Microsoft Patch Tuesday Summary for May 2016

Published: 2016-05-10. Last Updated: 2016-05-10 17:21:23 UTC
by Alex Stanford (Version: 1)
5 comment(s)

https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10

-- 
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center
/in/alexstanford

Keywords:
5 comment(s)

Comments

Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)

Anonymous

May 10th 2016
8 years ago

Hi,

on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?

KH

Anonymous

May 11th 2016
8 years ago

[quote=comment#37049]Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)[/quote]
The exploit for MS16-053 is not publicly disclosed. The exploited CVE in MS16-053 is CVE-2016-0189. The fact that the same CVEs are seen in both MS16-051 and MS16-053 is not a typo.

[quote=comment#37055]Hi,

on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?

KH[/quote]

CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.

Anonymous

May 11th 2016
8 years ago

[quote=comment#37057]

CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.[/quote]

I Guess the note of NO for exploits detected on MS16-051 is what is confusing me. Shouldn't that be YES?

Alternatively, have there only been reported exploits of the JScript and VBScript vuls on Vista/Server2008 and that's why the note for exploits on MS16-051 say No?

Anonymous

May 11th 2016
8 years ago

isn't there something fishy with MS16-64 (Flash Player) ?

Adobe released an advisory APSA16-02 https://helpx.adobe.com/security/products/flash-player/apsa16-02.html with no patch available at this time of writing (associated APSB coming up next on May 12th)

But Microsoft released updates for Flash.

April https://support.microsoft.com/en-us/kb/3154132 --> Flash 21.0.0.213
May https://support.microsoft.com/en-us/kb/3157993 --> Flash 21.0.0.241

The latter is not referenced by Adobe though http://www.adobe.com/software/flash/about/

So obviously MS updated their code prior to Adobe themselves

Anonymous

May 11th 2016
8 years ago

Login here to join the discussion.


Top of page
Diary Archives