Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft extends thanks to the following for working with us to help protect customers.
Bulletin ID | Vulnerability Title | CVE ID | Acknowledgment |
---|---|---|---|
December 2016 | |||
MS16-153 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-7295 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-151 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7259 | Behzad Najjarpour Jabbari, Secunia Research at Flexera Software |
MS16-151 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7259 | Sébastien Renaud of Quarkslab |
MS16-151 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7259 | Richard Le Dé of Quarkslab |
MS16-151 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7260 | Jfpan of IceSword Lab, Qihoo 360 |
MS16-151 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7260 | Fanxiaocao of IceSword Lab, Qihoo 360 |
MS16-149 | Windows Crypto Driver Information Disclosure Vulnerability | CVE-2016-7219 | Taesoo Kim of SSLab, Georgia Institue of Technology |
MS16-149 | Windows Crypto Driver Information Disclosure Vulnerability | CVE-2016-7219 | Su Yong Kim of SSLab, Georgia Institue of Technology |
MS16-149 | Windows Crypto Driver Information Disclosure Vulnerability | CVE-2016-7219 | Sangho Lee of SSLab, Georgia Institue of Technology |
MS16-149 | Windows Crypto Driver Information Disclosure Vulnerability | CVE-2016-7219 | Byoungyoung Lee of SSLab, Georgia Institue of Technology |
MS16-149 | Windows Installer Elevation of Privilege Vulnerability | CVE-2016-7292 | Thomas Vanhoutte (@SandboxEscaper) |
MS16-148 | Windows GDI Information Disclosure Vulnerability | CVE-2016-7257 | Steven Vittitoe of Google Project Zero |
MS16-148 | Microsoft Office Security Feature Bypass Vulnerability | CVE-2016-7262 | Iliyan Velikov of PwC UK |
MS16-148 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7263 | JChen of Palo Alto Networks |
MS16-148 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7264 | @j00sean |
MS16-148 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7265 | Steven Seeley of Source Incite |
MS16-148 | Microsoft Office Security Feature Bypass Vulnerability | CVE-2016-7266 | Robert Riskin |
MS16-148 | Microsoft Office Security Feature Bypass Vulnerability | CVE-2016-7267 | Haifei Li of Intel Security |
MS16-148 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7268 | @j00sean |
MS16-148 | Microsoft Office OLE DLL Side Loading Vulnerability | CVE-2016-7275 | Weibo Wang of Qihoo 360 Skyeye Labs |
MS16-148 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7276 | Steven Vittitoe of Google Project Zero |
MS16-148 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7277 | Jaanus Kääp of Clarified Security |
MS16-148 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7289 | Peixue Li of Fortinet’s FortiGuard Labs |
MS16-148 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7290 | Steven Seeley of Source Incite |
MS16-148 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7291 | Steven Seeley of Source Incite |
MS16-148 | Defense-in-depth | ------------------- | Steven Seeley of Source Incite |
MS16-148 | Defense-in-depth | ------------------- | @j00sean |
MS16-147 | Windows Uniscribe Remote Code Execution Vulnerability | CVE-2016-7274 | Hossein Lotfi, Secunia Research at Flexera Software |
MS16-146 | Windows GDI Information Disclosure Vulnerability | CVE-2016-7257 | Steven Vittitoe of Google Project Zero |
MS16-146 | Windows Graphics Remote Code Execution Vulnerability | CVE-2016-7272 | Giwan Go of STEALIEN, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-146 | Defense-in-depth | ------------------- | Henry Li (zenhumany) of Trend Micro |
MS16-145 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7181 | Veit Hailperin (@fenceposterror) of scip AG |
MS16-145 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7279 | The UK's National Cyber Security Centre (NCSC) |
MS16-145 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-7280 | Masato Kinugawa of Cure53 |
MS16-145 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7286 | Natalie Silvanovich of Google Project Zero |
MS16-145 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7287 | Natalie Silvanovich of Google Project Zero |
MS16-145 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7288 | Natalie Silvanovich of Google Project Zero |
MS16-145 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7296 | Linan Hao of Qihoo 360 Vulcan Team working with POC/PwnFest |
MS16-145 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7297 | Lokihart working with POC/PwnFest |
MS16-145 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7297 | Anonymous working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-144 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7202 | Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-144 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7202 | Scott Bell of Security-Assessment.com |
MS16-144 | Windows Hyperlink Object Library Information Disclosure Vulnerability | CVE-2016-7278 | Steven Seeley of Source Incite |
MS16-144 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7279 | The UK's National Cyber Security Centre (NCSC) |
MS16-144 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7283 | Scott Bell of Security-Assessment.com |
MS16-144 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-7284 | Li Kemeng of Baidu Security Lab |
MS16-144 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7287 | Natalie Silvanovich of Google Project Zero |
MS16-144 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7293 | Tigonlab |
November 2016 | |||
MS16-142 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7196 | Kai Song of Tencent’s Xuanwu LAB |
MS16-142 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7198 | Liu Long of Qihoo 360 |
MS16-142 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-7227 | Masato Kinugawa of Cure53 |
MS16-142 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-7239 | Masato Kinugawa via Google VRP |
MS16-142 | Microsoft Browser Remote Code Execution Vulnerability | CVE-2016-7241 | Natalie Silvanovich of Google Project Zero |
MS16-142 | Defense-in-depth | ------------------- | John Page of ApparitionSec |
MS16-139 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-7216 | James Forshaw of Google Project Zero |
MS16-139 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-7216 | Mateusz Jurczyk of Google Project Zero |
MS16-138 | VHDFS Driver Elevation of Privilege Vulnerability | CVE-2016-7223 | James Forshaw of Google Project Zero |
MS16-138 | VHDFS Driver Elevation of Privilege Vulnerability | CVE-2016-7224 | James Forshaw of Google Project Zero |
MS16-138 | VHDFS Driver Elevation of Privilege Vulnerability | CVE-2016-7225 | James Forshaw of Google Project Zero |
MS16-138 | VHDFS Driver Elevation of Privilege Vulnerability | CVE-2016-7226 | James Forshaw of Google Project Zero |
MS16-137 | Local Security Authority Subsystem Service Denial of Service Vulnerability | CVE-2016-7237 | Laurent Gaffie |
MS16-136 | SQL RDBMS Engine Elevation of Privilege Vulnerability | CVE-2016-7250 | Scott Sutherland of netSPI |
MS16-135 | Win32k Information Disclosure Vulnerability | CVE-2016-7214 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-135 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7215 | bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-135 | Bowser.sys Information Disclosure Vulnerabilty | CVE-2016-7218 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-135 | Win32k Elevation of Privilege | CVE-2016-7246 | Anonymous working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-135 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7255 | Neel Mehta of Google’s Threat Analysis Group |
