Acknowledgments – 2016

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID  

Vulnerability Title

CVE ID

Acknowledgment

June 2016

MS16-082

Windows StructuredQuery DoS Vulnerability

CVE-2016-3230


MS16-081

Active Directory Denial of Service Vulnerability

CVE-2016-3226

Ondrej Sevecek Company: GOPAS

MS16-080

Microsoft Edge PDF Information Disclosure Vulnerability

CVE-2016-3201

Jaanus Kääp of Clarified Security

MS16-080

Windows PDF Remote Code Execution Vulnerability

CVE-2016-3203

Ke Liu of Tencent's Xuanwu Lab

MS16-080

Microsoft Edge PDF Information Disclosure Vulnerability

CVE-2016-3215

Ke Liu of Tencent's Xuanwu Lab

MS16-079

Microsoft Exchange Information Disclosure Vulnerability

CVE-2016-0028

Louis-Paul Dareau of ProcessOut

MS16-078

Windows Diagnostics Hub Elevation of Privilege

CVE-2016-3231

lokihardt, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-077

NetBIOS Spoofing Vulnerability

CVE-2016-3213


MS16-077

NetBIOS Spoofing Vulnerability

CVE-2016-3213

Yu Yang (@tombkeeper) of Tencent's Xuanwu Lab

MS16-077

Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability

CVE-2016-3236


MS16-076

Windows NetLogon Memory Corruption Remote Code Execution Vulnerability

CVE-2016-3228


MS16-075

Windows WebDAV NTLM Loopback Elevation of Privilege

CVE-2016-3225


MS16-074

GDI32 Information Disclosure Vulnerability

CVE-2016-3216

Mateusz Jurczyk of Google Project Zero (Link to GPZ page)

MS16-074

Win32k EoP Vulnerability

CVE-2016-3219

James Forshaw of Google Project Zero

MS16-074

ATMFD EoP Vulnerability

CVE-2016-3220

Mateusz Jurczyk of Google Project Zero

MS16-073

Win32k EoP Vulnerability

CVE-2016-3218

zhong_sf (sina weibo: http://weibo.com/2641521260 ) and pgboy (sina weibo: http://weibo.com/pgboy1988 ) of Qihoo 360 Vulcan Team

MS16-073

Win32k EoP Vulnerability

CVE-2016-3221

RanchoIce of the Baidu Security Lab

MS16-072

Group Policy Elevation of Privilege Vulnerability

CVE-2016-3223

NabeelAhmed and Tom Gilis of Dimension Data

MS16-071

DNS Code Execution Vulnerability

CVE-2016-3227


MS16-070



Wei Wei of Tencent's Xuanwu Lab

MS16-070

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0025

YangKang, LiYaDong URL: 360 QEX team

MS16-070

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0025


MS16-070

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3233


MS16-070

Microsoft Office Information Disclosure

CVE-2016-3234

Dhanesh Kizhakkinan of FireEye Inc

MS16-069

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3205

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-069

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3206

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-069

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3207

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-068

Microsoft Edge Security Feature Bypass

CVE-2016-3198

Mario Heiderich of Cure53`

MS16-068

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3199

lokihardt working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-068

Microsoft Edge PDF Information Disclosure Vulnerability

CVE-2016-3201

Jaanus Kääp of Clarified Security

MS16-068

Windows PDF Remote Code Execution Vulnerability

CVE-2016-3203


MS16-068

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3214


MS16-068

Microsoft Edge PDF Information Disclosure Vulnerability

CVE-2016-3215

Ke Liu of Tencent's Xuanwu Lab

MS16-068

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3222

Shi Ji (@Puzzor) of VARAS@IIE working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-063




MS16-063

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0199

SkyLined working with iDefense

MS16-063

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0200

62600BCA031B9EB5CB4A74ADDDD6771E working with

Trend Micro’s Zero Day Initiative (ZDI)

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3205

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3206

Tao Yan (@Ga1ois) of Palo Alto Networks


Scripting Engine Memory Corruption Vulnerability

CVE-2016-3206

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3207`

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3210


MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3211

Ashutosh Mehra (https://twitter.com/ashutoshmehra) working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-063

Internet Explorer XSS Filter Vulnerability

CVE-2016-3212


MS16-063

NetBIOS Spoofing Vulnerability

CVE-2016-3213

Yu Yang (@tombkeeper) of Tencent's Xuanwu Lab

MS16-063




May 2016

MS16-067

Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability

CVE-2016-0190

Sandeep Kumar of Citrix Systems Inc.

