Security Alert (A16-12-02): Multiple Vulnerabilities in Microsoft Products (December 2016)


 

Published on: 14 December 2016

  
  

 

Description:

Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS16-144    Cumulative Security Update for Internet Explorer
MS16-145    Cumulative Security Update for Microsoft Edge
MS16-146    Security Update for Microsoft Graphics Component
MS16-147    Security Update for Microsoft Uniscribe
MS16-148    Security Update for Microsoft Office
MS16-149    Security Update for Windows
MS16-150    Security Update for Windows Secure Kernel Mode
MS16-151    Security Update for Kernel-Mode Driver
MS16-152    Security Update for Windows Kernel
MS16-153    Security Update for Common Log File System Driver
MS16-154    Security Update for Adobe Flash Player
MS16-155    Security Update for .NET Framework

Reports indicate that there are scattered exploits observed against the vulnerabilities mentioned in MS16-144, MS16-145, MS16-146 and MS16-155.


Affected Systems:

  • Microsoft Edge
  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
  • Microsoft Office Compatibility Pack, Excel Viewer, Word Viewer
  • Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Office Web Apps 2010
  • Microsoft SharePoint Server 2007, 2010

 

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:https://technet.microsoft.com/library/security/ms16-dec


Impact:

Depending on the vulnerability exploited, a successful attack could lead to information disclosure, elevation of privilege, security feature bypass and remote code execution.


Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate

 

More Information:

https://technet.microsoft.com/en-us/library/security/ms16-dec
https://technet.microsoft.com/en-us/library/security/ms16-144
https://technet.microsoft.com/en-us/library/security/MS16-145
https://technet.microsoft.com/en-us/library/security/MS16-146
https://technet.microsoft.com/en-us/library/security/MS16-147
https://technet.microsoft.com/en-us/library/security/MS16-148
https://technet.microsoft.com/en-us/library/security/MS16-149
https://technet.microsoft.com/en-us/library/security/MS16-150
https://technet.microsoft.com/en-us/library/security/MS16-151
https://technet.microsoft.com/en-us/library/security/MS16-152
https://technet.microsoft.com/en-us/library/security/MS16-153
https://technet.microsoft.com/en-us/library/security/MS16-154
https://technet.microsoft.com/en-us/library/security/MS16-155
https://www.hkcert.org/my_url/en/alert/16121401
https://www.us-cert.gov/ncas/current-activity/2016/12/13/Microsoft-Releases-December-2016-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7257 (to CVE-2016-7260)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7262 (to CVE-2016-7268)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7270 (to CVE-2016-7284)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7286 (to CVE-2016-7292)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7295 (to CVE-2016-7298)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7300



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , SharePoint , Microsoft Office Web Apps
Tags