MS16-135 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7255 | Billy Leonard of Google’s Threat Analysis Group |
MS16-135 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7255 | Feike Hacquebord, of Trend Micro |
MS16-135 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7255 | Peter Pi of Trend Micro |
MS16-135 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7255 | Brooks Li of Trend Micro |
MS16-134 | Windows CLFS Elevation of Privilege | CVE-2016-0026 | Daniel King, KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3332 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3333 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3334 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3334 | Daniel King, KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3335 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3338 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3340 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3342 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2016-3343 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-134 | Windows CLFS Elevation of Privilege | CVE-2016-7184 | Daniel King, KeenLab, Tencent |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7213 | JChen of Palo Alto Networks |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7228 | JChen of Palo Alto Networks |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7229 | JChen of Palo Alto Networks |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7230 | Steven Vittitoe of Google Project Zero |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7231 | JChen of Palo Alto Networks |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7232 | Steven Seeley of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7232 | Rocco Calvi of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7233 | Steven Seeley of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-7233 | Rocco Calvi of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7234 | Rocco Calvi of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7234 | Steven Seeley of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7235 | Rocco Calvi of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7235 | Steven Seeley of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7236 | Steven Seeley of Source Incite working with VeriSign iDefense Labs |
MS16-133 | Microsoft Office Denial of Service Vulnerability | CVE-2016-7244 | Dmitri Kaslov, Independent Security Researcher |
MS16-133 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7245 | Haifei Li of Intel Security |
MS16-132 | Windows Animation Manager Memory Corruption Vulnerability | CVE-2016-7205 | Scott Bell of Security-Assessment.com |
MS16-132 | Windows Animation Manager Memory Corruption Vulnerability | CVE-2016-7205 | Kai Song of Tencent’s Xuanwu LAB |
MS16-132 | Windows Animation Manager Memory Corruption Vulnerability | CVE-2016-7205 | SkyLined working with VeriSign iDefense Labs |
MS16-132 | Open Type Font Information Disclosure Vulnerability | CVE-2016-7210 | Hossein Lotfi, Secunia Research at Flexera Software |
MS16-132 | Media Foundation Memory Corruption Vulnerability | CVE-2016-7217 | Liu Long of Qihoo 360 |
MS16-132 | Open Type Font Elevation of Privilege Vulnerability | CVE-2016-7256 | Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA) |
MS16-132 | Defense-in-Depth | ------------------- | Bing Sun of Intel Security Group |
MS16-130 | Windows Remote Code Execution Vulnerability | CVE-2016-7212 | Aral Yaman of Noser Engineering AG |
MS16-130 | Windows IME Elevation of Privilege Vulnerability | CVE-2016-7221 | Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. |
MS16-130 | Task Scheduler Elevation of Privilege Vulnerability | CVE-2016-7222 | Shanti Lindström Individual |
MS16-129 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7195 | Kai Song of Tencent’s Xuanwu LAB |
MS16-129 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7196 | Kai Song of Tencent’s Xuanwu LAB |
MS16-129 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-7198 | Liu Long of Qihoo 360 |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7200 | Natalie Silvanovich of Google Project Zero |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7200 | Qixun Zhao of Qihoo 360 Skyeye Labs |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7201 | Natalie Silvanovich of Google Project Zero |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7202 | bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7202 | Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7202 | Natalie Silvanovich of Google Project Zero |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7202 | Scott Bell of Security-Assessment.com |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7203 | Natalie Silvanovich of Google Project Zero |
MS16-129 | Microsoft Edge Information Disclosure Vulnerability | CVE-2016-7204 | Abdulrahman Alqabandi (@qab) |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7208 | Microsoft ChakraCore Team |
MS16-129 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-7227 | Masato Kinugawa of Cure53 |
MS16-129 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-7239 | Masato Kinugawa via Google VRP |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7240 | Natalie Silvanovich of Google Project Zero |
MS16-129 | Microsoft Browser Remote Code Execution Vulnerability | CVE-2016-7241 | Natalie Silvanovich of Google Project Zero |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7242 | Qixun Zhao of Qihoo 360 Skyeye Labs |
MS16-129 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7243 | Nicolas Joly of MSRCE UK |
October 2016 | |||
MS16-126 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-3298 | Will Metcalf and Kafeine of Proofpoint |
MS16-125 | Windows Diagnostics Hub Elevation of Privilege | CVE-2016-7188 | James Forshaw of Google Project Zero |
MS16-124 | Windows Kernel Local Elevation of Privilege | CVE-2016-0070 | Fortinet’s FortiGuard Labs |
MS16-124 | Windows Kernel Local Elevation of Privilege | CVE-2016-0070 | James Forshaw of Google Project Zero |
MS16-124 | Windows Kernel Local Elevation of Privilege | CVE-2016-0070 | Mateusz Jurczyk of Google Project Zero |
MS16-124 | Windows Kernel Local Elevation of Privilege | CVE-2016-0073 | James Forshaw of Google Project Zero |
MS16-124 | Windows Kernel Local Elevation of Privilege | CVE-2016-0075 | James Forshaw of Google Project Zero |
MS16-124 | Windows Kernel Local Elevation of Privilege | CVE-2016-0079 | James Forshaw of Google Project Zero |
MS16-123 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3266 | pgboy, zhong_sf of Qihoo 360 Vulcan Team |
MS16-123 | Windows Transaction Manager Elevation of Privilege Vulnerability | CVE-2016-3341 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS16-123 | Windows Kernel Elevation of Privilege vulnerability | CVE-2016-3376 | Mateusz Jurczyk of Google Project Zero |
MS16-123 | Windows Kernel Elevation of Privilege vulnerability | CVE-2016-3376 | James Forshaw of Google Project Zero |
MS16-123 | Windows Kernel Driver Local Elevation of Privilege | CVE-2016-7185 | James Forshaw of Google Project Zero |
MS16-123 | Win32k Elevation of Privilege Vulnerability | CVE-2016-7211 | fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360 |
MS16-121 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-7193 | Austrian MilCERT |
MS16-120 | True Type Font Parsing Information Disclosure Vulnerability | CVE-2016-3209 | Mateusz Jurczyk of Google Project Zero |
MS16-120 | GDI+ Information Disclosure Vulnerability | CVE-2016-3262 | Mateusz Jurczyk of Google Project Zero |
MS16-120 | GDI+ Information Disclosure Vulnerability | CVE-2016-3263 | Mateusz Jurczyk of Google Project Zero |
MS16-120 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3270 | pgboy, zhong_sf of Qihoo 360 Vulcan Team |
