Acknowledgments – 2016

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID  

Vulnerability Title

CVE ID                                  

Acknowledgment

December 2016

MS16-153

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-7295

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-151

Win32k Elevation of Privilege Vulnerability

CVE-2016-7259

Behzad Najjarpour Jabbari, Secunia Research at Flexera Software

MS16-151

Win32k Elevation of Privilege Vulnerability

CVE-2016-7259

Sébastien Renaud of Quarkslab

MS16-151

Win32k Elevation of Privilege Vulnerability

CVE-2016-7259

Richard Le Dé of Quarkslab

MS16-151

Win32k Elevation of Privilege Vulnerability

CVE-2016-7260

Jfpan of IceSword Lab, Qihoo 360

MS16-151

Win32k Elevation of Privilege Vulnerability

CVE-2016-7260

Fanxiaocao of IceSword Lab, Qihoo 360

MS16-149

Windows Crypto Driver Information Disclosure Vulnerability

CVE-2016-7219

Taesoo Kim of SSLab, Georgia Institue of Technology

MS16-149

Windows Crypto Driver Information Disclosure Vulnerability

CVE-2016-7219

Su Yong Kim of SSLab, Georgia Institue of Technology

MS16-149

Windows Crypto Driver Information Disclosure Vulnerability

CVE-2016-7219

Sangho Lee of SSLab, Georgia Institue of Technology

MS16-149

Windows Crypto Driver Information Disclosure Vulnerability

CVE-2016-7219

Byoungyoung Lee of SSLab, Georgia Institue of Technology

MS16-149

Windows Installer Elevation of Privilege Vulnerability

CVE-2016-7292

Thomas Vanhoutte (@SandboxEscaper)

MS16-148

Windows GDI Information Disclosure Vulnerability

CVE-2016-7257

Steven Vittitoe of Google Project Zero

MS16-148

Microsoft Office Security Feature Bypass Vulnerability

CVE-2016-7262

Iliyan Velikov of PwC UK

MS16-148

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7263

JChen of Palo Alto Networks

MS16-148

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7264

@j00sean

MS16-148

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7265

Steven Seeley of Source Incite

MS16-148

Microsoft Office Security Feature Bypass Vulnerability

CVE-2016-7266

Robert Riskin

MS16-148

Microsoft Office Security Feature Bypass Vulnerability

CVE-2016-7267

Haifei Li of Intel Security

MS16-148

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7268

@j00sean

MS16-148

Microsoft Office OLE DLL Side Loading Vulnerability

CVE-2016-7275

Weibo Wang of Qihoo 360 Skyeye Labs

MS16-148

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7276

Steven Vittitoe of Google Project Zero

MS16-148

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7277

Jaanus Kääp of Clarified Security

MS16-148

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7289

Peixue Li of Fortinet’s FortiGuard Labs

MS16-148

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7290

Steven Seeley of Source Incite

MS16-148

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7291

Steven Seeley of Source Incite

MS16-148

Defense-in-depth

-------------------

Steven Seeley of Source Incite

MS16-148

Defense-in-depth

-------------------

@j00sean

MS16-147

Windows Uniscribe Remote Code Execution Vulnerability

CVE-2016-7274

Hossein Lotfi, Secunia Research at Flexera Software

MS16-146

Windows GDI Information Disclosure Vulnerability

CVE-2016-7257

Steven Vittitoe of Google Project Zero

MS16-146

Windows Graphics Remote Code Execution Vulnerability

CVE-2016-7272

Giwan Go of STEALIEN, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-146

Defense-in-depth

-------------------

Henry Li (zenhumany) of Trend Micro

MS16-145

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7181

Veit Hailperin (@fenceposterror) of scip AG

MS16-145

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7279

The UK's National Cyber Security Centre (NCSC)

MS16-145

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-7280

Masato Kinugawa of Cure53

MS16-145

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7286

Natalie Silvanovich of Google Project Zero

MS16-145

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7287

Natalie Silvanovich of Google Project Zero

MS16-145

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7288

Natalie Silvanovich of Google Project Zero

MS16-145

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7296

Linan Hao of Qihoo 360 Vulcan Team working with POC/PwnFest

MS16-145

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7297

Lokihart working with POC/PwnFest

MS16-145

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7297

Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-144

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7202

Scott Bell of Security-Assessment.com

MS16-144

Windows Hyperlink Object Library Information Disclosure Vulnerability

CVE-2016-7278

Steven Seeley of Source Incite

MS16-144

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7279

The UK's National Cyber Security Centre (NCSC)

