Severity: LOW
  Advisory Date: JUL 13, 2016

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its July batch of patches:

  • (MS16-084) Cumulative Security Update for Internet Explorer (3169991)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS16-085) Cumulative Security Update for Microsoft Edge (3169999)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge, the most severe of which could allow remote code execution. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user.


  • (MS16-086) Cumulative Security Update for JScript and VBScript (3169996)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website hosted by an attacker.


  • (MS16-087) Security Update for Windows Print Spooler Components (3170005)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows print spooler components, the more severe of which could allow remote code execution via man-in-the-middle (MiTM) attack.


  • (MS16-088) Security Update for Microsoft Office (3170008)
    Risk Rating: Critical

    This security update resolves a vulnerabilities in Microsoft Office, the most severe of which could allow remote code execution. An attacker must persuade a user to open a specially crafted Microsoft Office file to exploit these vulnerabilities.


  • (MS16-089) Security Update for Windows Secure Kernel Mode (3170050)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow information disclosure when successfully exploited by an attacker.


  • (MS16-090) Security Update for Windows Kernel-Mode Drivers (3171481)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows, the more severe of which could allow elevation of privilege if an attacker runs a specific application to exploit it.


  • (MS16-091) Security Update for .NET Framework (3170048)
    Risk Rating: Important

    This security update resolves several vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege.


  • (MS16-092) Security Update for Windows Kernel (3171910)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows that could allow security feature bypass.


  • (MS16-093) Security Update for Adobe Flash Player (3174060)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player installed in several Windows operating systems.


  • (MS16-094) Security Update for Secure Boot (3177404)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could allow bypass of Secure Boot security feature when successfully exploited.


  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS16-084 CVE-2016-3242 1007724 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3242) 12-Jul-16 YES
MS16-084, MS16-085 CVE-2016-3259 1007723 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3259) 12-JuL-16 YES
MS16-084 CVE-2016-3261 1007720 Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3261) 12-JuL-16 YES
MS16-084, MS16-085 CVE-2016-3274 1007722 Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2016-3274) 12-Jul-16 YES
MS16-084 CVE-2016-3240 1007716 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3240) 12-Jul-16 YES
MS16-085 CVE-2016-3271 1007729 Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2016-3271) 12-Jul-16 YES
MS16-084, MS16-085 CVE-2016-3277 1007725 Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3277) 12-Jul-16 YES
MS16-085 CVE-2016-3244 1007726 Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3244) 12-Jul-16 YES
MS16-084, MS16-085 CVE-2016-3276 1007721 Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2016-3276) 12-Jul-16 YES
MS16-088 CVE-2016-3284 1007736 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3284) 12-Jul-16 YES
MS16-085 CVE-2016-3246 1007727 Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3246) 12-Jul-16 YES
MS16-088 CVE-2016-3279 1007731 Microsoft Office Remote Code Execution Vulnerability (CVE-2016-3279) 12-Jul-16 YES
MS16-084 CVE-2016-3243 1007718 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3243) 12-Jul-16 YES
MS16-088 CVE-2016-3280 1007732 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3280) 12-Jul-16 YES
MS16-084 CVE-2016-3241 1007717 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3241) 12-Jul-16 YES
MS16-088 CVE-2016-3283 1007735 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3283) 12-Jul-16 YES
MS16-088 CVE-2016-3282 1007734 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3282) 12-Jul-16 YES
MS16-088 CVE-2016-3281 1007733 Microsoft Office Memory Corruption Vulnerability (CVE-2016-3281) 12-Jul-16 YES

  SOLUTION