MS16-120 | Windows Graphics Component RCE Vulnerability | CVE-2016-3393 | Anton Ivanov of Kaspersky Lab |
MS16-120 | True Type Font Parsing Elevation of Privilege Vulnerability | CVE-2016-7182 | Mateusz Jurczyk of Google Project Zero |
MS16-119 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3267 | Wenxiang Qian of Tencent QQBrowser |
MS16-119 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3331 | Zheng Huang of the Baidu Security Lab |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3382 | Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3386 | Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3386 | Natalie Silvanovich of Google Project Zero |
MS16-119 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2016-3387 | James Forshaw of Google Project Zero |
MS16-119 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2016-3388 | James Forshaw of Google Project Zero |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3389 | Microsoft ChakraCore Team |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3390 | Microsoft ChakraCore Team |
MS16-119 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Stefaan Truijen, working with NVISO |
MS16-119 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Adrian Toma, working with NVISO (internship) |
MS16-119 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Daan Raman, working with NVISO |
MS16-119 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Arne Swinnen working with NVISO |
MS16-119 | Microsoft Browser Security Feature Bypass | CVE-2016-3392 | Xiaoyin Liu |
MS16-119 | Scripting Engine Information Disclosure Vulnerability | CVE-2016-7189 | Natalie Silvanovich of Google Project Zero |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7190 | Natalie Silvanovich of Google Project Zero |
MS16-119 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-7194 | Natalie Silvanovich of Google Project Zero |
MS16-119 | ------------------- | ------------------- | Andrew Wesie (awesie) from Theori |
MS16-118 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3267 | Wenxiang Qian of Tencent QQBrowser |
MS16-118 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-3298 | Will Metcalf and Kafeine of Proofpoint |
MS16-118 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3331 | Zheng Huang of the Baidu Security Lab |
MS16-118 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3382 | Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-118 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3383 | 0011, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-118 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3384 | 62600BCA031B9EB5CB4A74ADDDD6771E, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-118 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3385 | Jaehun Jeong (n3sk), of WINS, WSEC Analysis Team, working with VeriSign iDefense Labs |
MS16-118 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2016-3387 | James Forshaw of Google Project Zero |
MS16-118 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2016-3388 | James Forshaw of Google Project Zero |
MS16-118 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Stefaan Truijen, working with NVISO |
MS16-118 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Adrian Toma, working with NVISO (internship) |
MS16-118 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Daan Raman, working with NVISO |
MS16-118 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3391 | Arne Swinnen working with NVISO |
------------------- | Defense-in-depth | ------------------- | James Forshaw of Google Project Zero |
September 2016 | |||
MS16-116 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3376 | An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-116 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3375 | Yuki Chen of Qihoo 360 Vulcan Team |
MS16-115 | PDF Library Information Disclosure Vulnerability | CVE-2016-3370 | Ke Liu of Tencent’s Xuanwu Lab |
MS16-115 | PDF Library Information Disclosure Vulnerability | CVE-2016-3374 | Roberto Suggi Liverani (@malerisch) of malerisch.net |
MS16-115 | PDF Library Information Disclosure Vulnerability | CVE-2016-3374 | Steven Seeley of Source Incite |
MS16-114 | Windows SMB Authenticated Remote Code Execution Vulnerability | CVE-2016-3345 | Alexander Ovchinnikov of Tuxera Inc |
MS16-114 | Windows SMB Authenticated Remote Code Execution Vulnerability | CVE-2016-3345 | Oleg Kravtsov of Tuxera Inc |
MS16-112 | Windows Lock Screen Elevation of Privilege Vulnerability | CVE-2016-3302 | Auri A. Rahimzadeh of Auri’s Ideas |
MS16-111 | Windows Session Object Elevation of Privilege Vulnerability | CVE-2016-3305 | The Citrix Product Security Team |
MS16-111 | Windows Session Object Elevation of Privilege Vulnerability | CVE-2016-3306 | The Citrix Product Security Team |
MS16-111 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-3371 | James Forshaw of Google Project Zero |
MS16-111 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-3372 | Marcin Wiazowski, individual |
MS16-111 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-3373 | James Forshaw of Google Project Zero |
MS16-110 | Windows Denial of Service Vulnerability | CVE-2016-3369 | Piotr Bania of Cisco Talos |
MS16-110 | Windows Remote Code Execution Vulnerability | CVE-2016-3368 | Jonathan Brown of VMware, Inc |
MS16-108 | Defense-in-depth | ------------------- | John Page of ApparitionSec |
MS16-108 | Microsoft Exchange Information Disclosure Vulnerability | CVE-2016-0138 | Bassel Rachid of DH Corporation |
MS16-108 | Microsoft Exchange Information Disclosure Vulnerability | CVE-2016-0138 | Lucie Brochu of DH Corporation |
MS16-108 | Microsoft Exchange Open Redirect Vulnerability | CVE-2016-3378 | John Page of ApparitionSec |
MS16-108 | Microsoft Exchange Elevation of Privilege Vulnerability | CVE-2016-3379 | Adrian Ivascu |
MS16-107 | Microsoft APP-V ASLR Bypass | CVE-2016-0137 | Udi Yavo of enSilo |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3357 | Steven Vittitoe of Google Project Zero |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3358 | Steven Seeley of Source Incite, working with VeriSign iDefense Labs |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3359 | Steven Seeley of Source Incite, working with VeriSign iDefense Labs |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3361 | Steven Seeley of Source Incite |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3362 | Steven Seeley of Source Incite |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3363 | Steven Seeley of Source Incite |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3364 | Eduardo Braun Prado |
MS16-107 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3365 | Steven Seeley of Source Incite, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-107 | Microsoft Office Spoofing Vulnerability | CVE-2016-3366 | Incident Response Team of Certego |
MS16-106 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3348 | RanchoIce of the Baidu Security Lab |
MS16-106 | GDI Information Disclosure Vulnerability | CVE-2016-3354 | WanderingGlitch of Trend Micro’s Zero Day Initiative (ZDI) |
MS16-106 | GDI Information Disclosure Vulnerability | CVE-2016-3355 | Liang Yin of Tencent PC Manager via GeekPwn |
MS16-105 | Defense-in-depth | ------------------- | Henry Li (zenhumany) of Trend Micro |
MS16-105 | Defense-in-depth | ------------------- | Jun Kokatsu |
MS16-105 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3247 | SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-105 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3291 | Nathaniel Theis (XMPPwocky) |
MS16-105 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-3294 | Shi Ji (@Puzzor) of VARAS@IIE, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-105 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3295 | Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-105 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3297 | Liu Long of Qihoo 360 |