MS16-144

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7283

Scott Bell of Security-Assessment.com

MS16-144

Internet Explorer Information Disclosure Vulnerability

CVE-2016-7284

Li Kemeng of Baidu Security Lab

MS16-144

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7287

Natalie Silvanovich of Google Project Zero

MS16-144

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7293

Tigonlab

November 2016

MS16-142

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7196

Kai Song of Tencent’s Xuanwu LAB

MS16-142

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7198

Liu Long of Qihoo 360

MS16-142

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-7227

Masato Kinugawa of Cure53

MS16-142

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-7239

Masato Kinugawa via Google VRP

MS16-142

Microsoft Browser Remote Code Execution Vulnerability

CVE-2016-7241

Natalie Silvanovich of Google Project Zero

MS16-142

Defense-in-depth

-------------------

John Page of ApparitionSec

MS16-139

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-7216

James Forshaw of Google Project Zero

MS16-139

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-7216

Mateusz Jurczyk of Google Project Zero

MS16-138

VHDFS Driver Elevation of Privilege Vulnerability

CVE-2016-7223

James Forshaw of Google Project Zero

MS16-138

VHDFS Driver Elevation of Privilege Vulnerability

CVE-2016-7224

James Forshaw of Google Project Zero

MS16-138

VHDFS Driver Elevation of Privilege Vulnerability

CVE-2016-7225

James Forshaw of Google Project Zero

MS16-138

VHDFS Driver Elevation of Privilege Vulnerability

CVE-2016-7226

James Forshaw of Google Project Zero

MS16-137

Local Security Authority Subsystem Service Denial of Service Vulnerability

CVE-2016-7237

Laurent Gaffie

MS16-136

SQL RDBMS Engine Elevation of Privilege Vulnerability

CVE-2016-7250

Scott Sutherland of netSPI

MS16-135

Win32k Information Disclosure Vulnerability

CVE-2016-7214

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-135

Win32k Elevation of Privilege Vulnerability

CVE-2016-7215

bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-135

Bowser.sys Information Disclosure Vulnerabilty

CVE-2016-7218

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-135

Win32k Elevation of Privilege

CVE-2016-7246

Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-135

Win32k Elevation of Privilege Vulnerability

CVE-2016-7255

Neel Mehta of Google’s Threat Analysis Group

MS16-135

Win32k Elevation of Privilege Vulnerability

CVE-2016-7255

Billy Leonard of Google’s Threat Analysis Group

MS16-135

Win32k Elevation of Privilege Vulnerability

CVE-2016-7255

Feike Hacquebord, of Trend Micro

MS16-135

Win32k Elevation of Privilege Vulnerability

CVE-2016-7255

Peter Pi of Trend Micro

MS16-135

Win32k Elevation of Privilege Vulnerability

CVE-2016-7255

Brooks Li of Trend Micro

MS16-134

Windows CLFS Elevation of Privilege

CVE-2016-0026

Daniel King, KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3332

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3333

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3334

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3334

Daniel King, KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3335

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3338

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3340

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3342

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2016-3343

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-134

Windows CLFS Elevation of Privilege

CVE-2016-7184

Daniel King, KeenLab, Tencent

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7213

JChen of Palo Alto Networks

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7228

JChen of Palo Alto Networks

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7229

JChen of Palo Alto Networks

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7230

Steven Vittitoe of Google Project Zero

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7231

JChen of Palo Alto Networks

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7232

Steven Seeley of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7232

Rocco Calvi of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7233

Steven Seeley of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Information Disclosure Vulnerability

CVE-2016-7233

Rocco Calvi of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7234

Rocco Calvi of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7234

Steven Seeley of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7235

Rocco Calvi of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7235

Steven Seeley of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7236

Steven Seeley of Source Incite working with VeriSign iDefense Labs

MS16-133

Microsoft Office Denial of Service Vulnerability

CVE-2016-7244

Dmitri Kaslov, Independent Security Researcher

MS16-133

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7245

Haifei Li of Intel Security

MS16-132

Windows Animation Manager Memory Corruption Vulnerability

CVE-2016-7205

Scott Bell of Security-Assessment.com

MS16-132

Windows Animation Manager Memory Corruption Vulnerability

CVE-2016-7205

Kai Song of Tencent’s Xuanwu LAB

MS16-132

Windows Animation Manager Memory Corruption Vulnerability

CVE-2016-7205

SkyLined working with VeriSign iDefense Labs

MS16-132

Open Type Font Information Disclosure Vulnerability

CVE-2016-7210

Hossein Lotfi, Secunia Research at Flexera Software

MS16-132

Media Foundation Memory Corruption Vulnerability

CVE-2016-7217

Liu Long of Qihoo 360

MS16-132

Open Type Font Elevation of Privilege Vulnerability

CVE-2016-7256

Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA)

MS16-132

Defense-in-Depth

-------------------

Bing Sun of Intel Security Group

MS16-130

Windows Remote Code Execution Vulnerability

CVE-2016-7212

Aral Yaman of Noser Engineering AG

MS16-130

Windows IME Elevation of Privilege Vulnerability

CVE-2016-7221

Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc.

MS16-130

Task Scheduler Elevation of Privilege Vulnerability

CVE-2016-7222

Shanti Lindström Individual

MS16-129

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7195

Kai Song of Tencent’s Xuanwu LAB

MS16-129

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7196

Kai Song of Tencent’s Xuanwu LAB

MS16-129

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-7198

Liu Long of Qihoo 360

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7200

Natalie Silvanovich of Google Project Zero

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7200

Qixun Zhao of Qihoo 360 Skyeye Labs

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7201

Natalie Silvanovich of Google Project Zero

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7202

bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7202

Natalie Silvanovich of Google Project Zero

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7202

Scott Bell of Security-Assessment.com

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7203

Natalie Silvanovich of Google Project Zero

MS16-129

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-7204

Abdulrahman Alqabandi (@qab)