MS16-066

Hypervisor Code Integrity Security Feature Bypass

CVE-2016-0181

Rafal Wojtczuk of Bromium

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0171

Nils Sommer of bytegeist, working with Google Project Zero

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0173

Nils Sommer of bytegeist, working with Google Project Zero

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0173

Qihoo 360Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0174

Tencent Security Team Sniper, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Win32k Information Disclosure Vulnerability

CVE-2016-0175

Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2016-0176

Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0196

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0196

Qihoo 360Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Defense-in-depth

-----------------

Fermin J. Serna

MS16-061

RPC Network Data Representation Engine Elevation of Privilege Vulnerability

CVE-2016-0178

Evgeny Kotkov and Ivan Zhakov of VisualSVN

MS16-060

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-0180

Loren Robinson and Alex Ionescu of CrowdStrike, Inc.

MS16-059

Windows Media Center Remote Code Execution Vulnerability

CVE-2016-0185

Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-057

Windows Shell Remote Code Execution Vulnerability

CVE-2016-0179

Shi Ji (@Puzzor) of VARAS@IIE

MS16-056

Journal Memory Corruption Vulnerability

CVE-2016-0182

Jason Kratzer, working with VeriSign iDefense Labs

MS16-056

Journal Memory Corruption Vulnerability

CVE-2016-0182

Bingchang Liu of VARAS@IIE

MS16-055

Windows Graphics Component Information Disclosure Vulnerability

CVE-2016-0168

Mateusz Jurczyk of Google Project Zero

MS16-055

Windows Graphics Component Information Disclosure Vulnerability

CVE-2016-0169

Mateusz Jurczyk of Google Project Zero

MS16-055

WIndows Graphics Component RCE vulnerability

CVE-2016-0170

Mateusz Jurczyk of Google Project Zero

MS16-055

Direct3D Use After Free RCE Vulnerability

CVE-2016-0184

Henry Li(zenhumany) of Trend Micro

MS16-054

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0126

An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team

MS16-054

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0126

Hao Linan of Qihoo 360Vulcan Team

MS16-054

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0140

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-054

Office Graphics RCE Vulnerability

CVE-2016-0183

Lucas Leong of Trend Micro

MS16-053

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0187

Kai Kang

MS16-052

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0186

Brian Pak (cai) from Theori, working with Trend Micro’s Zero Day Initiative

MS16-052

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0186

Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0191

Lokihart working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0192

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0193

Tencent Security Team Sniper working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Defense-in-depth

-----------------

Bing Sun Intel Security Group

MS16-051

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0187

Kai Kang

MS16-051

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0192

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-051

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0194

Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-051

Defense-in-depth

-----------------

Zhang Yunhai of NSFOCUS

April 2016

MS16-049

HTTP.sys Denial of Service Vulnerability

CVE-2016-0150

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-049

HTTP.sys Denial of Service Vulnerability

CVE-2016-0150

Noam Mazor of Imperva

MS16-048

Windows CSRSS Security Feature Bypass Vulnerability

CVE-2016-0151

James Forshaw of Google Project Zero

MS16-047

Windows RPC Downgrade Vulnerability

CVE-2016-0128

This vulnerability was discovered and researched by Stefan Metzmacher of SAMBA+ and the Samba Team, which also helped design a fix for the problem.
For more information about the vulnerability named "BADLOCK," see Badlock Bug.