MS16-105 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3325 | SkyLined |
MS16-105 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-3330 | F4B3CD of STARLAB |
MS16-105 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-3350 | Microsoft ChakraCore Team |
MS16-105 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3351 | Kafeine, Brooks Li of Trend Micro |
MS16-105 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3377 | Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Defense-in-depth | ------------------- | Jun Kokatsu |
MS16-104 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3247 | SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3291 | Nathaniel Theis (XMPPwocky) |
MS16-104 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2016-3292 | Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3295 | Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3297 | Liu Long of Qihoo 360 |
MS16-104 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3324 | SkyLined |
MS16-104 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3325 | SkyLined |
MS16-104 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3351 | Kafeine, Brooks Li of Trend Micro |
MS16-104 | Internet Explorer Security Feature Bypass | CVE-2016-3353 | Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3375 | Yuki Chen of Qihoo 360 Vulcan Team |
MS16-104 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3376 | An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3375 | Simon Zuckerbraun working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-104 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3375 | Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI) |
------------------- | Defense-in-depth | ------------------- | Fortinet’s FortiGuard Labs |
------------------- | Defense-in-depth | ------------------- | Steven Seeley of Source Incite working with iDefense |
------------------- | Defense-in-depth | ------------------- | Reno Robert |
August 2016 | |||
MS16-102 | Microsoft PDF Remote Code Execution Vulnerability | CVE-2016-3319 | Aleksandar Nikolic of Cisco Talos |
MS16-101 | Kerberos Elevation of Privilege Vulnerability | CVE-2016-3237 | Nabeel Ahmed of Dimension Data |
MS16-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3313 | Jaanus Kaap |
MS16-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3313 | Sébastien Morin of COSIG |
MS16-099 | Microsoft OneNote Information Disclosure Vulnerability | CVE-2016-3315 | dannywei of Tencent’s Xuanwu Lab |
MS16-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3316 | Francis Provencher of COSIG |
MS16-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3317 | Dhanesh Kizhakkinan of FireEye Inc |
MS16-099 | Graphics Component Memory Corruption Vulnerability | CVE-2016-3318 | Arun Kumar Sharma, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-099 | Defense-in-depth | ----------------- | Jerry Decime of Hewlett Packard Enterprise |
MS16-098 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3308 | Peter (Keen) working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-098 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3308 | ZeguangZhao (team509), working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-098 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3309 | bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-098 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3310 | Wayne Low of Fortinet’s Fortiguard Labs |
MS16-098 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3311 | pgboy, zhong_sf of Qihoo 360 Vulcan Team |
MS16-098 | Defense-in-depth | ----------------- | Martin Lenord |
MS16-097 | Windows Graphics Component RCE Vulnerability | CVE-2016-3301 | Mateusz Jurczyk of Google Project Zero |
MS16-097 | Windows Graphics Component RCE Vulnerability | CVE-2016-3303 | Mateusz Jurczyk of Google Project Zero |
MS16-097 | Windows Graphics Component RCE Vulnerability | CVE-2016-3304 | Mateusz Jurczyk of Google Project Zero |
MS16-096 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3289 | Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-096 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3293 | Kai Song (exp-sky) of Tencent’s Xuanwu LAB |
MS16-096 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3296 | Microsoft ChakraCore Team |
MS16-096 | Microsoft PDF Remote Code Execution Vulnerability | CVE-2016-3319 | Aleksandar Nikolic of Cisco Talos |
MS16-096 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3322 | Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-096 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3326 | Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-096 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3327 | Soroush Dalili of NCC Group |
MS16-096 | Microsoft Browser Information Disclosure | CVE-2016-3329 | Masato Kinugawa of Cure53 |
MS16-095 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3288 | Ivan Fratric and Martin Barbella, working with Google Project Zero |
MS16-095 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3289 | Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-095 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3290 | Liu Long of Qihoo 360 |
MS16-095 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3293 | Kai Song (exp-sky) of Tencent’s Xuanwu LAB |
MS16-095 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-3321 | Yorick Koster of Securify B.V. |
MS16-095 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3322 | Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-095 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3326 | Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-095 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3327 | Soroush Dalili of NCC Group |
MS16-095 | Microsoft Browser Information Disclosure | CVE-2016-3329 | Masato Kinugawa of Cure53 |
July 2016 | |||
MS16-092 | Windows File System Security Feature Bypass Vulnerability | CVE-2016-3258 | James Forshaw of Google Project Zero |
MS16-092 | Windows Kernel Information Disclosure Vulnerability | CVE-2016-3272 | Herbert Bos of Vrije Universiteit Amsterdam |
MS16-091 | .NET Information Disclosure Vulnerability | CVE-2016-3255 | Michael Weber, Henrique Arcoverde NCC Group |
MS16-090 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3249 | bee13oy of CloverSec Labs |
MS16-090 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3250 | zhong_sf and pgboy of Qihoo 360 Vulcan Team |
MS16-090 | GDI Component Information Disclosure Vulnerability | CVE-2016-3251 | zhong_sf and pgboy of Qihoo 360 Vulcan Team |
MS16-090 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3252 | fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360 |
MS16-090 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3254 | zhong_sf and pgboy of Qihoo 360 Vulcan Team |
MS16-090 | Microsoft win32k Elevation of Privilege Vulnerability | CVE-2016-3286 | zhong_sf and pgboy of Qihoo 360 Vulcan Team |
MS16-088 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3278 | Xiaoning Li of Intel Labs |
MS16-088 | Microsoft Security Feature Bypass Vulnerability | CVE-2016-3279 | Haifei Li of Intel Security |
MS16-088 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3280 | Lucas Leong of Trend Micro |
MS16-088 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3281 | Jaanus Kääp of Clarified Security |
MS16-088 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3282 | Jaanus Kääp of Clarified Security |
MS16-088 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3283 | Jaanus Kääp of Clarified Security |
MS16-088 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3284 | Alexey Belyakov, Individual |