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7208

Microsoft ChakraCore Team

MS16-129

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-7227

Masato Kinugawa of Cure53

MS16-129

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-7239

Masato Kinugawa via Google VRP

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7240

Natalie Silvanovich of Google Project Zero

MS16-129

Microsoft Browser Remote Code Execution Vulnerability

CVE-2016-7241

Natalie Silvanovich of Google Project Zero

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7242

Qixun Zhao of Qihoo 360 Skyeye Labs

MS16-129

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7243

Nicolas Joly of MSRCE UK

October 2016

MS16-126

Internet Explorer Information Disclosure Vulnerability

CVE-2016-3298

Will Metcalf and Kafeine of Proofpoint

MS16-125

Windows Diagnostics Hub Elevation of Privilege

CVE-2016-7188

James Forshaw of Google Project Zero

MS16-124

Windows Kernel Local Elevation of Privilege

CVE-2016-0070

Fortinet’s FortiGuard Labs

MS16-124

Windows Kernel Local Elevation of Privilege

CVE-2016-0070

James Forshaw of Google Project Zero

MS16-124

Windows Kernel Local Elevation of Privilege

CVE-2016-0070

Mateusz Jurczyk of Google Project Zero

MS16-124

Windows Kernel Local Elevation of Privilege

CVE-2016-0073

James Forshaw of Google Project Zero

MS16-124

Windows Kernel Local Elevation of Privilege

CVE-2016-0075

James Forshaw of Google Project Zero

MS16-124

Windows Kernel Local Elevation of Privilege

CVE-2016-0079

James Forshaw of Google Project Zero

MS16-123

Win32k Elevation of Privilege Vulnerability

CVE-2016-3266

pgboy, zhong_sf of Qihoo 360 Vulcan Team

MS16-123

Windows Transaction Manager Elevation of Privilege Vulnerability

CVE-2016-3341

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS16-123

Windows Kernel Elevation of Privilege vulnerability

CVE-2016-3376

Mateusz Jurczyk of Google Project Zero

MS16-123

Windows Kernel Elevation of Privilege vulnerability

CVE-2016-3376

James Forshaw of Google Project Zero

MS16-123

Windows Kernel Driver Local Elevation of Privilege

CVE-2016-7185

James Forshaw of Google Project Zero

MS16-123

Win32k Elevation of Privilege Vulnerability

CVE-2016-7211

fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360

MS16-121

Microsoft Office Memory Corruption Vulnerability

CVE-2016-7193

 Austrian MilCERT

MS16-120

True Type Font Parsing Information Disclosure Vulnerability

CVE-2016-3209

Mateusz Jurczyk of Google Project Zero

MS16-120

GDI+ Information Disclosure Vulnerability

CVE-2016-3262

Mateusz Jurczyk of Google Project Zero

MS16-120

GDI+ Information Disclosure Vulnerability

CVE-2016-3263

Mateusz Jurczyk of Google Project Zero

MS16-120

Win32k Elevation of Privilege Vulnerability

CVE-2016-3270

pgboy, zhong_sf of Qihoo 360 Vulcan Team

MS16-120

Windows Graphics Component RCE Vulnerability

CVE-2016-3393

Anton Ivanov of Kaspersky Lab

MS16-120

True Type Font Parsing Elevation of Privilege Vulnerability

CVE-2016-7182

Mateusz Jurczyk of Google Project Zero

MS16-119

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3267

Wenxiang Qian of Tencent QQBrowser

MS16-119

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3331

Zheng Huang of the Baidu Security Lab

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3382

Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3386

Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3386

Natalie Silvanovich of Google Project Zero

MS16-119

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2016-3387

James Forshaw of Google Project Zero

MS16-119

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2016-3388

James Forshaw of Google Project Zero

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3389

Microsoft ChakraCore Team

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3390

Microsoft ChakraCore Team

MS16-119

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Stefaan Truijen, working with NVISO

MS16-119

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Adrian Toma, working with NVISO (internship)

MS16-119

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Daan Raman, working with NVISO

MS16-119

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Arne Swinnen working with NVISO

MS16-119

Microsoft Browser Security Feature Bypass

CVE-2016-3392

Xiaoyin Liu

MS16-119

Scripting Engine Information Disclosure Vulnerability

CVE-2016-7189

Natalie Silvanovich of Google Project Zero

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7190

Natalie Silvanovich of Google Project Zero

MS16-119

Scripting Engine Memory Corruption Vulnerability

CVE-2016-7194

Natalie Silvanovich of Google Project Zero

MS16-119

-------------------

-------------------

Andrew Wesie (awesie) from Theori

MS16-118

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3267

Wenxiang Qian of Tencent QQBrowser

MS16-118

Internet Explorer Information Disclosure Vulnerability

CVE-2016-3298

Will Metcalf and Kafeine of Proofpoint

MS16-118

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3331

Zheng Huang of the Baidu Security Lab

MS16-118

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3382

Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-118

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3383

0011, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-118

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3384

62600BCA031B9EB5CB4A74ADDDD6771E, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-118

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3385

Jaehun Jeong (n3sk), of WINS, WSEC Analysis Team, working with VeriSign iDefense Labs

MS16-118

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2016-3387

James Forshaw of Google Project Zero

MS16-118

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2016-3388

James Forshaw of Google Project Zero

MS16-118

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Stefaan Truijen, working with NVISO

MS16-118

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Adrian Toma, working with NVISO (internship

MS16-118

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Daan Raman, working with NVISO

MS16-118

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3391

Arne Swinnen working with NVISO

-------------------

Defense-in-depth

-------------------

James Forshaw of Google Project Zero

September 2016

MS16-116

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3376

An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-115

PDF Library Information Disclosure Vulnerability

CVE-2016-3370

Ke Liu of Tencent’s Xuanwu Lab

MS16-115

PDF Library Information Disclosure Vulnerability

CVE-2016-3374

Roberto Suggi Liverani (@malerisch) of malerisch.net

MS16-115

PDF Library Information Disclosure Vulnerability

CVE-2016-3374

Steven Seeley of Source Incite

MS16-114

Windows SMB Authenticated Remote Code Execution Vulnerability

CVE-2016-3345

Alexander Ovchinnikov of Tuxera Inc

MS16-114

Windows SMB Authenticated Remote Code Execution Vulnerability

CVE-2016-3345

Oleg Kravtsov of Tuxera Inc

MS16-112

Windows Lock Screen Elevation of Privilege Vulnerability

CVE-2016-3302

Auri A. Rahimzadeh of Auri’s Ideas

MS16-111

Windows Session Object Elevation of Privilege Vulnerability

CVE-2016-3305

The Citrix Product Security Team

MS16-111

Windows Session Object Elevation of Privilege Vulnerability

CVE-2016-3306

The Citrix Product Security Team

MS16-111

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-3371

James Forshaw of Google Project Zero

MS16-111

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-3372

Marcin Wiazowski, individual

MS16-111

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-3373

James Forshaw of Google Project Zero

MS16-110

Windows Denial of Service Vulnerability

CVE-2016-3369

Piotr Bania of Cisco Talos

MS16-110

Windows Remote Code Execution Vulnerability

CVE-2016-3368

Jonathan Brown of VMware, Inc

MS16-108

Defense-in-depth

-------------------

John Page of ApparitionSec 


MS16-108

Microsoft Exchange Information Disclosure Vulnerability

CVE-2016-0138

Bassel Rachid of DH Corporation


MS16-108

Microsoft Exchange Information Disclosure Vulnerability

CVE-2016-0138

Lucie Brochu of DH Corporation

MS16-108

Microsoft Exchange Open Redirect Vulnerability

CVE-2016-3378

John Page of ApparitionSec 

MS16-108

Microsoft Exchange Elevation of Privilege Vulnerability

CVE-2016-3379

Adrian Ivascu

MS16-107

Microsoft APP-V ASLR Bypass

CVE-2016-0137

Udi Yavo of enSilo

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3357

Steven Vittitoe of Google Project Zero

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3358

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3359

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3361

Steven Seeley of Source Incite

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3362

Steven Seeley of Source Incite

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3363

Steven Seeley of Source Incite

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3364

Eduardo Braun Prado

MS16-107

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3365

Steven Seeley of Source Incite, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-107

Microsoft Office Spoofing Vulnerability

CVE-2016-3366

Incident Response Team of Certego

MS16-106

Win32k Elevation of Privilege Vulnerability

CVE-2016-3348

RanchoIce of the Baidu Security Lab

MS16-106

GDI Information Disclosure Vulnerability

CVE-2016-3354

WanderingGlitch of Trend Micro’s Zero Day Initiative (ZDI)

MS16-106

GDI Information Disclosure Vulnerability

CVE-2016-3355

Liang Yin of Tencent PC Manager via GeekPwn

MS16-105

Defense-in-depth

-------------------

Henry Li (zenhumany) of Trend Micro

MS16-105

Defense-in-depth

-------------------

Jun Kokatsu

MS16-105

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3247

SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-105

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3291

Nathaniel Theis (XMPPwocky)

MS16-105

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-3294

Shi Ji (@Puzzor) of VARAS@IIE, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-105

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3295

Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-105

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3297

Liu Long of Qihoo 360

MS16-105

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3325

SkyLined

MS16-105

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-3330

F4B3CD of STARLAB

MS16-105

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-3350

Microsoft ChakraCore Team

MS16-105

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3351

Kafeine, Brooks Li of Trend Micro

MS16-105

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3377

Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-104

Defense-in-depth

-------------------

Jun Kokatsu

MS16-104

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3247

SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-104

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3291

Nathaniel Theis (XMPPwocky)

MS16-104

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2016-3292

Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-104

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3295

Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-104

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3297

Liu Long of Qihoo 360

MS16-104

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3324

SkyLined

MS16-104

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3325

SkyLined

MS16-104

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3351

Kafeine, Brooks Li of Trend Micro

MS16-104

Internet Explorer Security Feature Bypass

CVE-2016-3353

Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-104

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3375

Yuki Chen of Qihoo 360 Vulcan Team

MS16-104

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3375

Simon Zuckerbraun working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-104

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3375

Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)

-------------------

Defense-in-depth

-------------------

Fortinet’s FortiGuard Labs

-------------------

Defense-in-depth

-------------------

Steven Seeley of Source Incite working with iDefense

-------------------

Defense-in-depth

-------------------

Reno Robert

August 2016

MS16-102

Microsoft PDF Remote Code Execution Vulnerability

CVE-2016-3319

Aleksandar Nikolic of Cisco Talos

MS16-101

Kerberos Elevation of Privilege Vulnerability

CVE-2016-3237

Nabeel Ahmed of Dimension Data

MS16-099

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3313

Jaanus Kaap

MS16-099

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3313

Sébastien Morin of COSIG

MS16-099

Microsoft OneNote Information Disclosure Vulnerability

CVE-2016-3315

dannywei of Tencent’s Xuanwu Lab

MS16-099

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3316

Francis Provencher of COSIG

MS16-099

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3317

Dhanesh Kizhakkinan of FireEye Inc

MS16-099

Graphics Component Memory Corruption Vulnerability

CVE-2016-3318

Arun Kumar Sharma, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-099

Defense-in-depth

-----------------

Jerry Decime of Hewlett Packard Enterprise

MS16-098

Win32k Elevation of Privilege Vulnerability

CVE-2016-3308

Peter (Keen) working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-098

Win32k Elevation of Privilege Vulnerability

CVE-2016-3308

ZeguangZhao (team509), working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-098

Win32k Elevation of Privilege Vulnerability

CVE-2016-3309

bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-098

Win32k Elevation of Privilege Vulnerability

CVE-2016-3310

Wayne Low of Fortinet’s Fortiguard Labs

MS16-098

Win32k Elevation of Privilege Vulnerability

CVE-2016-3311

pgboy, zhong_sf of Qihoo 360 Vulcan Team

MS16-098

Defense-in-depth

-----------------

Martin Lenord

MS16-097

Windows Graphics Component RCE Vulnerability

CVE-2016-3301

Mateusz Jurczyk of Google Project Zero

MS16-097

Windows Graphics Component RCE Vulnerability

CVE-2016-3303

Mateusz Jurczyk of Google Project Zero

MS16-097

Windows Graphics Component RCE Vulnerability

CVE-2016-3304

Mateusz Jurczyk of Google Project Zero

MS16-096

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3289

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-096

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3293

Kai Song (exp-sky) of Tencent’s Xuanwu LAB

MS16-096

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3296

Microsoft ChakraCore Team

MS16-096

Microsoft PDF Remote Code Execution Vulnerability

CVE-2016-3319

Aleksandar Nikolic of Cisco Talos

MS16-096

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3322

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-096

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3326

Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-096

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3327

Soroush Dalili of NCC Group

MS16-096

Microsoft Browser Information Disclosure

CVE-2016-3329

Masato Kinugawa of Cure53

MS16-095

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3288

Ivan Fratric and Martin Barbella, working with Google Project Zero

MS16-095

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3289

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-095

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3290

Liu Long of Qihoo 360

MS16-095

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3293

Kai Song (exp-sky) of Tencent’s Xuanwu LAB

MS16-095

Internet Explorer Information Disclosure Vulnerability

CVE-2016-3321

Yorick Koster of Securify B.V.

