Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2016-05-10

MS16-051
Title Cumulative Security Update for Internet Explorer
Replaces KB3147458, KB3155413
Affected Microsoft Windows, Internet Explorer
KB KB3155533
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Critical
CVE Exploitability
2016-0187 1
2016-0188 3
2016-0189 1
2016-0192 2
2016-0194 2
MS16-052
Title Cumulative Security Update for Microsoft Edge
Replaces KB3147458, KB3147461
Affected Microsoft Windows, Microsoft Edge
KB KB3155538
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0186 1
2016-0191 1
2016-0192 1
2016-0193 1
MS16-053
Title Cumulative Security Update for JScript and VBScript
Replaces KB3124625
Affected Microsoft Windows
KB KB3156764
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2016-0187 1
2016-0189 0
MS16-054
Title Cumulative Security Update for Microsoft Office
Replaces KB2760585, KB2760591, KB3054841, KB3054848, KB3114486, KB3114553, KB3114855, KB3114937, KB3114937, KB3114982, KB3114983, KB3114987, KB3114988, KB3114990, KB3114993, KB3114994, KB3142577, KB3154208
Affected Microsoft Office, Microsoft Office Services and Web Apps
KB KB3155544
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-0126 2
2016-0140 1
2016-0183 2
2016-0198 1
MS16-055
Title Cumulative Security Update for Microsoft Graphics Component
Replaces KB3035132, KB3124001, KB3147458, KB3147461
Affected Microsoft Windows
KB KB3156754
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0168 2
2016-0169 1
2016-0170 2
2016-0184 1
2016-0195 2
MS16-056
Title Windows Journal Memory Corruption Vulnerability
Replaces KB3147458, KB3147461
Affected Microsoft Windows
KB KB3156761
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Important
ISC Server Rating N/A
CVE Exploitability
2016-0182 3
MS16-057
Title Windows Shell Remote Code Execution Vulnerability
Replaces KB3147458, KB3147461
Affected Microsoft Windows
KB KB3156987
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0179 2
MS16-058
Title Windows DLL Loading Remote Code Execution Vulnerability
Replaces
Affected Microsoft Windows
KB KB3141083
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0152 2
MS16-059
Title Windows Media Center Remote Code Execution Vulnerability
Replaces KB3108669
Affected Microsoft Windows
KB KB3150220
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating N/A
CVE Exploitability
2016-0185 2
MS16-060
Title Windows Kernel Elevation of Privilege Vulnerability
Replaces KB3121212, KB3121212, KB3140410, KB3140410, KB3147458
Affected Microsoft Windows
KB KB3154846
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0180 2
MS16-061
Title RPC Network Data Representation Engine Elevation of Privilege Vulnerability
Replaces KB2978668, KB3140410, KB3147458, KB3147461
Affected Microsoft Windows
KB KB3155520
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0178 2
MS16-062
Title Cumulative Security Update for Windows Kernel-Mode Drivers
Replaces KB2976897, KB3139852, KB3145739, KB3147458, KB3147461, KB3147461
Affected Microsoft Windows
KB KB3158222
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0171 1
2016-0173 1
2016-0174 1
2016-0175 2
2016-0176 1
2016-0196 1
2016-0197 3
MS16-064
Title Cumulative Security Update for Adobe Flash
Replaces KB3154132
Affected Microsoft Windows, Adobe Flash Player
KB KB3157993
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
MS16-065
Title TLS/SSL Information Disclosure Vulnerability
Replaces KB2972107, KB2978041, KB2978042, KB3140768, KB3147458
Affected Microsoft Windows, Microsoft .NET Framework
KB KB3156757
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0149 3
MS16-066
Title Hypervisor Code Integrity Security Feature Bypass
Replaces KB3147458, KB3147461
Affected Microsoft Windows
KB KB3155451
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating N/A
CVE Exploitability
2016-0181 3
MS16-067
Title Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
Replaces
Affected Microsoft Windows
KB KB3155784
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0190 3
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.