MS16-087 | Microsoft Print Spooler Remote Code Execution Vulnerability | CVE-2016-3238 | Nicolas Beauchesne of Vectra Networks |
MS16-087 | Windows Print Spooler Elevation of Privilege | CVE-2016-3239 | Shanti Lindström, Individual |
MS16-085 | Microsoft Edge Security Feature Bypass | CVE-2016-3244 | Zheng Huang of the Baidu Security Lab |
MS16-085 | Microsoft Edge Security Feature Bypass | CVE-2016-3244 | Henry Li (zenhumany) of Trend Micro |
MS16-085 | Microsoft Edge Security Feature Bypass | CVE-2016-3244 | Kai Song (exp-sky) of Tencent’s Xuanwu LAB |
MS16-085 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-3246 | cc working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-085 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3248 | Microsoft ChakraCore Team |
MS16-085 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3259 | Jaehun Jeong (n3sk), Individual |
MS16-085 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3264 | exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-085 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3265 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS16-085 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3269 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS16-085 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3271 | WanderingGlitch, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-085 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3273 | Masato Kinugawa of Cure53 |
MS16-085 | Microsoft Browser Spoofing Vulnerability | CVE-2016-3274 | Ferenc Lutischán of Magyar Telekom Nyrt |
MS16-085 | Microsoft Edge Spoofing Vulnerability | CVE-2016-3276 | Wenxiang Qian of Tencent QQBrowser |
MS16-085 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3277 | Henry Li (zenhumany) of Trend Micro |
MS16-084 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3240 | Hui Gao of Palo Alto Networks |
MS16-084 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3241 | 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-084 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3242 | 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-084 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3243 | Zheng Huang of the Baidu Security Lab |
MS16-084 | Internet Explorer Security Feature Bypass | CVE-2016-3245 | Masato Kinugawa of Cure53 |
MS16-084 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3259 | Jaehun Jeong (n3sk), Individual |
MS16-084 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3260 | Jordan Rabet of Microsoft Offensive Security Research Team |
MS16-084 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-3261 | Li Kemeng, Baidu Security Lab |
MS16-084 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-3264 | exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-084 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3273 | Masato Kinugawa of Cure53 |
MS16-084 | Microsoft Browser Information Disclosure Vulnerability | CVE-2016-3277 | Henry Li (zenhumany) of Trend Micro |
------------------- | Defense-in-depth | ------------------- | Tao Yan (@Ga1ois) of Palo Alto Networks |
June 2016 | |||
MS16-081 | Active Directory Denial of Service Vulnerability | CVE-2016-3226 | Ondrej Sevecek of GOPAS |
MS16-080 | Windows PDF Information Disclosure Vulnerability | CVE-2016-3201 | Jaanus Kääp of Clarified Security |
MS16-080 | Windows PDF Remote Code Execution Vulnerability | CVE-2016-3203 | Ke Liu of Tencent’s Xuanwu Lab |
MS16-080 | Windows PDF Remote Code Execution Vulnerability | CVE-2016-3203 | kdot working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-080 | Windows PDF Information Disclosure Vulnerability | CVE-2016-3215 | Ke Liu of Tencent’s Xuanwu Lab |
MS16-080 | Windows PDF Information Disclosure Vulnerability | CVE-2016-3215 | kdot working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-079 | Microsoft Exchange Information Disclosure Vulnerability | CVE-2016-0028 | Louis-Paul Dareau of ProcessOut |
MS16-078 | Windows Diagnostics Hub Elevation of Privilege | CVE-2016-3231 | lokihardt, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-078 | Windows Diagnostics Hub Elevation of Privilege | CVE-2016-3231 | Qihoo 360 Vulcan Team |
MS16-077 | WPAD Elevation of Privilege Vulnerability | CVE-2016-3213 | Moritz Jodeit of Blue Frost Security GmbH |
MS16-077 | WPAD Elevation of Privilege Vulnerability | CVE-2016-3213 | Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab |
MS16-074 | Windows Graphics Component Information Disclosure Vulnerability | CVE-2016-3216 | Mateusz Jurczyk of Google Project Zero |
MS16-074 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3219 | James Forshaw of Google Project Zero |
MS16-074 | ATMFD.DLL Elevation of Privilege Vulnerability | CVE-2016-3220 | Mateusz Jurczyk of Google Project Zero |
MS16-073 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3218 | zhong_sf and pgboy of Qihoo 360 Vulcan Team |
MS16-073 | Win32k Elevation of Privilege Vulnerability | CVE-2016-3221 | RanchoIce of the Baidu Security Lab |
MS16-072 | Group Policy Elevation of Privilege Vulnerability | CVE-2016-3223 | NabeelAhmed of Dimension Data |
MS16-072 | Group Policy Elevation of Privilege Vulnerability | CVE-2016-3223 | Tom Gilis of Dimension Data |
MS16-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0025 | YangKang of 360 QEX Team |
MS16-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-3233 | David D. Rude II working with iDefense |
MS16-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0025 | LiYaDong of 360 QEX Team |
MS16-070 | Microsoft Office Information Disclosure Vulnerability | CVE-2016-3234 | Dhanesh Kizhakkinan of FireEye Inc |
MS16-070 | Microsoft Office OLE DLL Side Loading Vulnerability | CVE-2016-3235 | Yorick Koster of Securify B.V. |
MS16-070 | Defense-in-depth | ----------------- | Danny Wei Wei of Tencent’s Xuanwu Lab |
MS16-069 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3205 | Tao Yan (@Ga1ois) of Palo Alto Networks |
MS16-069 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3206 | Tao Yan (@Ga1ois) of Palo Alto Networks |
MS16-069 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3207 | Tao Yan (@Ga1ois) of Palo Alto Networks |
MS16-068 | Microsoft Edge Security Feature Bypass | CVE-2016-3198 | Mario Heiderich of Cure53 |
MS16-068 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3199 | lokihardt working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-068 | Windows PDF Information Disclosure Vulnerability | CVE-2016-3201 | Jaanus Kääp of Clarified Security |
MS16-068 | Windows PDF Remote Code Execution Vulnerability | CVE-2016-3203 | kdot working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-068 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3214 | Jordan Rabet of Microsoft Offensive Security Research Team |
MS16-068 | Windows PDF Information Disclosure Vulnerability | CVE-2016-3215 | Ke Liu of Tencent’s Xuanwu Lab |
MS16-068 | Windows PDF Information Disclosure Vulnerability | CVE-2016-3215 | kdot working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-068 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-3222 | Shi Ji (@Puzzor) of VARAS@IIE working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-068 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-3222 | Kai Song (exp-sky) of Tencent’s Xuanwu Lab |
MS16-063 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0199 | SkyLined working with iDefense |
MS16-063 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0200 | 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-063 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3205 | Tao Yan (@Ga1ois) of Palo Alto Networks |
MS16-063 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3206 | Tao Yan (@Ga1ois) of Palo Alto Networks |