MS16-095

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3322

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-095

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3326

Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-095

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3327

Soroush Dalili of NCC Group

MS16-095

Microsoft Browser Information Disclosure

CVE-2016-3329

Masato Kinugawa of Cure53

July 2016

MS16-092

Windows File System Security Feature Bypass Vulnerability

CVE-2016-3258

James Forshaw of Google Project Zero

MS16-092

Windows Kernel Information Disclosure Vulnerability

CVE-2016-3272

Herbert Bos of Vrije Universiteit Amsterdam

MS16-091

.NET Information Disclosure Vulnerability

CVE-2016-3255

Michael Weber, Henrique Arcoverde
NCC Group

MS16-090

Win32k Elevation of Privilege Vulnerability

CVE-2016-3249

bee13oy of CloverSec Labs

MS16-090

Win32k Elevation of Privilege Vulnerability

CVE-2016-3250

zhong_sf and pgboy of Qihoo 360 Vulcan Team

MS16-090

GDI Component Information Disclosure Vulnerability

CVE-2016-3251

zhong_sf and pgboy of Qihoo 360 Vulcan Team

MS16-090

Win32k Elevation of Privilege Vulnerability

CVE-2016-3252

fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360

MS16-090

Win32k Elevation of Privilege Vulnerability

CVE-2016-3254

zhong_sf and pgboy of Qihoo 360 Vulcan Team

MS16-090

Microsoft win32k Elevation of Privilege Vulnerability

CVE-2016-3286

zhong_sf and pgboy of Qihoo 360 Vulcan Team

MS16-088

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3278

Xiaoning Li of Intel Labs

MS16-088

Microsoft Security Feature Bypass Vulnerability

CVE-2016-3279

Haifei Li of Intel Security

MS16-088

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3280

Lucas Leong of Trend Micro

MS16-088

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3281

Jaanus Kääp of Clarified Security

MS16-088

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3282

Jaanus Kääp of Clarified Security

MS16-088

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3283

Jaanus Kääp of Clarified Security

MS16-088

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3284

Alexey Belyakov, Individual

MS16-087

Microsoft Print Spooler Remote Code Execution Vulnerability

CVE-2016-3238

Nicolas Beauchesne of Vectra Networks

MS16-087

Windows Print Spooler Elevation of Privilege

CVE-2016-3239

Shanti Lindström, Individual

MS16-085

Microsoft Edge Security Feature Bypass

CVE-2016-3244

Zheng Huang of the Baidu Security Lab

MS16-085

Microsoft Edge Security Feature Bypass

CVE-2016-3244

Henry Li (zenhumany) of Trend Micro

MS16-085

Microsoft Edge Security Feature Bypass

CVE-2016-3244

Kai Song (exp-sky) of Tencent’s Xuanwu LAB

MS16-085

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-3246

cc working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-085

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3248

Microsoft ChakraCore Team

MS16-085

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3259

Jaehun Jeong (nesk), Individual

MS16-085

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3264

exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-085

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3265

Jordan Rabet, Microsoft Offensive Security Research Team

MS16-085

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3269

Jordan Rabet, Microsoft Offensive Security Research Team

MS16-085

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3271

WanderingGlitch, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-085

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3273

Masato Kinugawa of Cure53

MS16-085

Microsoft Browser Spoofing Vulnerability

CVE-2016-3274

Ferenc Lutischán of Magyar Telekom Nyrt

MS16-085

Microsoft Edge Spoofing Vulnerability

CVE-2016-3276

Wenxiang Qian of Tencent QQBrowserhttp://browser.qq.com

MS16-085

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3277

Henry Li (zenhumany) of Trend Micro

MS16-084

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3240

Hui Gao of Palo Alto Networks

MS16-084

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3241

62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-084

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3242

62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-084

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3243

Zheng Huang of the Baidu Security Lab

MS16-084

Internet Explorer Security Feature Bypass

CVE-2016-3245

Masato Kinugawa of Cure53

MS16-084

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3259

Jaehun Jeong (nesk), Individual

MS16-084

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3260

Jordan Rabet of Microsoft Offensive Security Research Team

MS16-084

Internet Explorer Information Disclosure Vulnerability

CVE-2016-3261

Li Kemeng, Baidu Security Lab

MS16-084

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-3264

exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-084

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3273

Masato Kinugawa of Cure53

MS16-084

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3275

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-084

Microsoft Browser Information Disclosure Vulnerability

CVE-2016-3277

Henry Li (zenhumany) of Trend Micro

June 2016

MS16-081

Active Directory Denial of Service Vulnerability

CVE-2016-3226

Ondrej Sevecek of GOPAS

MS16-080

Windows PDF Information Disclosure Vulnerability

CVE-2016-3201

Jaanus Kääp of Clarified Security

MS16-080

Windows PDF Remote Code Execution Vulnerability

CVE-2016-3203

Ke Liu of Tencent’s Xuanwu Lab

MS16-080

Windows PDF Remote Code Execution Vulnerability

CVE-2016-3203

kdot working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-080

Windows PDF Information Disclosure Vulnerability

CVE-2016-3215

Ke Liu of Tencent’s Xuanwu Lab

MS16-080

Windows PDF Information Disclosure Vulnerability

CVE-2016-3215

kdot working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-079

Microsoft Exchange Information Disclosure Vulnerability

CVE-2016-0028

Louis-Paul Dareau of ProcessOut

MS16-078

Windows Diagnostics Hub Elevation of Privilege

CVE-2016-3231

lokihardt, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-078

Windows Diagnostics Hub Elevation of Privilege

CVE-2016-3231

Qihoo 360 Vulcan Team

MS16-077

WPAD Elevation of Privilege Vulnerability

CVE-2016-3213

Moritz Jodeit of Blue Frost Security GmbH

MS16-077

WPAD Elevation of Privilege Vulnerability

CVE-2016-3213

Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab

MS16-074

Windows Graphics Component Information Disclosure Vulnerability

CVE-2016-3216

Mateusz Jurczyk of Google Project Zero

MS16-074

Win32k Elevation of Privilege Vulnerability

CVE-2016-3219

James Forshaw of Google Project Zero

MS16-074

ATMFD.DLL Elevation of Privilege Vulnerability

CVE-2016-3220

Mateusz Jurczyk of Google Project Zero

MS16-073

Win32k Elevation of Privilege Vulnerability

CVE-2016-3218

zhong_sf and pgboy of Qihoo 360 Vulcan Team

MS16-073

Win32k Elevation of Privilege Vulnerability

CVE-2016-3221

RanchoIce of the Baidu Security Lab

MS16-072

Group Policy Elevation of Privilege Vulnerability

CVE-2016-3223

NabeelAhmed of Dimension Data

MS16-072

Group Policy Elevation of Privilege Vulnerability

CVE-2016-3223

Tom Gilis of Dimension Data

MS16-070

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0025

YangKang of 360 QEX Team

MS16-070

Microsoft Office Memory Corruption Vulnerability

CVE-2016-3233

David D. Rude II working with iDefense

MS16-070

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0025

LiYaDong of 360 QEX Team

MS16-070

Microsoft Office Information Disclosure Vulnerability

CVE-2016-3234

Dhanesh Kizhakkinan of FireEye Inc

MS16-070

Microsoft Office OLE DLL Side Loading Vulnerability

CVE-2016-3235

Yorick Koster of Securify B.V.

MS16-070

Defense-in-depth

-----------------

Danny Wei Wei of Tencent’s Xuanwu Lab

MS16-069

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3205

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-069

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3206

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-069

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3207

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-068

Microsoft Edge Security Feature Bypass

CVE-2016-3198

Mario Heiderich of Cure53

MS16-068

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3199

lokihardt working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-068

Windows PDF Information Disclosure Vulnerability

CVE-2016-3201

Jaanus Kääp of Clarified Security

MS16-068

Windows PDF Remote Code Execution Vulnerability

CVE-2016-3203

kdot working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-068

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3214

Jordan Rabet of Microsoft Offensive Security Research Team

MS16-068

Windows PDF Information Disclosure Vulnerability

CVE-2016-3215

Ke Liu of Tencent’s Xuanwu Lab

MS16-068

Windows PDF Information Disclosure Vulnerability

CVE-2016-3215

kdot working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-068

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-3222

Shi Ji (@Puzzor) of VARAS@IIE working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-068

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-3222

Kai Song (exp-sky) of Tencent’s Xuanwu Lab

MS16-063

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0199

SkyLined working with iDefense

MS16-063

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0200

62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3205

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3206

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3207

Tao Yan (@Ga1ois) of Palo Alto Networks

MS16-063

Scripting Engine Memory Corruption Vulnerability

CVE-2016-3210

Moritz Jodeit of Blue Frost Security

MS16-063

Internet Explorer Memory Corruption Vulnerability

CVE-2016-3211

Ashutosh Mehra working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-063

Internet Explorer XSS Filter Vulnerability

CVE-2016-3212

Masato Kinugawa of Cure53

MS16-063

WPAD Elevation of Privilege Vulnerability

CVE-2016-3299

Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab

May 2016

MS16-067

Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability

CVE-2016-0190

Sandeep Kumar of Citrix Systems Inc.

MS16-066

Hypervisor Code Integrity Security Feature Bypass

CVE-2016-0181

Rafal Wojtczuk of Bromium

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0171

Nils Sommer of bytegeist, working with Google Project Zero

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0173

Nils Sommer of bytegeist, working with Google Project Zero

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0173

Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0174

Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Win32k Information Disclosure Vulnerability

CVE-2016-0175

Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2016-0176

Peter Hlavaty of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2016-0176

Daniel King of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0196

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-062

Win32k Elevation of Privilege Vulnerability

CVE-2016-0196

Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-062

Defense-in-depth

-----------------

Fermin J. Serna

MS16-061

RPC Network Data Representation Engine Elevation of Privilege Vulnerability

CVE-2016-0178

Evgeny Kotkov of VisualSVN

MS16-061

RPC Network Data Representation Engine Elevation of Privilege Vulnerability

CVE-2016-0178

Ivan Zhakov of VisualSVN

MS16-060

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-0180

Loren Robinson of CrowdStrike, Inc.

MS16-060

Windows Kernel Elevation of Privilege Vulnerability

CVE-2016-0180

Alex Ionescu of CrowdStrike, Inc.

MS16-059

Windows Media Center Remote Code Execution Vulnerability

CVE-2016-0185

Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-057

Windows Shell Remote Code Execution Vulnerability

CVE-2016-0179

Shi Ji (@Puzzor) of VARAS@IIE

MS16-056

Journal Memory Corruption Vulnerability

CVE-2016-0182

Jason Kratzer, working with VeriSign iDefense Labs

MS16-056

Journal Memory Corruption Vulnerability

CVE-2016-0182

Bingchang Liu of VARAS@IIE

MS16-055

Windows Graphics Component Information Disclosure Vulnerability

CVE-2016-0168

Mateusz Jurczyk of Google Project Zero

MS16-055

Windows Graphics Component Information Disclosure Vulnerability

CVE-2016-0169

Mateusz Jurczyk of Google Project Zero

MS16-055

WIndows Graphics Component RCE vulnerability

CVE-2016-0170

Mateusz Jurczyk of Google Project Zero

MS16-055

Direct3D Use After Free RCE Vulnerability

CVE-2016-0184

Henry Li(zenhumany) of Trend Micro

MS16-054

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0126

An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team

MS16-054

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0126

Hao Linan of Qihoo 360 Vulcan Team

MS16-054

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0140

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-054

Office Graphics RCE Vulnerability

CVE-2016-0183

Lucas Leong of Trend Micro

MS16-053

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0187

Kai Kang

MS16-052

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0186

Brian Pak (cai) from Theori, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0186

Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0191

Lokihart working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0192

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0193

Zhen Feng, Wen Xu of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-052

Defense-in-depth

-----------------

Bing Sun Intel Security Group

MS16-051

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0187

Kai Kang

MS16-051

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0192

Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-051

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0194

Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-051

Defense-in-depth

-----------------

Zhang Yunhai of NSFOCUS

April 2016

MS16-049

HTTP.sys Denial of Service Vulnerability

CVE-2016-0150

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-049

HTTP.sys Denial of Service Vulnerability

CVE-2016-0150

Noam Mazor of Imperva

MS16-048

Windows CSRSS Security Feature Bypass Vulnerability

CVE-2016-0151

James Forshaw of Google Project Zero

MS16-047

Windows RPC Downgrade Vulnerability

CVE-2016-0128

This vulnerability was discovered and researched by Stefan Metzmacher of SAMBA+ and the Samba Team, which also helped design a fix for the problem.
For more information about the vulnerability named “BADLOCK,” see Badlock Bug.

MS16-046

Secondary Logon Elevation of Privilege Vulnerability

CVE-2016-0135

Tenable Network Security

MS16-045

Hyper-V Remote Code Execution Vulnerability

CVE-2016-0088

Kostya Kortchinsky of the Google Security Team

MS16-045

Hyper-V Remote Code Execution Vulnerability

CVE-2016-0088

Thomas Garnier

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0089

Kostya Kortchinsky of the Google Security Team

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0089

Thomas Garnier

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0090

Kostya Kortchinsky of the Google Security Team

MS16-045

Hyper-V Information Disclosure vulnerability

CVE-2016-0090

Thomas Garnier

MS16-044

Windows OLE Remote Code Execution Vulnerability

CVE-2016-0153

Debasish Mandal of the Intel Security IPS Vulnerability Research Team

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0122

Sébastien Morin of COSIG

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0127

Lucas Leong of Trend Micro

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0136

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-042

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0139

Steven Seeley of Source Incite

MS16-041

.NET Framework Remote Code Execution Vulnerability

CVE-2016-0148

Yorick Koster of Securify B.V.

MS16-041

.NET Framework Remote Code Execution Vulnerability

CVE-2016-0148

rgod, working with Trend Micro’s Zero Day Initiative (ZDI)

MS16-040

MSXML 3.0 Remote Code Execution Vulnerability

CVE-2016-0147

Nicolas Grégoire of Agarri

MS16-039

Win32k Elevation of Privilege Vulnerability

CVE-2016-0143

Nils Sommer of bytegeist, working with Google Project Zero

MS16-039

Graphics Memory Corruption Vulnerability

CVE-2016-0145

Mateusz Jurczyk of Google Project Zero

MS16-039

Win32k Elevation of Privilege Vulnerability

CVE-2016-0165

Kaspersky Lab

MS16-039

Win32k Elevation of Privilege Vulnerability

CVE-2016-0167

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-039

Defense-in-depth

-----------------

Richard Shupak

MS16-038

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0154

Liu Long of Qihoo 360

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0155

Liu Long of Qihoo 360

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0156

Shi Ji (@Puzzor) of VARAS@IIE

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0156

Liu Long of Qihoo 360

MS16-038

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0157

d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative

MS16-038

Microsoft Edge Elevation of Privilege Vulnerability

CVE-2016-0158

lokihardt, working with HP’s Zero Day Initiative

MS16-038

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0161

QianWen Xiang of Tencent QQBrowser

MS16-037

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0154

Liu Long of the Qihoo 360 Vulcan Team

MS16-037

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0159

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS16-037

DLL Loading Remote Code Execution Vulnerability

CVE-2016-0160

Sandro Poppi

MS16-037

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0162

Ladislav Janko, working with ESET

MS16-037

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0164

Zheng Huang of the Baidu Security Lab

MS16-037

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0166

Henry Li (zenhumany) of Trend Micro, working with HP’s Zero Day Initiative

3152550

N/A

N/A

Marc Newlin of the Bastille Threat Research Team

March 2016

MS16-035

.NET XML Validation Security Feature Bypass

CVE-2016-0132

Anders Abel of Kentor

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0093

Nils Sommer of bytegeist, working with Google Project Zero

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0094

Nils Sommer of bytegeist, working with Google Project Zero

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0095

Jueming of Security Threat Information Center

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0095

bee13oy of CloverSec Labs, working with HP’s Zero Day Initiative

MS16-034

Win32k Elevation of Privilege Vulnerability

CVE-2016-0096

fanxiaocao and pjf of IceSword Lab, Qihoo 360

MS16-033

USB Mass Storage Elevation of Privilege Vulnerability

CVE-2016-0133

Andy Davis, NCC Group

MS16-032

Secondary Logon Elevation of Privilege Vulnerability

CVE-2016-0099

James Forshaw of Google Project Zero

MS16-031

Windows Elevation of Privilege Vulnerability

CVE-2016-0087

Meysam Firozi @R00tkitSmm

MS16-030

Windows OLE Memory Remote Code Execution Vulnerability

CVE-2016-0091

Anonymous, working with HP’s Zero Day Initiative

MS16-030

Windows OLE Memory Remote Code Execution Vulnerability

CVE-2016-0092

Anonymous, working with HP’s Zero Day Initiative

MS16-029

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0021

Richard Warren of NCC Group

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Eric Clausing of AV-TEST GmbH

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Ulf Loesche of AV-TEST GmbH

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Maik Morgenstern of AV-TEST GmbH

MS16-029

Microsoft Security Feature Bypass Vulnerability

CVE-2016-0057

Andreas Marx of AV-TEST GmbH

MS16-029

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0134

Jack Tang of Trend Micro

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0102

Liu Long of Qihoo 360

MS16-028

Windows Remote Code Execution Vulnerability

CVE-2016-0117

Mark Yason, IBM X-Force

MS16-028

Windows Remote Code Execution Vulnerability

CVE-2016-0118

Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative

MS16-027

Windows Media Parsing Remote Code Execution Vulnerability

CVE-2016-0101

Bruno Martinez

MS16-026

OpenType Font Parsing Vulnerability

CVE-2016-0120

Mateusz Jurczyk of Google Project Zero

MS16-026

OpenType Font Parsing Vulnerability

CVE-2016-0121

Mateusz Jurczyk of Google Project Zero

MS16-025

Library Loading Input Validation Remote Code Execution Vulnerability

CVE-2016-0100

Yorick Koster of Securify B.V.

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0102

Liu Long of Qihoo 360

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0105

Zheng Huang of the Baidu Security Lab

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0109

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0110

Zheng Huang of the Baidu Security Lab

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0111

Zheng Huang of the Baidu Security Lab

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0116

The Microsoft ChakraCore Team

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0123

d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative

MS16-024

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0124

003, working with HP’s Zero Day Initiative

MS16-024

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0125

Richard Shupak

MS16-024

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0125

Hariram Balasundaram

MS16-024

Microsoft Edge Information Disclosure Vulnerability

CVE-2016-0125

Yashvier Kosaraju

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0129

The Microsoft ChakraCore Team

MS16-024

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0130

The Microsoft ChakraCore Team

MS16-024

Defense-in-depth

-----------------

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS16-024

Defense-in-depth

-----------------

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0103

Zheng Huang of the Baidu Security Lab

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0104

Li Kemeng of the Baidu Security Lab

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0105

Zheng Huang of the Baidu Security Lab

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0106

sky, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0107

Hui Gao of Palo Alto Networks

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0107

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0107

Tigonlab

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0108

Abhishek Arya and Martin Barbella, working with Google Project Zero

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0109

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0110

Zheng Huang of the Baidu Security Lab

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0111

Abhishek Arya working with Google Project Zero

MS16-023

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0111

Martin Barbella, working with Google Project Zero

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0112

sky, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0112

0011, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0113

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-023

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0114

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS16-023

Defense-in-depth

-----------------

Simon Zuckerbraun working with HP’sZero Day Initiative

February 2016

MS16-018

Win32k Elevation of Privilege Vulnerability

CVE-2016-0048

fanxiaocao and pjf of Qihoo 360

MS16-016

WebDAV Elevation of Privilege Vulnerability

CVE-2016-0051

Tamás Koczka of Tresorit

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0022

Lucas Leong of Trend Micro

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0052

Lucas Leong of Trend Micro

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0053

Lucas Leong of Trend Micro

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0055

Kai Lu of Fortinet’s FortiGuard Labs

MS16-015

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0056

An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team

MS16-015

Microsoft SharePoint XSS Vulnerability

CVE-2016-0039

Hadji Samir of Evolution Security GmbH (Vulnerability Lab)

MS16-014

Windows Elevation of Privilege Vulnerability

CVE-2016-0040

Meysam Firozi @R00tkitSmm

MS16-014

Windows Elevation of Privilege Vulnerability

CVE-2016-0040

Su Yong Kim of SSLab, Georgia Institute of Technology

MS16-014

Windows Elevation of Privilege Vulnerability

CVE-2016-0040

Taesoo Kim of SSLab, Georgia Institute of Technology

MS16-014

Windows Elevation of Privilege Vulnerability

CVE-2016-0040

Byoungyoung Lee of SSLab, Georgia Institute of Technology

MS16-014

DLL Loading Remote Code Execution Vulnerability

CVE-2016-0041

Greg Linares, working with CyberPoint SRT

MS16-014

DLL Loading Remote Code Execution Vulnerability

CVE-2016-0041

Yorick Koster of Securify B.V.

MS16-014

Windows DLL Loading Remote Code Execution Vulnerability

CVE-2016-0042

Richard Warren of NCC Group

MS16-014

Windows Kerberos Security Feature Bypass

CVE-2016-0049

Vulnerability discovered by Nabeel Ahmed of Dimension Data

MS16-014

Windows Kerberos Security Feature Bypass

CVE-2016-0049

Vulnerability discovered by Tom Gilis of Dimension Data

MS16-013

Windows Journal Memory Corruption Vulnerability

CVE-2016-0038

Rohit Mothe of VeriSign iDefense Labs

MS16-012

Microsoft Windows Reader Vulnerability

CVE-2016-0046

Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative

MS16-012

Microsoft PDF Library Buffer Overflow Vulnerability

CVE-2016-0058

Atte Kettunen of OUSPG

MS16-011

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0060

003, working with HP’s Zero Day Initiative

MS16-011

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0061

SkyLined, working with HP’s Zero Day Initiative

MS16-011

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0062

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-011

Microsoft Edge ASLR Bypass

CVE-2016-0080

Zhang Yunhai of NSFOCUS

MS16-009

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0059

Kai Lu of Fortinet’s FortiGuard Labs

MS16-009

Internet Explorer Information Disclosure Vulnerability

CVE-2016-0059

Steven Seeley of Source Incite

MS16-009

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0060

003, working with HP’s Zero Day Initiative

MS16-009

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0061

SkyLined, working with HP’s Zero Day Initiative

MS16-009

Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0062

Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0063

SkyLined, working with HP’s Zero Day Initiative

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0064

Jack Tang of Trend Micro

MS16-009

Internet Explorer Elevation of Privilege Vulnerability

CVE-2016-0068

Masato Kinugawa of Cure53

MS16-009

Internet Explorer Elevation of Privilege Vulnerability

CVE-2016-0069

Yosuke HASEGAWA of Secure Sky Technology Inc.

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0071

Dhanesh Kizhakkinan of FireEye, Inc.

MS16-009

Internet Explorer Memory Corruption Vulnerability

CVE-2016-0072

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS16-009

Microsoft Browser Spoofing Vulnerability

CVE-2016-0077

Kacper Rybczyński

3137909

N/A

N/A

Michael Reizelman

January 2016

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0029

Abdulrahman Alqabandi

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0030

Alexandru Coltuneac

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0031

Nirmal Kirubakaran, Individual

MS16-010

Microsoft Exchange Spoofing Vulnerability

CVE-2016-0032

Ysrael Gurt of BugSec

MS16-008

Windows Mount Point Elevation of Privilege Vulnerability

CVE-2016-0006

James Forshaw of Google Project Zero

MS16-008

Windows Mount Point Elevation of Privilege Vulnerability

CVE-2016-0007

James Forshaw of Google Project Zero

MS16-007

DLL Loading Elevation of Privilege Vulnerability

CVE-2016-0014

Stefan Kanthak of Me, myself & IT

MS16-007

Windows DirectShow Heap Corruption RCE vulnerability

CVE-2016-0015

Steven Vittitoe of Google Project Zero

MS16-007

Windows Library Loading Remote Code Execution Vulnerability

CVE-2016-0016

Steven Vittitoe of Google Project Zero

MS16-007

Windows Library Loading Remote Code Execution Vulnerability

CVE-2016-0018

parvez@greyhathacker.net

MS16-007

Windows Library Loading Remote Code Execution Vulnerability

CVE-2016-0018

Debasish Mandal of the Intel Security IPS Vulnerability Research Team

MS16-007

Windows Remote Desktop Protocol Security Bypass Vulnerability

CVE-2016-0019

Gal Goldshtein of Citadel

MS16-007

Windows Remote Desktop Protocol Security Bypass Vulnerability

CVE-2016-0019

Viktor Minin of Citadel

MS16-007

MAPI LoadLibrary EoP Vulnerability

CVE-2016-0020

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS16-006

Silverlight Runtime Remote Code Execution Vulnerability

CVE-2016-0034

Anton Ivanov and Costin Raiu of Kaspersky Lab

MS16-005

Windows GDI32.dll ASLR Bypass Vulnerability

CVE-2016-0008

Steven Seeley of Source Incite, working with VeriSign iDefense Labs

MS16-005

Win32k Remote Code Execution Vulnerability

CVE-2016-0009

Kerem Gümrükcü

MS16-004

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0010

Kai Lu of Fortinet’s FortiGuard Labs

MS16-004

ASLR bypass vulnerability

CVE-2016-0012

IBM X-Forcer researcher Tom Kahana

MS16-004

ASLR bypass vulnerability

CVE-2016-0012

IBM X-Forcer researcher Elad Menahem

MS16-004

Microsoft SharePoint Security Feature Bypass Vulnerability

CVE-2015-6117

Jonas Nilsson of Disruptive Innovations AB

MS16-004

Microsoft Office Memory Corruption Vulnerability

CVE-2016-0035

Steven Seeley of Source Incite, working with HP’s Zero Day Initiative

MS16-003

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0002

Anonymous contributor, working with VeriSign iDefense Labs

MS16-002

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0003

003, working with HP’s Zero Day Initiative

MS16-002

Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0003

Shi Ji (@Puzzor) of VARAS@IIE

MS16-002

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0024

CESG

MS16-001

Scripting Engine Memory Corruption Vulnerability

CVE-2016-0002

Anonymous contributor, working with VeriSign iDefense Labs

MS16-004

Defense-in-depth

-----------------

Jack Tang of Trend Micro

MS16-002

Defense-in-depth

-----------------

Wenbin Zheng of Qihoo 360 Vulcan Team

MS16-001

Defense-in-depth

-----------------

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team

3109853

Defense-in-depth

-----------------

Thanks to Patrick Donahue, CloudFlare, for assistance in identifying the issue.

3109853

Defense-in-depth

-----------------

Thanks to Jeremiah Cohick, Fitbit, for assistance in identifying the issue.

3109853

Defense-in-depth

-----------------

Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.


Show: