Severity: VERY LOW
  Advisory Date: NOV 08, 2016

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its November batch of patches:

  • (MS16-129) Cumulative Security Update for Microsoft Edge (3199057)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS16-130) Security Update for Microsoft Windows (3199172)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.


  • (MS16-131) Security Update for Microsoft Video Control (3199151)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


  • (MS16-132) Security Update for Microsoft Graphics Component (3199120)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of these could allow remote code execution on the vulnerable system.


  • (MS16-133) Security Update for Microsoft Office (3199168)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


  • (MS16-134) Security Update for Common Log File System Driver (3193706)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.


  • (MS16-135) Security Update for Windows Kernel-Mode Drivers (3199135)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege.


  • (MS16-137) Security Update for Windows Authentication Methods (3199173)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege.


  • (MS16-138) Security Update to Microsoft Virtual Hard Disk Driver (3199647)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.


  • (MS16-139) Security Update for Windows Kernel (3199720)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information.


  • (MS16-140) Security Update for Boot Manager (3193479)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.


  • (MS16-141) Security Update for Adobe Flash Player (3202790)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


  • (MS16-142) Cumulative Security Update for Internet Explorer (3198467)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS16-133 CVE-2016-7235 1008026 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7235) 9-Nov-16 YES
MS16-133 CVE-2016-7228 1008019 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7228) 9-Nov-16 YES
MS16-142, MS16-129 CVE-2016-7217 1008031 Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217) 9-Nov-16 YES
MS16-142, MS16-129 CVE-2016-7196 1008006 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7196) 9-Nov-16 YES
MS16-133 CVE-2016-7233 1008024 Microsoft Office Information Disclosure Vulnerability (CVE-2016-7233) 9-Nov-16 YES
MS16-129 CVE-2016-7203 1008010 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203) 9-Nov-16 YES
MS16-129 CVE-2016-7201 1008009 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201) 9-Nov-16 YES
MS16-129 CVE-2016-7200 1008008 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200) 9-Nov-16 YES
MS16-129 CVE-2016-7202 1008013 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202) 9-Nov-16 YES
MS16-133 CVE-2016-7234 1008025 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7234) 9-Nov-16 YES
MS16-142, MS16-129 CVE-2016-7241 1008017 Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-120) 11-Oct-16 YES
MS16-142, MS16-129 CVE-2016-7241 1007977 Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241) 9-Nov-16 YES
MS16-129 CVE-2016-7240 1008016 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240) 9-Nov-16 YES
MS16-133 CVE-2016-7232 1008023 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7232) 9-Nov-16 YES
MS16-129 CVE-2016-7204 1008014 Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204) 9-Nov-16 YES
MS16-133 CVE-2016-7230 1008021 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7230) 9-Nov-16 YES
MS16-132 CVE-2016-7256 1008036 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256) 9-Nov-16 YES
MS16-132 CVE-2016-7205 1008029 Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205) 9-Nov-16 YES
MS16-134 CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184 1007990 Microsoft Windows Multiple Security Vulnerabilities (MS16-134) 9-Nov-16 YES
MS16-142, MS16-129 CVE-2016-7198/td> 1008007 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7198) 9-Nov-16 YES
MS16-133 CVE-2016-7231 1008022 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231) 9-Nov-16 YES
MS16-133 CVE-2016-7236 1008027 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7236) 9-Nov-16 YES
MS16-129 CVE-2016-7242/td> 1008011 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242) 9-Nov-16 YES
MS16-138 CVE-2016-7226, CVE-2016-7224, CVE-2016-7225 1008035 Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-138) 9-Nov-16 YES
MS16-135 CVE-2016-7246, CVE-2016-7214, CVE-2016-7215, CVE-2016-7255 1008034 Microsoft Windows Multiple Security Vulnerabilities (MS16-135) 9-Nov-16 YES
MS16-133 CVE-2016-7213 1008018 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7213) 9-Nov-16 YES
MS16-142, MS16-129 CVE-2016-7195 1008012 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195) 9-Nov-16 YES
MS16-133 CVE-2016-7229 1008020 Microsoft Office Memory Corruption Vulnerability (CVE-2016-7229) 9-Nov-16 YES
MS16-132 CVE-2016-7210 1008030 Microsoft Windows OpenType Font Information Disclosure Vulnerability (CVE-2016-7210)) 9-Nov-16 YES

  SOLUTION