Acknowledgments – 2016

Article
11/11/2017
38 minutes to read

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID	Vulnerability Title	CVE ID	Acknowledgment
December 2016
[MS16-153](https://go.microsoft.com/fwlink/?linkid=835768)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-7295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7295)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259)	Behzad Najjarpour Jabbari, Secunia Research at Flexera Software
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259)	Sébastien Renaud of [Quarkslab](http://www.quarkslab.com/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259)	Richard Le Dé of [Quarkslab](http://www.quarkslab.com/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7260)	[Jfpan](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7260)	[Fanxiaocao](https://twitter.com/tinysecex) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964)	Windows Crypto Driver Information Disclosure Vulnerability	[CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219)	Taesoo Kim of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964)	Windows Crypto Driver Information Disclosure Vulnerability	[CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219)	Su Yong Kim of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964)	Windows Crypto Driver Information Disclosure Vulnerability	[CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219)	Sangho Lee of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964)	Windows Crypto Driver Information Disclosure Vulnerability	[CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219)	Byoungyoung Lee of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964)	Windows Installer Elevation of Privilege Vulnerability	[CVE-2016-7292](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7292)	Thomas Vanhoutte ([@SandboxEscaper](https://twitter.com/sandboxescaper))
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Windows GDI Information Disclosure Vulnerability	[CVE-2016-7257](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7257)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Security Feature Bypass Vulnerability	[CVE-2016-7262](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7262)	Iliyan Velikov of PwC UK
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7263](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7263)	JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7264)	[@j00sean](https://twitter.com/j00sean)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7265](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7265)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Security Feature Bypass Vulnerability	[CVE-2016-7266](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7266)	[Robert Riskin](mailto:rriskin@protonmail.com)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Security Feature Bypass Vulnerability	[CVE-2016-7267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7267)	Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7268](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7268)	[@j00sean](https://twitter.com/j00sean)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office OLE DLL Side Loading Vulnerability	[CVE-2016-7275](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7275)	[Weibo Wang](https://twitter.com/ma1fan) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7276](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7276)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7277)	Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7289)	Peixue Li of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7290](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7290)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7291)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Defense-in-depth	-------------------	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445)	Defense-in-depth	-------------------	[@j00sean](https://twitter.com/j00sean)
[MS16-147](https://go.microsoft.com/fwlink/?linkid=834947)	Windows Uniscribe Remote Code Execution Vulnerability	[CVE-2016-7274](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7274)	Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/)
[MS16-146](https://go.microsoft.com/fwlink/?linkid=834444)	Windows GDI Information Disclosure Vulnerability	[CVE-2016-7257](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7257)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-146](https://go.microsoft.com/fwlink/?linkid=834444)	Windows Graphics Remote Code Execution Vulnerability	[CVE-2016-7272](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7272)	Giwan Go of STEALIEN, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-146](https://go.microsoft.com/fwlink/?linkid=834444)	Defense-in-depth	-------------------	Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7181](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7181)	Veit Hailperin ([@fenceposterror](https://twitter.com/fenceposterror)) of [scip AG](https://www.scip.ch/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7279)	The UK's National Cyber Security Centre (NCSC)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-7280](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7280)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7286](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7286)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7287](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7287)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7288](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7288)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7296](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7296)	Linan Hao of [Qihoo 360](http://www.360.cn/) Vulcan Team working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7297)	Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7297)	Anonymous working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202)	Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202)	Scott Bell of Security-Assessment.com
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Windows Hyperlink Object Library Information Disclosure Vulnerability	[CVE-2016-7278](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7278)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7279)	The UK's National Cyber Security Centre (NCSC)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7283](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7283)	Scott Bell of Security-Assessment.com
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-7284](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7284)	Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7287](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7287)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7293)	[Tigonlab](http://www.tigonlab.org/)
November 2016
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7196)	[Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7198)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-7227](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7227)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-7239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7239)	Masato Kinugawa via Google VRP
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372)	Microsoft Browser Remote Code Execution Vulnerability	[CVE-2016-7241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7241)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372)	Defense-in-depth	-------------------	John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/)
[MS16-139](https://go.microsoft.com/fwlink/?linkid=830965)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-7216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7216)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-139](https://go.microsoft.com/fwlink/?linkid=830965)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-7216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7216)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965)	VHDFS Driver Elevation of Privilege Vulnerability	[CVE-2016-7223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7223)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965)	VHDFS Driver Elevation of Privilege Vulnerability	[CVE-2016-7224](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7224)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965)	VHDFS Driver Elevation of Privilege Vulnerability	[CVE-2016-7225](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7225)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965)	VHDFS Driver Elevation of Privilege Vulnerability	[CVE-2016-7226](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7226)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-137](https://go.microsoft.com/fwlink/?linkid=833192)	Local Security Authority Subsystem Service Denial of Service Vulnerability	[CVE-2016-7237](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7237)	Laurent Gaffie
