-16 YES
MS16-068 CVE-2016-3198 1007660 Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3198) 14-Jun-16 YES
MS16-070 CVE-2016-3234 10076667 Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234) 14-Jun-16 YES
MS16-070 CVE-2016-0025 1007663 Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025) 14-Jun-16 YES

  SOLUTION