MS16-046

Secondary Logon Elevation of Privilege Vulnerability

CVE-2016-0135

Tenable Network Security

MS16-045

Hyper-V Remote Code Execution Vulnerability

CVE-2016-0088

Kostya Kortchinsky of the Google Security Team

MS16-045

Hyper-V Remote Code Execution Vulnerability

CVE-2016-0088

Thomas Garnier

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0089

Kostya Kortchinsky of the Google Security Team

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0089

Thomas Garnier

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0090

Kostya Kortchinsky of the Google Security Team

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0090

Thomas Garnier

MS16-044

Windows OLE Remote Code Execution Vulnerability

CVE-2016-0153

Debasish Mandal of the Intel Security IPS Vulnerability Research Team

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0122

Sébastien Morin of COSIG

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0127

Lucas Leong of Trend Micro

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0136

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0139

Steven Seeley of Source Incite

MS16-041

.NET Framework Remote Code Execution Vulnerability

CVE-2016-0148

Yorick Koster of Securify B.V.

MS16-041

.NET Framework Remote Code Execution Vulnerability

CVE-2016-0148

rgod, working with Trend Micro's Zero Day Initiative

MS16-040

MSXML 3.0 Remote Code Execution Vulnerability

CVE-2016-0147

Nicolas Grégoire of Agarri

MS16-039

Win32k Elevation of Privilege Vulnerability

CVE-2016-0143

Nils Sommer of bytegeist, working with Google Project Zero

MS16-039

Graphics Memory Corruption Vulnerability

CVE-2016-0145

Mateusz Jurczyk of Google Project Zero

MS16-039

Win32k Elevation of Privilege Vulnerability

CVE-2016-0165

Kaspersky Lab

MS16-039

Win32k Elevation of Privilege Vulnerability

CVE-2016-0167

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-039

Defense-in-depth

-----------------

Richard Shupak

MS16-038

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0154

Liu Long of Qihoo 360

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0155

Liu Long of Qihoo 360

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0156

Shi Ji (@Puzzor) of VARAS@IIE

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0156

Liu Long of Qihoo 360

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0157

d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative

MS16-038

Microsoft Edge Elevation of Privilege Vulnerability

CVE-2016-0158

lokihardt, working with HP’s Zero Day Initiative

MS16-038

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0161

QianWen Xiang of Tencent QQBrowser

MS16-037

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0154

Liu Long of the Qihoo 360 Vulcan Team

MS16-037

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0159

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS16-037

DLL Loading Remote Code Execution Vulnerability

CVE-2016-0160

Sandro Poppi

MS16-037

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0162

Ladislav Janko, working with ESET

MS16-037

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0164

Zheng Huang of the Baidu Security Lab

MS16-037

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0166

Henry Li (zenhumany) of Trend Micro, working with HP’s Zero Day Initiative

3152550

N/A

N/A

Marc Newlin of the Bastille Threat Research Team

March 2016

MS16-035

.NET XML Validation Security Feature Bypass

CVE-2016-0132

Anders Abel of Kentor

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0093

Nils Sommer of bytegeist, working with Google Project Zero

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0094

Nils Sommer of bytegeist, working with Google Project Zero

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0095

Jueming of Security Threat Information Center

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0095

bee13oy of CloverSec Labs, working with HP’s Zero Day Initiative

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0096

fanxiaocao and pjf of IceSword Lab, Qihoo 360

MS16-033

USB Mass Storage Elevation of Privilege Vulnerability

CVE-2016-0133

Andy Davis, NCC Group

MS16-032

Secondary Logon Elevation of Privilege Vulnerability

CVE-2016-0099

James Forshaw of Google Project Zero

MS16-031

Windows Elevation of Privilege Vulnerability

CVE-2016-0087

Meysam Firozi @R00tkitSmm

MS16-030

Windows OLE Memory Remote Code Execution Vulnerability

CVE-2016-0091

Anonymous, working with HP’s Zero Day Initiative

MS16-030

Windows OLE Memory Remote Code Execution Vulnerability

CVE-2016-0092

Anonymous, working with HP’s Zero Day Initiative

MS16-029

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0021

Richard Warren of NCC Group

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Eric Clausing of AV-TEST GmbH

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Ulf Loesche of AV-TEST GmbH

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Maik Morgenstern of AV-TEST GmbH

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Andreas Marx of AV-TEST GmbH

