Security Alert (A16-08-03): Multiple Vulnerabilities in Microsoft Products (August 2016)


 

Published on: 10 August 2016

Last update on: 10 August 2016

  
  

Description:

Microsoft has released 9 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS16-095 Cumulative Security Update for Internet Explorer
MS16-096 Cumulative Security Update for Microsoft Edge
MS16-097 Security Update for Microsoft Graphics Component
MS16-098 Security Update for Windows Kernel-Mode Drivers
MS16-099 Security Update for Microsoft Office
MS16-100 Security Update for Secure Boot
MS16-101 Security Update for Windows Authentication Methods
MS16-102 Security Update for Microsoft Windows PDF Library
MS16-103 Security Update for ActiveSyncProvider

 

Affected Systems:

  • Microsoft Edge
  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Live Meeting 2007 Console
  • Microsoft Lync 2010, 2013, Lync 2010 Attendee, Lync Basic 2013
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
  • Microsoft Word Viewer
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
  • Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
  • Skype for Business 2016, Business Basic 2016 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege, remote code execution, security restriction bypass and information disclosure.

 

Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate

If any problem is encountered during the patch installation via automated methods, patches for various affected systems can also be downloaded individually from the "Affected and Non-Affected Software" section of the corresponding Microsoft Security Advisory and Bulletins which can be accessed from the URL(s) listed in the "More Information" section of this Security Alert.

 

More Information:

https://technet.microsoft.com/en-us/library/security/ms16-aug
https://technet.microsoft.com/en-us/library/security/MS16-095
https://technet.microsoft.com/en-us/library/security/MS16-096
https://technet.microsoft.com/en-us/library/security/MS16-097
https://technet.microsoft.com/en-us/library/security/MS16-098
https://technet.microsoft.com/en-us/library/security/MS16-098
https://technet.microsoft.com/en-us/library/security/MS16-100
https://technet.microsoft.com/en-us/library/security/MS16-101
https://technet.microsoft.com/en-us/library/security/MS16-102
https://technet.microsoft.com/en-us/library/security/MS16-103
https://www.us-cert.gov/ncas/current-activity/2016/08/09/Microsoft-Releases-August-2016-Security-Bulletin
https://www.hkcert.org/my_url/en/alert/16081001
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3237
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3288 (to CVE-2016-3290)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3293
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3296
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3300 (to CVE-2016-3301)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3303 (to CVE-2016-3304)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3308 (to CVE-2016-3313)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3315 (to CVE-2016-3322)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3326 (to CVE-2016-3327)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2016-3329 



Tag: Edge , Internet Explorer , Live Meeting , Lync , Microsoft Office , Word Viewer , Windows Server , Windows , Skype , Microsoft
Tags