In this month, Microsoft has published 14 security bulletins and addresses more than seventy vulnerabilities. Among the 14 bulletins , six of them are rated as critical.
While classfiying vulnerabilities based on their exploitability, we found that remotely exploited vulnerbilities are higher than the locally exploitable ones.
Another important classification is based on the authentication factor. In this month, vulnerabilites that requires authentication are much less compared to the vulnerabilities that does not required an authentication.
The following are the crtical issues being addressed this month:
1. MS16-129 Cumulative Security Update for Microsoft Edge (3199057) - Critical Multiple remote code execution vulnerabilities exist in the way that Microsoft browsers handles objects in memory. The vulnerabilities could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.
2. MS16-130 Security Update for Microsoft Windows (3199172) - Critical A remote code execution vulnerability exists when Windows image file loading functionality does not properly handle malformed image files. An attacker who successfully exploited the vulnerability could execute arbitrary code.
3. MS16-131 Security Update for Microsoft Video Control (3199151) - Critical A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
4. MS16-132 Security Update for Microsoft Graphics Component (3199120) - Critical An information disclosure vulnerability exists when the ATMFD component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
5. MS16-142Cumulative Security Update for Internet Explorer (3198467) - Critical Multiple remote code execution vulnerabilities exist in the way that Microsoft browsers access objects in memory. The vulnerabilities could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.
Critical Bulletin | Affected software |
1. MS16-129 Cumulative Security Update for Microsoft Edge (3199057) | Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
2. MS16-130 Security Update for Microsoft Windows (3199172) | Windows Vista Service Pack 2 and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 and Windows Server 2008 for 64-bit System Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows RT 8.1 Windows 10 Version 1511 for 32-bit Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 for x64-based Systems Windows Server 2012 and Windows Server 2012 R2 Windows 10 for 32-bit Systems Windows Server 2016 for x64-based Systems Windows Server 2012 and Windows Server 2012 R2 Windows Server 2016 for x64-based |
3. MS16-131 Security Update for Microsoft Video Control (3199151) Windows 10 for 32-bit Systems | Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows RT 8.1 Windows Vista Service Pack 2 and Windows Vista x64 Edition Service Pack 2 Windows 8.1 for 32-bit Systems and Windows 8.1 for x64-based Systems Windows 7 for 32-bit Systems Service and Windows 7 for x64-based Systems |
4. MS16-132 Security Update for Microsoft Graphics Component (3199120) | Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2012 and Windows Server 2012 R2 Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 and Windows Server 2012 R2 Windows RT 8.1 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2016 for x64-based Systems |
5. MS16-142 Cumulative Security Update for Internet Explorer (3198467) | Windows Vista Service Pack 2 and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 and Windows Server 2012 R2 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems |
Microsoft's summary of the November 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-nov