Vulnerabilities Weekly Summary Ending May 13
By Jerry Adams on May 13, 2016
Microsoft released their Security Bulletin Summary for the month of May 2016 patching vulnerabilities that affect the Windows operation system family (“Microsoft Security Bulletin Summary for May 2016“, May 10, 2016). Below are a list of the most critical vulnerabilities:
- Internet Explorer
- CVE-2016-0187 – Scripting Engine Memory Corruption Vulnerability
- CVE-2016-0188 – Internet Explorer Security Feature Bypass
- CVE-2016-0189 – Scripting Engine Memory Corruption Vulnerability
- CVE-2016-0192 – Microsoft Browser Memory Corruption Vulnerability
- CVE-2016-0194 – Internet Explorer Information Disclosure Vulnerability
- Microsoft Edge
- CVE-2016-0186 – Scripting Engine Memory Corruption Vulnerability
- CVE-2016-0191 – Scripting Engine Memory Corruption Vulnerability
- CVE-2016-0192 – Microsoft Browser Memory Corruption Vulnerability
- CVE-2016-0193 – Scripting Engine Memory Corruption Vulnerability
- JScript and VBScript
- CVE-2016-0187 – Scripting Engine Memory Corruption Vulnerability
- CVE-2016-0189 – Scripting Engine Memory Corruption Vulnerability
- Microsoft Office
- CVE-2016-0126 – Microsoft Office Memory Corruption Vulnerability
- CVE-2016-0140 – Microsoft Office Memory Corruption Vulnerability
- CVE-2016-0183 – Microsoft Office Memory Corruption Vulnerability
- CVE-2016-0198 – Microsoft Office Memory Corruption Vulnerability
- Microsoft Graphics Component
- CVE-2016-0168 – Windows Graphics Component Information Disclosure Vulnerability
- CVE-2016-0169 – Microsoft Office Memory Corruption Vulnerability
- CVE-2016-0170 – Windows Graphics Component RCE vulnerability
- CVE-2016-0184 – Direct3D Use After Free Vulnerability
- CVE-2016-0195 – Windows Imaging Component Memory Corruption Vulnerability
- Windows Journal
- CVE-2016-0182 – Journal Memory Corruption Vulnerability
- Windows Shell
- CVE-2016-0179 – Windows Shell Remote Code Execution Vulnerability
- Windows IIS
- CVE-2016-0152 – Windows DLL Loading Remote Code Execution Vulnerability
- Windows Media Center
- CVE-2016-0185 – Windows Media Center Remote Code Execution Vulnerability
- Windows Kernel
- CVE-2016-0180 – Windows Kernel Elevation of Privilege Vulnerability
- Microsoft RPC
- CVE-2016-0178 – RPC Network Data Representation Engine Remote Code Execution Vulnerability
- Windows Kernel-Mode Drivers
- CVE-2016-0171 – Win32k Elevation of Privilege Vulnerability
- CVE-2016-0173 – Win32k Elevation of Privilege Vulnerability
- CVE-2016-0174 – Win32k Elevation of Privilege Vulnerability
- CVE-2016-0175 – Win32k Information Disclosure Vulnerability
- CVE-2016-0176 – Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
- CVE-2016-0196 – Win32k Elevation of Privilege Vulnerability
- CVE-2016-0197 – Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
- .NET Framework
- CVE-2016-0149 – TLS/SSL Information Disclosure Vulnerability
- Virtual Secure Mode
- CVE-2016-0181 – Hypervisor Code Integrity Security Feature Bypass
- Volume Manager Driver
- CVE-2016-0190 – Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
Adobe also released their security for the month of May 2016. The bulletin addresses 32 vulnerabilities, below are the ones that are deemed critical (“Security updates available for Adobe Flash Player”, May 12 2016):
- CVE-2016-1105 – Type confusion vulnerabilities that could lead to code execution
- CVE-2016-4117 – Type confusion vulnerabilities that could lead to code execution
- CVE-2016-1101 – Heap buffer overflow vulnerability that could lead to code execution
- CVE-2016-1103 – Buffer overflow vulnerability that could lead to code execution
- CVE-2016-4116 – vulnerability in the directory search path used to find resources that could lead to code execution.
- CVE-2016-1106 – Use-after-free vulnerabilities that could lead to code execution
- CVE-2016-1097 – Use-after-free vulnerabilities that could lead to code execution
- CVE-2016-1096 – Memory corruption vulnerabilities that could lead to code execution
- CVE-2016-1098 – Memory corruption vulnerabilities that could lead to code execution
- CVE-2016-1099 – Memory corruption vulnerabilities that could lead to code execution
- CVE-2016-1100 – Memory corruption vulnerabilities that could lead to code execution
References
(2016 May 10). “Microsoft Security Bulletin Summary for May 2016“. Microsoft Corp. Retrieved from https://technet.microsoft.com/en-us/library/security/ms16-may.aspx on May 13, 2016.
(2016 May 12). “Security updates available for Adobe Flash Player”. Adobe Systems Inc. Retrieved from https://helpx.adobe.com/security/products/flash-player/apsb16-15.html on May 13, 2016.
Related Posts
-
CrushFTP CVE-2025-31161 Vulnerability
CrushFTP CVE-2025-31161 Vulnerability
4/11/2025 -
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
4/4/2025 -
Next.js Middleware CVE-2025-29927 Vulnerability
Next.js Middleware CVE-2025-29927 Vulnerability
4/4/2025