Published on: 09 November 2016
Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:
MS16-129 Cumulative Security Update for Microsoft Edge
MS16-130 Security Update for Microsoft Windows
MS16-131 Security Update for Microsoft Video Control
MS16-132 Security Update for Microsoft Graphics Component
MS16-133 Security Update for Microsoft Office
MS16-134 Security Update for Common Log File System Driver
MS16-135 Security Update for Windows Kernel-Mode Drivers
MS16-136 Security Update for SQL Server
MS16-137 Security Update for Windows Authentication Methods
MS16-138 Security Update to Microsoft Virtual Hard Disk Driver
MS16-139 Security Update for Windows Kernel
MS16-140 Security Update for Boot Manager
MS16-141 Security Update for Adobe Flash Player
MS16-142 Cumulative Security Update for Internet Explorer
Reports indicate that the vulnerabilities mentioned in MS16-132 and MS16-135 are being exploited in wild. In addition, there are scattered exploits observed against the vulnerabilities mentioned in MS16-129 and MS16-142.
A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:
https://technet.microsoft.com/library/security/ms16-nov
Depending on the vulnerability exploited, a successful attack could lead to information disclosure, denial of service, elevation of privilege, security feature bypass and remote code execution.
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://technet.microsoft.com/en-us/library/security/ms16-nov
https://technet.microsoft.com/en-us/library/security/MS16-129
https://technet.microsoft.com/en-us/library/security/MS16-130
https://technet.microsoft.com/en-us/library/security/MS16-131
https://technet.microsoft.com/en-us/library/security/MS16-132
https://technet.microsoft.com/en-us/library/security/MS16-133
https://technet.microsoft.com/en-us/library/security/MS16-134
https://technet.microsoft.com/en-us/library/security/MS16-135
https://technet.microsoft.com/en-us/library/security/MS16-136
https://technet.microsoft.com/en-us/library/security/MS16-137
https://technet.microsoft.com/en-us/library/security/MS16-138
https://technet.microsoft.com/en-us/library/security/MS16-139
https://technet.microsoft.com/en-us/library/security/MS16-140
https://technet.microsoft.com/en-us/library/security/MS16-141
https://technet.microsoft.com/en-us/library/security/MS16-142
https://technet.microsoft.com/en-us/security/bulletins
https://www.hkcert.org/my_url/en/alert/16110901
https://www.us-cert.gov/ncas/current-activity/2016/11/08/Microsoft-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3332 (to CVE-2016-3335)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3342 (to CVE-2016-3343)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7195 (to CVE-2016-7196)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7198 (to CVE-2016-7205)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7208 (to CVE-2016-7210)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7212 (to CVE-2016-7218)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7220 (to CVE-2016-7256)