MS16-063 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3207 | Tao Yan (@Ga1ois) of Palo Alto Networks |
MS16-063 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-3210 | Moritz Jodeit of Blue Frost Security |
MS16-063 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-3211 | Ashutosh Mehra working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-063 | Internet Explorer XSS Filter Vulnerability | CVE-2016-3212 | Masato Kinugawa of Cure53 |
MS16-063 | WPAD Elevation of Privilege Vulnerability | CVE-2016-3299 | Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab |
May 2016 | |||
MS16-067 | Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability | CVE-2016-0190 | Sandeep Kumar of Citrix Systems Inc. |
MS16-066 | Hypervisor Code Integrity Security Feature Bypass | CVE-2016-0181 | Rafal Wojtczuk of Bromium |
MS16-062 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0171 | Nils Sommer of bytegeist, working with Google Project Zero |
MS16-062 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0173 | Nils Sommer of bytegeist, working with Google Project Zero |
MS16-062 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0173 | Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-062 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0174 | Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-062 | Win32k Information Disclosure Vulnerability | CVE-2016-0175 | Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-062 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | CVE-2016-0176 | Peter Hlavaty of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-062 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | CVE-2016-0176 | Daniel King of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-062 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0196 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS16-062 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0196 | Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-062 | Defense-in-depth | ----------------- | Fermin J. Serna |
MS16-061 | RPC Network Data Representation Engine Elevation of Privilege Vulnerability | CVE-2016-0178 | Evgeny Kotkov of VisualSVN |
MS16-061 | RPC Network Data Representation Engine Elevation of Privilege Vulnerability | CVE-2016-0178 | Ivan Zhakov of VisualSVN |
MS16-060 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-0180 | Loren Robinson of CrowdStrike, Inc. |
MS16-060 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2016-0180 | Alex Ionescu of CrowdStrike, Inc. |
MS16-059 | Windows Media Center Remote Code Execution Vulnerability | CVE-2016-0185 | Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-057 | Windows Shell Remote Code Execution Vulnerability | CVE-2016-0179 | Shi Ji (@Puzzor) of VARAS@IIE |
MS16-056 | Journal Memory Corruption Vulnerability | CVE-2016-0182 | Jason Kratzer, working with VeriSign iDefense Labs |
MS16-056 | Journal Memory Corruption Vulnerability | CVE-2016-0182 | Bingchang Liu of VARAS@IIE |
MS16-055 | Windows Graphics Component Information Disclosure Vulnerability | CVE-2016-0168 | Mateusz Jurczyk of Google Project Zero |
MS16-055 | Windows Graphics Component Information Disclosure Vulnerability | CVE-2016-0169 | Mateusz Jurczyk of Google Project Zero |
MS16-055 | WIndows Graphics Component RCE vulnerability | CVE-2016-0170 | Mateusz Jurczyk of Google Project Zero |
MS16-055 | Direct3D Use After Free RCE Vulnerability | CVE-2016-0184 | Henry Li(zenhumany) of Trend Micro |
MS16-054 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0126 | An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team |
MS16-054 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0126 | Hao Linan of Qihoo 360 Vulcan Team |
MS16-054 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0140 | Steven Seeley of Source Incite, working with VeriSign iDefense Labs |
MS16-054 | Office Graphics RCE Vulnerability | CVE-2016-0183 | Lucas Leong of Trend Micro |
MS16-053 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0187 | Kai Kang |
MS16-052 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0186 | Brian Pak (cai) from Theori, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-052 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0186 | Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-052 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0191 | Lokihart working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-052 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0192 | Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-052 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0193 | Zhen Feng, Wen Xu of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-052 | Defense-in-depth | ----------------- | Bing Sun Intel Security Group |
MS16-051 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0187 | Kai Kang |
MS16-051 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0192 | Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-051 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-0194 | Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-051 | Defense-in-depth | ----------------- | Zhang Yunhai of NSFOCUS |
April 2016 | |||
MS16-049 | HTTP.sys Denial of Service Vulnerability | CVE-2016-0150 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS16-049 | HTTP.sys Denial of Service Vulnerability | CVE-2016-0150 | Noam Mazor of Imperva |
MS16-048 | Windows CSRSS Security Feature Bypass Vulnerability | CVE-2016-0151 | James Forshaw of Google Project Zero |
MS16-047 | Windows RPC Downgrade Vulnerability | CVE-2016-0128 | This vulnerability was discovered and researched by Stefan Metzmacher of SAMBA+ and the Samba Team, which also helped design a fix for the problem. For more information about the vulnerability named "BADLOCK," see Badlock Bug. |
MS16-046 | Secondary Logon Elevation of Privilege Vulnerability | CVE-2016-0135 | Tenable Network Security |
MS16-045 | Hyper-V Remote Code Execution Vulnerability | CVE-2016-0088 | Kostya Kortchinsky of the Google Security Team |
MS16-045 | Hyper-V Remote Code Execution Vulnerability | CVE-2016-0088 | Thomas Garnier |
MS16-045 | Hyper-V Information Disclosure vulnerability | CVE-2016-0089 | Kostya Kortchinsky of the Google Security Team |
MS16-045 | Hyper-V Information Disclosure vulnerability | CVE-2016-0089 | Thomas Garnier |
MS16-045 | Hyper-V Information Disclosure vulnerability | CVE-2016-0090 | Kostya Kortchinsky of the Google Security Team |
MS16-045 | Hyper-V Information Disclosure vulnerability | CVE-2016-0090 | Thomas Garnier |
MS16-044 | Windows OLE Remote Code Execution Vulnerability | CVE-2016-0153 | Debasish Mandal of the Intel Security IPS Vulnerability Research Team |
MS16-042 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0122 | Sébastien Morin of COSIG |
MS16-042 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0127 | Lucas Leong of Trend Micro |
MS16-042 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0136 | Steven Seeley of Source Incite, working with VeriSign iDefense Labs |
MS16-042 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0139 | Steven Seeley of Source Incite |
MS16-041 | .NET Framework Remote Code Execution Vulnerability | CVE-2016-0148 | Yorick Koster of Securify B.V. |
MS16-041 | .NET Framework Remote Code Execution Vulnerability | CVE-2016-0148 | rgod, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS16-040 | MSXML 3.0 Remote Code Execution Vulnerability | CVE-2016-0147 | Nicolas Grégoire of Agarri |
MS16-039 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0143 | Nils Sommer of bytegeist, working with Google Project Zero |
MS16-039 | Graphics Memory Corruption Vulnerability | CVE-2016-0145 | Mateusz Jurczyk of Google Project Zero |
MS16-039 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0165 | Kaspersky Lab |