MS16-029

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0134

Jack Tang of Trend Micro

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0102

Liu Long of Qihoo 360

MS16-028

Windows Remote Code Execution Vulnerability

CVE-2016-0117

Mark Yason, IBM X-Force

MS16-028

Windows Remote Code Execution Vulnerability

CVE-2016-0118

Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative

MS16-027

Windows Media Parsing Remote Code Execution Vulnerability

CVE-2016-0101

Bruno Martinez

MS16-026

OpenType Font Parsing Vulnerability

CVE-2016-0120

Mateusz Jurczyk of Google Project Zero

MS16-026

OpenType Font Parsing Vulnerability

CVE-2016-0121

Mateusz Jurczyk of Google Project Zero

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0102

Liu Long of Qihoo 360

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0105

Zheng Huang of the Baidu Security Lab

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0109

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0110

Zheng Huang of the Baidu Security Lab

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0111

Zheng Huang of the Baidu Security Lab

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0116

The Microsoft ChakraCore Team

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0123

d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0124

003, working with HP’s Zero Day Initiative

MS16-024

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0125

Richard Shupak

MS16-024

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0125

Hariram Balasundaram

MS16-024

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0125

Yashvier Kosaraju

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0129

The Microsoft ChakraCore Team

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0130

The Microsoft ChakraCore Team

MS16-024

Defense-in-depth

-----------------

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS16-024

Defense-in-depth

-----------------

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0103

Zheng Huang of the Baidu Security Lab

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0104

Li Kemeng of the Baidu Security Lab

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0105

Zheng Huang of the Baidu Security Lab

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0106

sky, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0107

Hui Gao of Palo Alto Networks

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0107

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0107

Tigonlab

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0108

Abhishek Arya and Martin Barbella, working with Google Project Zero

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0109

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0110

Zheng Huang of the Baidu Security Lab

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0111

Abhishek Arya and Martin Barbella, working with Google Project Zero

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0112

sky, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0112

0011, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0113

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0114

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS16-023

Defense-in-depth

-----------------

Simon Zuckerbraun working with HP'sZero Day Initiative

February 2016

MS16-018

Win32k Elevation of Privilege Vulnerability

CVE-2016-0048

fanxiaocao and pjf of Qihoo 360

MS16-016

WebDAV Elevation of Privilege Vulnerability

CVE-2016-0051

Tamás Koczka of Tresorit

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0022

Lucas Leong of Trend Micro

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0052

Lucas Leong of Trend Micro

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0053

Lucas Leong of Trend Micro

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0055

Kai Lu of Fortinet's FortiGuard Labs

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0056

An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team

MS16-015

Microsoft SharePoint XSS Vulnerability

CVE-2016-0039

Hadji Samir of Evolution Security GmbH (Vulnerability Lab)

MS16-014

Windows Elevation of Privilege Vulnerability

CVE-2016-0040

Meysam Firozi @R00tkitSmm

MS16-014

Windows Elevation of Privilege Vulnerability

CVE-2016-0040

Su Yong Kim, Byoungyoung Lee, and Taesoo Kim of SSLab, Georgia Institute of Technology

MS16-014

DLL Loading Remote Code Execution Vulnerability

CVE-2016-0041

Greg Linares, working with CyberPoint SRT

MS16-014

DLL Loading Remote Code Execution Vulnerability

CVE-2016-0041

Yorick Koster of Securify B.V.

