Microsoft Patch Tuesday Summary for May 2016
https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10
--
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center
/in/alexstanford
Keywords:
5 comment(s)
×
Diary Archives
Comments
Anonymous
May 10th 2016
8 years ago
on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?
KH
Anonymous
May 11th 2016
8 years ago
The exploit for MS16-053 is not publicly disclosed. The exploited CVE in MS16-053 is CVE-2016-0189. The fact that the same CVEs are seen in both MS16-051 and MS16-053 is not a typo.
[quote=comment#37055]Hi,
on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?
KH[/quote]
CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.
Anonymous
May 11th 2016
8 years ago
CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.[/quote]
I Guess the note of NO for exploits detected on MS16-051 is what is confusing me. Shouldn't that be YES?
Alternatively, have there only been reported exploits of the JScript and VBScript vuls on Vista/Server2008 and that's why the note for exploits on MS16-051 say No?
Anonymous
May 11th 2016
8 years ago
Adobe released an advisory APSA16-02 https://helpx.adobe.com/security/products/flash-player/apsa16-02.html with no patch available at this time of writing (associated APSB coming up next on May 12th)
But Microsoft released updates for Flash.
April https://support.microsoft.com/en-us/kb/3154132 --> Flash 21.0.0.213
May https://support.microsoft.com/en-us/kb/3157993 --> Flash 21.0.0.241
The latter is not referenced by Adobe though http://www.adobe.com/software/flash/about/
So obviously MS updated their code prior to Adobe themselves
Anonymous
May 11th 2016
8 years ago