MS16-039 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0167 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS16-039 | Defense-in-depth | ----------------- | Richard Shupak |
MS16-038 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0154 | Liu Long of Qihoo 360 |
MS16-038 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0155 | Liu Long of Qihoo 360 |
MS16-038 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0156 | Shi Ji (@Puzzor) of VARAS@IIE |
MS16-038 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0156 | Liu Long of Qihoo 360 |
MS16-038 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0157 | d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative |
MS16-038 | Microsoft Edge Elevation of Privilege Vulnerability | CVE-2016-0158 | lokihardt, working with HP’s Zero Day Initiative |
MS16-038 | Microsoft Edge Information Disclosure Vulnerability | CVE-2016-0161 | QianWen Xiang of Tencent QQBrowser |
MS16-037 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0154 | Liu Long of the Qihoo 360 Vulcan Team |
MS16-037 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0159 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS16-037 | DLL Loading Remote Code Execution Vulnerability | CVE-2016-0160 | Sandro Poppi |
MS16-037 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-0162 | Ladislav Janko, working with ESET |
MS16-037 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0164 | Zheng Huang of the Baidu Security Lab |
MS16-037 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0166 | Henry Li (zenhumany) of Trend Micro, working with HP’s Zero Day Initiative |
3152550 | N/A | N/A | Marc Newlin of the Bastille Threat Research Team |
March 2016 | |||
MS16-035 | .NET XML Validation Security Feature Bypass | CVE-2016-0132 | Anders Abel of Kentor |
MS16-034 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0093 | Nils Sommer of bytegeist, working with Google Project Zero |
MS16-034 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0094 | Nils Sommer of bytegeist, working with Google Project Zero |
MS16-034 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0095 | Jueming of Security Threat Information Center |
MS16-034 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0095 | bee13oy of CloverSec Labs, working with HP’s Zero Day Initiative |
MS16-034 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0096 | fanxiaocao and pjf of IceSword Lab, Qihoo 360 |
MS16-033 | USB Mass Storage Elevation of Privilege Vulnerability | CVE-2016-0133 | Andy Davis, NCC Group |
MS16-032 | Secondary Logon Elevation of Privilege Vulnerability | CVE-2016-0099 | James Forshaw of Google Project Zero |
MS16-031 | Windows Elevation of Privilege Vulnerability | CVE-2016-0087 | Meysam Firozi @R00tkitSmm |
MS16-030 | Windows OLE Memory Remote Code Execution Vulnerability | CVE-2016-0091 | Anonymous, working with HP’s Zero Day Initiative |
MS16-030 | Windows OLE Memory Remote Code Execution Vulnerability | CVE-2016-0092 | Anonymous, working with HP’s Zero Day Initiative |
MS16-029 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0021 | Richard Warren of NCC Group |
MS16-029 | Microsoft Security Feature Bypass Vulnerability | CVE-2016-0057 | Eric Clausing of AV-TEST GmbH |
MS16-029 | Microsoft Security Feature Bypass Vulnerability | CVE-2016-0057 | Ulf Loesche of AV-TEST GmbH |
MS16-029 | Microsoft Security Feature Bypass Vulnerability | CVE-2016-0057 | Maik Morgenstern of AV-TEST GmbH |
MS16-029 | Microsoft Security Feature Bypass Vulnerability | CVE-2016-0057 | Andreas Marx of AV-TEST GmbH |
MS16-029 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0134 | Jack Tang of Trend Micro |
MS16-023 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0102 | Liu Long of Qihoo 360 |
MS16-028 | Windows Remote Code Execution Vulnerability | CVE-2016-0117 | Mark Yason, IBM X-Force |
MS16-028 | Windows Remote Code Execution Vulnerability | CVE-2016-0118 | Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative |
MS16-027 | Windows Media Parsing Remote Code Execution Vulnerability | CVE-2016-0101 | Bruno Martinez |
MS16-026 | OpenType Font Parsing Vulnerability | CVE-2016-0120 | Mateusz Jurczyk of Google Project Zero |
MS16-026 | OpenType Font Parsing Vulnerability | CVE-2016-0121 | Mateusz Jurczyk of Google Project Zero |
MS16-025 | Library Loading Input Validation Remote Code Execution Vulnerability | CVE-2016-0100 | Yorick Koster of Securify B.V. |
MS16-024 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0102 | Liu Long of Qihoo 360 |
MS16-024 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0105 | Zheng Huang of the Baidu Security Lab |
MS16-024 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0109 | Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative |
MS16-024 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0110 | Zheng Huang of the Baidu Security Lab |
MS16-024 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0111 | Zheng Huang of the Baidu Security Lab |
MS16-024 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0116 | The Microsoft ChakraCore Team |
MS16-024 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0123 | d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative |
MS16-024 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0124 | 003, working with HP’s Zero Day Initiative |
MS16-024 | Microsoft Edge Information Disclosure Vulnerability | CVE-2016-0125 | Richard Shupak |
MS16-024 | Microsoft Edge Information Disclosure Vulnerability | CVE-2016-0125 | Hariram Balasundaram |
MS16-024 | Microsoft Edge Information Disclosure Vulnerability | CVE-2016-0125 | Yashvier Kosaraju |
MS16-024 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0129 | The Microsoft ChakraCore Team |
MS16-024 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0130 | The Microsoft ChakraCore Team |
MS16-024 | Defense-in-depth | ----------------- | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS16-024 | Defense-in-depth | ----------------- | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0103 | Zheng Huang of the Baidu Security Lab |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0104 | Li Kemeng of the Baidu Security Lab |
MS16-023 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0105 | Zheng Huang of the Baidu Security Lab |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0106 | sky, working with HP’s Zero Day Initiative |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0107 | Hui Gao of Palo Alto Networks |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0107 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0107 | Tigonlab |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0108 | Abhishek Arya and Martin Barbella, working with Google Project Zero |
MS16-023 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0109 | Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative |
MS16-023 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0110 | Zheng Huang of the Baidu Security Lab |
MS16-023 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0111 | Abhishek Arya working with Google Project Zero |
MS16-023 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0111 | Martin Barbella, working with Google Project Zero |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0112 | sky, working with HP’s Zero Day Initiative |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0112 | 0011, working with HP’s Zero Day Initiative |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0113 | Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative |
MS16-023 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0114 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS16-023 | Defense-in-depth | ----------------- | Simon Zuckerbraun working with HP’sZero Day Initiative |
February 2016 | |||
MS16-018 | Win32k Elevation of Privilege Vulnerability | CVE-2016-0048 | fanxiaocao and pjf of Qihoo 360 |