MS16-014

Windows DLL Loading Remote Code Execution Vulnerability

CVE-2016-0042

Richard Warren of NCC Group

MS16-014

Windows Kerberos Security Feature Bypass

CVE-2016-0049

Vulnerability discovered by Nabeel Ahmed and Tom Gilis of Dimension Data

MS16-013

Windows Journal Memory Corruption Vulnerability

CVE-2016-0038

Rohit Mothe of VeriSign iDefense Labs

MS16-012

Microsoft Windows Reader Vulnerability

CVE-2016-0046

Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative

MS16-012

Microsoft PDF Library Buffer Overflow Vulnerability

CVE-2016-0058

Atte Kettunen of OUSPG

MS16-011

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0060

003, working with HP’s Zero Day Initiative

MS16-011

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0061

SkyLined, working with HP’s Zero Day Initiative

MS16-011

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0062

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-011

Microsoft Edge ASLR Bypass

CVE-2016-0080

Zhang Yunhai of NSFOCUS

MS16-009

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0059

Kai Lu of Fortinet's FortiGuard Labs

MS16-009

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0060

003, working with HP’s Zero Day Initiative

MS16-009

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0061

SkyLined, working with HP’s Zero Day Initiative

MS16-009

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0062

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiatived

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0063

SkyLined, working with HP’s Zero Day Initiative

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0064

Jack Tang of Trend Micro

MS16-009

Internet Explorer Elevation of Privilege Vulnerability

CVE-2016-0068

Masato Kinugawa of Cure53

MS16-009

Internet Explorer Elevation of Privilege Vulnerability

CVE-2016-0069

Yosuke HASEGAWA of Secure Sky Technology Inc.

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0071

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0072

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS16-009

Microsoft Browser Spoofing Vulnerability

CVE-2016-0077

Kacper Rybcynski

3137909

N/A

N/A

Michael Reizelman

January 2016

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0029

Abdulrahman Alqabandi

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0030

Alexandru Coltuneac

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0031

Nirmal Kirubakaran, Individual

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0032

israelg@bugsec.com

MS16-008

Windows Mount Point Elevation of Privilege Vulnerability

CVE-2016-0006

James Forshaw of Google Project Zero

MS16-008

Windows Mount Point Elevation of Privilege Vulnerability

CVE-2016-0007

James Forshaw of Google Project Zero

MS16-007

DLL Loading Elevation of Privilege Vulnerability

CVE-2016-0014

Stefan Kanthak of Me, myself & IT

MS16-007

Windows DirectShow Heap Corruption RCE vulnerability

CVE-2016-0015

Steven Vittitoe of Google Project Zero

MS16-007

Windows Library Loading Remote Code Execution Vulnerability

CVE-2016-0016

Steven Vittitoe of Google Project Zero

MS16-007

Windows Library Loading Remote Code Execution Vulnerability

CVE-2016-0018

parvez@greyhathacker.net

MS16-007

Windows Library Loading Remote Code Execution Vulnerability

CVE-2016-0018

Debasish Mandal of the Intel Security IPS Vulnerability Research Team

MS16-007

Windows Remote Desktop Protocol Security Bypass Vulnerability

CVE-2016-0019

Gal Goldshtein and Viktor Minin of Citadel

MS16-007

MAPI LoadLibrary EoP Vulnerability

CVE-2016-0020

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS16-006

Silverlight Runtime Remote Code Execution Vulnerability

CVE-2016-0034

Anton Ivanov and Costin Raiu of Kaspersky Lab

MS16-005

Windows GDI32.dll ASLR Bypass Vulnerability

CVE-2016-0008

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-005

Win32k Remote Code Execution Vulnerability

CVE-2016-0009

Kerem Gümrükcü

MS16-004

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0010

Kai Lu of Fortinet's FortiGuard Labs

MS16-004

ASLR bypass vulnerability

CVE-2016-0012

IBM X-Forcer researchers Tom Kahana, and Elad Menahem

MS16-004

Microsoft SharePoint Security Feature Bypass Vulnerability

CVE-2015-6117

Jonas Nilsson of Disruptive Innovations AB

MS16-004

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0035

Steven Seeley of Source Incite, working with HP’s Zero Day Initiative

MS16-003

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0002

Anonymous contributor, working with VeriSign iDefense Labs

MS16-002

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0003

003, working with HP’s Zero Day Initiative

MS16-002

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0003

Shi Ji (@Puzzor) of VARAS@IIE

MS16-002

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0024

CESG

MS16-001

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0002

Anonymous contributor, working with VeriSign iDefense Labs

MS16-004

Defense-in-depth

-----------------

Jack Tang of Trend Micro

MS16-002

Defense-in-depth

-----------------

Wenbin Zheng of Qihoo 360 Vulcan Team

MS16-001

Defense-in-depth

-----------------

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team

3109853

Defense-in-depth

-----------------

Thanks to Patrick Donahue, CloudFlare, for assistance in identifying the issue.

3109853

Defense-in-depth

-----------------

Thanks to Jeremiah Cohick, Fitbit, for assistance in identifying the issue.

3109853

Defense-in-depth

-----------------

Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.


Show: