Last month of this year 2016, Microsoft has released 12 security bulletins. It addresses more than fourty Vulnerabilities. Among 12 bulletins, six of them are rated as critical.
While classfiying vulnerabilities based on their exploitability, we found that remotely exploited vulnerbilities are higher than the locally exploitable ones.
Another important classification is based on the authentication factor. In this month,vulnerabilites that requires authentication are much less compared to the vulnerabilities that does not required an authentication.
The following are the crtical issues being addressed this month:
- MS16-144 Cumulative Security Update for Internet Explorer (3204059)- This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
- MS16-145 Cumulative Security Update for Microsoft Edge (3204062) - This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
- MS16-146 Security Update for Microsoft Graphics Component (3204066)- This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
- MS16-147 Security Update for Microsoft Uniscribe (3204063)-This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document.
- MS16-148 Security Update for Microsoft Office (3204068)- This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Microsoft's summary of the November 2016 releases can be found here: https://technet.microsoft.com/en-us/library/security/ms16-dec