MS16-016 | WebDAV Elevation of Privilege Vulnerability | CVE-2016-0051 | Tamás Koczka of Tresorit |
MS16-015 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0022 | Lucas Leong of Trend Micro |
MS16-015 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0052 | Lucas Leong of Trend Micro |
MS16-015 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0053 | Lucas Leong of Trend Micro |
MS16-015 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0055 | Kai Lu of Fortinet’s FortiGuard Labs |
MS16-015 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0056 | An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team |
MS16-015 | Microsoft SharePoint XSS Vulnerability | CVE-2016-0039 | Hadji Samir of Evolution Security GmbH (Vulnerability Lab) |
MS16-014 | Windows Elevation of Privilege Vulnerability | CVE-2016-0040 | Meysam Firozi @R00tkitSmm |
MS16-014 | Windows Elevation of Privilege Vulnerability | CVE-2016-0040 | Su Yong Kim of SSLab, Georgia Institute of Technology |
MS16-014 | Windows Elevation of Privilege Vulnerability | CVE-2016-0040 | Taesoo Kim of SSLab, Georgia Institute of Technology |
MS16-014 | Windows Elevation of Privilege Vulnerability | CVE-2016-0040 | Byoungyoung Lee of SSLab, Georgia Institute of Technology |
MS16-014 | DLL Loading Remote Code Execution Vulnerability | CVE-2016-0041 | Greg Linares, working with CyberPoint SRT |
MS16-014 | DLL Loading Remote Code Execution Vulnerability | CVE-2016-0041 | Yorick Koster of Securify B.V. |
MS16-014 | Windows DLL Loading Remote Code Execution Vulnerability | CVE-2016-0042 | Richard Warren of NCC Group |
MS16-014 | Windows Kerberos Security Feature Bypass | CVE-2016-0049 | Vulnerability discovered by Nabeel Ahmed of Dimension Data |
MS16-014 | Windows Kerberos Security Feature Bypass | CVE-2016-0049 | Vulnerability discovered by Tom Gilis of Dimension Data |
MS16-013 | Windows Journal Memory Corruption Vulnerability | CVE-2016-0038 | Rohit Mothe of VeriSign iDefense Labs |
MS16-012 | Microsoft Windows Reader Vulnerability | CVE-2016-0046 | Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative |
MS16-012 | Microsoft PDF Library Buffer Overflow Vulnerability | CVE-2016-0058 | Atte Kettunen of OUSPG |
MS16-011 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0060 | 003, working with HP’s Zero Day Initiative |
MS16-011 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0061 | SkyLined, working with HP’s Zero Day Initiative |
MS16-011 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0062 | Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative |
MS16-011 | Microsoft Edge ASLR Bypass | CVE-2016-0080 | Zhang Yunhai of NSFOCUS |
MS16-009 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-0059 | Kai Lu of Fortinet’s FortiGuard Labs |
MS16-009 | Internet Explorer Information Disclosure Vulnerability | CVE-2016-0059 | Steven Seeley of Source Incite |
MS16-009 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0060 | 003, working with HP’s Zero Day Initiative |
MS16-009 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0061 | SkyLined, working with HP’s Zero Day Initiative |
MS16-009 | Microsoft Browser Memory Corruption Vulnerability | CVE-2016-0062 | Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative |
MS16-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0063 | SkyLined, working with HP’s Zero Day Initiative |
MS16-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0064 | Jack Tang of Trend Micro |
MS16-009 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2016-0068 | Masato Kinugawa of Cure53 |
MS16-009 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2016-0069 | Yosuke HASEGAWA of Secure Sky Technology Inc. |
MS16-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0071 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS16-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2016-0072 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS16-009 | Microsoft Browser Spoofing Vulnerability | CVE-2016-0077 | Kacper Rybczyński |
3137909 | N/A | N/A | Michael Reizelman |
January 2016 | |||
MS16-010 | Microsoft Exchange Spoofing Vulnerability | CVE-2016-0029 | Abdulrahman Alqabandi |
MS16-010 | Microsoft Exchange Spoofing Vulnerability | CVE-2016-0030 | Alexandru Coltuneac |
MS16-010 | Microsoft Exchange Spoofing Vulnerability | CVE-2016-0031 | Nirmal Kirubakaran, Individual |
MS16-010 | Microsoft Exchange Spoofing Vulnerability | CVE-2016-0032 | Ysrael Gurt of BugSec |
MS16-008 | Windows Mount Point Elevation of Privilege Vulnerability | CVE-2016-0006 | James Forshaw of Google Project Zero |
MS16-008 | Windows Mount Point Elevation of Privilege Vulnerability | CVE-2016-0007 | James Forshaw of Google Project Zero |
MS16-007 | DLL Loading Elevation of Privilege Vulnerability | CVE-2016-0014 | Stefan Kanthak of Me, myself & IT |
MS16-007 | Windows DirectShow Heap Corruption RCE vulnerability | CVE-2016-0015 | Steven Vittitoe of Google Project Zero |
MS16-007 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2016-0016 | Steven Vittitoe of Google Project Zero |
MS16-007 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2016-0018 | parvez@greyhathacker.net |
MS16-007 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2016-0018 | Debasish Mandal of the Intel Security IPS Vulnerability Research Team |
MS16-007 | Windows Remote Desktop Protocol Security Bypass Vulnerability | CVE-2016-0019 | Gal Goldshtein of Citadel |
MS16-007 | Windows Remote Desktop Protocol Security Bypass Vulnerability | CVE-2016-0019 | Viktor Minin of Citadel |
MS16-007 | MAPI LoadLibrary EoP Vulnerability | CVE-2016-0020 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS16-006 | Silverlight Runtime Remote Code Execution Vulnerability | CVE-2016-0034 | Anton Ivanov and Costin Raiu of Kaspersky Lab |
MS16-005 | Windows GDI32.dll ASLR Bypass Vulnerability | CVE-2016-0008 | Steven Seeley of Source Incite, working with VeriSign iDefense Labs |
MS16-005 | Win32k Remote Code Execution Vulnerability | CVE-2016-0009 | Kerem Gümrükcü |
MS16-004 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0010 | Kai Lu of Fortinet’s FortiGuard Labs |
MS16-004 | ASLR bypass vulnerability | CVE-2016-0012 | IBM X-Forcer researcher Tom Kahana |
MS16-004 | ASLR bypass vulnerability | CVE-2016-0012 | IBM X-Forcer researcher Elad Menahem |
MS16-004 | Microsoft SharePoint Security Feature Bypass Vulnerability | CVE-2015-6117 | Jonas Nilsson of Disruptive Innovations AB |
MS16-004 | Microsoft Office Memory Corruption Vulnerability | CVE-2016-0035 | Steven Seeley of Source Incite, working with HP’s Zero Day Initiative |
MS16-003 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0002 | Anonymous contributor, working with VeriSign iDefense Labs |
MS16-002 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0003 | 003, working with HP’s Zero Day Initiative |
MS16-002 | Microsoft Edge Memory Corruption Vulnerability | CVE-2016-0003 | Shi Ji (@Puzzor) of VARAS@IIE |
MS16-002 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0024 | CESG |
MS16-001 | Scripting Engine Memory Corruption Vulnerability | CVE-2016-0002 | Anonymous contributor, working with VeriSign iDefense Labs |
MS16-004 | Defense-in-depth | ----------------- | Jack Tang of Trend Micro |
MS16-002 | Defense-in-depth | ----------------- | Wenbin Zheng of Qihoo 360 Vulcan Team |
MS16-001 | Defense-in-depth | ----------------- | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team |
3109853 | Defense-in-depth | ----------------- | Thanks to Patrick Donahue, CloudFlare, for assistance in identifying the issue. |
3109853 | Defense-in-depth | ----------------- | Thanks to Jeremiah Cohick, Fitbit, for assistance in identifying the issue. |
3109853 | Defense-in-depth | ----------------- | Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue. |