Microsoft Security Bulletin Coverage

April 12, 2016

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Apr. 12, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-037 Cumulative Security Update for Internet Explorer

  • CVE-2016-0154 Microsoft Browser Memory Corruption Vulnerability
    IPS:11559 ” Microsoft Browser Memory Corruption Vulnerability (MS16-037) “
  • CVE-2016-0159 Internet Explorer Memory Corruption Vulnerability
    IPS:11557 ” Internet Explorer Memory Corruption Vulnerability (MS16-037) 1″
  • CVE-2016-0160 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0162 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0164 Internet Explorer Memory Corruption Vulnerability
    IPS: 11558 “Internet Explorer Memory Corruption Vulnerability (MS16-037) 2”
  • CVE-2016-0166 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-038 Cumulative Security Update for Microsoft Edge

  • a href=”http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0154″ target=”_blank”>CVE-2016-0154 Microsoft Browser Memory Corruption Vulnerability
    IPS:11559 ” Microsoft Browser Memory Corruption Vulnerability (MS16-037) “
  • CVE-2016-0155 Microsoft Edge Memory Corruption Vulnerability
    SPY:4382 ” Malformed-File exe.MP.13″
  • CVE-2016-0156 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0157 Microsoft Edge Memory Corruption Vulnerability
    IPS: 11550 “Microsoft Edge Memory Corruption Vulnerability (MS16-038) 2”
  • CVE-2016-0158 Microsoft Edge Elevation of Privilege Vulnerability
    IPS: 11551 “Microsoft Edge Memory Corruption Vulnerability (MS16-038) 3”
  • CVE-2016-0161 Microsoft Edge Elevation of Privilege Vulnerability
    IPS: 11552 “Microsoft Edge Memory Corruption Vulnerability (MS16-038) 4”

MS16-039 Security Update for Microsoft Graphics Component

  • CVE-2016-0143 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.
  • CVE-2016-0145 Graphics Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0165 Win32k Elevation of Privilege Vulnerability
    SPY:4357 “Malformed-File exe.MP.11”
  • CVE-2016-0167 Win32k Elevation of Privilege Vulnerability
    This is a local Vulnerability.

MS16-040 Security Update for Microsoft XML Core Services

  • CVE-2016-0147 MSXML Remote Code Execution Vulnerability
    IPS: 11548 ” MSXML Remote Code Execution Vulnerability (MS16-039)1″

MS16-041 Security Update for .NET Framework

  • CVE-2016-0148 .NET Framework Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-042 Security Update for Microsoft Office

  • CVE-2016-0122 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0127 Microsoft Office Memory Corruption Vulnerability
    SPY:4336 “Malformed-File rtf.MP.13”
  • CVE-2016-0136 Microsoft Office Memory Corruption Vulnerability
    IPS:11258 “Malformed Excel Document 1”
  • CVE-2016-0139 Microsoft Office Memory Corruption Vulnerability
    SPY:4335 “Malformed-File xls.MP.52 “

MS16-044 Security Update for Windows OLE

  • CVE-2016-0153 Windows OLE Remote Code Execution Vulnerability
    SPY:4491 “Malformed-File doc.MP.36 “

MS16-045 Security Update for Windows Hyper-V

  • CVE-2016-0088 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0089 Windows OLE Memory Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0090 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-046 Security Update for Secondary Logon

  • CVE-2016-0135 Secondary Logon Elevation of Privilege Vulnerability
    IPS: 11554 “Windows Secondary Logon Elevation of Privilege Vulnerability”

MS16-047 Security Update for SAM and LSAD Remote Protocols

  • CVE-2016-0128 Windows RPC Downgrade Vulnerability
    IPS: 11555 “DCERPC AuthLevel Downgrade (Windows)”

MS16-048 Security Update for CSRSS

  • CVE-2016-0151 Windows CSRSS Security Feature Bypass Vulnerability
    SPY:4358 ” Malformed-File exe.MP.12″

MS16-049 Security Update for HTTP.sys

  • CVE-2016-0150 HTTP.sys Denial of Service Vulnerability
    There are no known exploits in the wild.