[MS16-136](https://go.microsoft.com/fwlink/?linkid=830963)	SQL RDBMS Engine Elevation of Privilege Vulnerability	[CVE-2016-7250](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7250)	Scott Sutherland of [netSPI](http://www.netspi.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Information Disclosure Vulnerability	[CVE-2016-7214](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7214)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7215)	bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Bowser.sys Information Disclosure Vulnerabilty	[CVE-2016-7218](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7218)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege	[CVE-2016-7246](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7246)	Anonymous working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255)	Neel Mehta of [Google’s](http://www.google.com/) Threat Analysis Group
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255)	Billy Leonard of [Google’s](http://www.google.com/) Threat Analysis Group
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255)	Feike Hacquebord, of [Trend Micro](http://www.trendmicro.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255)	Peter Pi of [Trend Micro](http://www.trendmicro.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255)	Brooks Li of [Trend Micro](http://www.trendmicro.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows CLFS Elevation of Privilege	[CVE-2016-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0026)	[Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3332](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3332)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3333](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3333)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3334](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3334)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3334](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3334)	[Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3335](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3335)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3338](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3338)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3340](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3340)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3342](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3342)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows Common Log File System Driver Elevation of Privilege Vulnerability	[CVE-2016-3343](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3343)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018)	Windows CLFS Elevation of Privilege	[CVE-2016-7184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7184)	[Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7213)	JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7228](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7228)	JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7229](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7229)	JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7230](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7230)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7231)	JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7232](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7232)	Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7232](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7232)	Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7233)	Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-7233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7233)	Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7234)	Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7234)	Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7235)	Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7235)	Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7236](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7236)	Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Denial of Service Vulnerability	[CVE-2016-7244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7244)	Dmitri Kaslov, Independent Security Researcher
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7245](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7245)	Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Windows Animation Manager Memory Corruption Vulnerability	[CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205)	Scott Bell of Security-Assessment.com
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Windows Animation Manager Memory Corruption Vulnerability	[CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205)	[Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Windows Animation Manager Memory Corruption Vulnerability	[CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205)	SkyLined working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Open Type Font Information Disclosure Vulnerability	[CVE-2016-7210](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7210)	Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Media Foundation Memory Corruption Vulnerability	[CVE-2016-7217](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7217)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Open Type Font Elevation of Privilege Vulnerability	[CVE-2016-7256](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7256)	Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425)	Defense-in-Depth	-------------------	Bing Sun of Intel Security Group
[MS16-130](https://go.microsoft.com/fwlink/?linkid=833191)	Windows Remote Code Execution Vulnerability	[CVE-2016-7212](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7212)	Aral Yaman of [Noser Engineering AG](http://www.noser.com/)
[MS16-130](https://go.microsoft.com/fwlink/?linkid=833191)	Windows IME Elevation of Privilege Vulnerability	[CVE-2016-7221](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7221)	Takashi Yoshikawa of [Mitsui Bussan Secure Directions, Inc.](https://www.mbsd.jp/)
[MS16-130](https://go.microsoft.com/fwlink/?linkid=833191)	Task Scheduler Elevation of Privilege Vulnerability	[CVE-2016-7222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7222)	[Shanti Lindström](https://linkedin.com/in/shanti-lindström-399112a8) Individual
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7195](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7195)	[Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7196)	[Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-7198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7198)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7200)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7200)	[Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7201)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202)	bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202)	Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202)	Scott Bell of Security-Assessment.com
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7203)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Edge Information Disclosure Vulnerability	[CVE-2016-7204](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7204)	Abdulrahman Alqabandi ([@qab](https://twitter.com/qab))
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7208](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7208)	Microsoft ChakraCore Team
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-7227](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7227)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-7239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7239)	Masato Kinugawa via Google VRP
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7240](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7240)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Microsoft Browser Remote Code Execution Vulnerability	[CVE-2016-7241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7241)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7242](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7242)	[Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7243](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7243)	Nicolas Joly of MSRCE UK
October 2016
[MS16-126](http://go.microsoft.com/fwlink/?linkid=829052)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-3298](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3298)	Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/)
[MS16-125](http://go.microsoft.com/fwlink/?linkid=827822)	Windows Diagnostics Hub Elevation of Privilege	[CVE-2016-7188](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7188)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821)	Windows Kernel Local Elevation of Privilege	[CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070)	Fortinet’s [FortiGuard Labs](http://fortiguard.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821)	Windows Kernel Local Elevation of Privilege	[CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821)	Windows Kernel Local Elevation of Privilege	[CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821)	Windows Kernel Local Elevation of Privilege	[CVE-2016-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0073)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821)	Windows Kernel Local Elevation of Privilege	[CVE-2016-0075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0075)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821)	Windows Kernel Local Elevation of Privilege	[CVE-2016-0079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0079)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3266](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3266)	[pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595)	Windows Transaction Manager Elevation of Privilege Vulnerability	[CVE-2016-3341](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3341)	Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595)	Windows Kernel Elevation of Privilege vulnerability	[CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595)	Windows Kernel Elevation of Privilege vulnerability	[CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595)	Windows Kernel Driver Local Elevation of Privilege	[CVE-2016-7185](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7185)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-7211](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7211)	[fanxiaocao](https://twitter.com/tinysecex) (@TinySec), and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-121](http://go.microsoft.com/fwlink/?linkid=828158)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-7193](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7193)	Austrian MilCERT
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590)	True Type Font Parsing Information Disclosure Vulnerability	[CVE-2016-3209](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3209)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590)	GDI+ Information Disclosure Vulnerability	[CVE-2016-3262](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3262)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590)	GDI+ Information Disclosure Vulnerability	[CVE-2016-3263](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3263)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3270](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3270)	[pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of Qihoo 360 Vulcan Team
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590)	Windows Graphics Component RCE Vulnerability	[CVE-2016-3393](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3393)	Anton Ivanov of [Kaspersky Lab](http://www.kaspersky.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590)	True Type Font Parsing Elevation of Privilege Vulnerability	[CVE-2016-7182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7182)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3267)	Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3331](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3331)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3382)	Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3386](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3386)	Richard Zhu (fluorescence), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3386](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3386)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Elevation of Privilege Vulnerability	[CVE-2016-3387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3387)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Elevation of Privilege Vulnerability	[CVE-2016-3388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3388)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3389](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3389)	Microsoft ChakraCore Team
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3390](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3390)	Microsoft ChakraCore Team
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	Stefaan Truijen, working with [NVISO](https://www.nviso.be/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	Adrian Toma, working with [NVISO](https://www.nviso.be/) (internship)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	Daan Raman, working with [NVISO](https://www.nviso.be/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	[Arne Swinnen](https://www.arneswinnen.net/) working with [NVISO](https://nviso.be/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Microsoft Browser Security Feature Bypass	[CVE-2016-3392](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3392)	[Xiaoyin Liu](https://twitter.com/general_nfs)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Information Disclosure Vulnerability	[CVE-2016-7189](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7189)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7190](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7190)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-7194](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7194)	Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592)	-------------------	-------------------	Andrew Wesie (awesie) from [Theori](http://theori.io/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3267)	Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-3298](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3298)	Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3331](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3331)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3382)	Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3383)	0011, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3384](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3384)	62600BCA031B9EB5CB4A74ADDDD6771E, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3385)	[Jaehun Jeong](https://twitter.com/n3sk) (n3sk), of WINS, WSEC Analysis Team, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Elevation of Privilege Vulnerability	[CVE-2016-3387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3387)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Elevation of Privilege Vulnerability	[CVE-2016-3388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3388)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	Stefaan Truijen, working with [NVISO](https://www.nviso.be/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	Adrian Toma, working with [NVISO](https://www.nviso.be/) (internship)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	Daan Raman, working with [NVISO](https://www.nviso.be/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391)	[Arne Swinnen](https://www.arneswinnen.net/) working with [NVISO](https://nviso.be/)
-------------------	Defense-in-depth	-------------------	James Forshaw of [Google Project Zero](http://www.google.com/)
September 2016
[MS16-116](http://go.microsoft.com/fwlink/?linkid=825725)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376)	An anonymous researcher, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-116](http://go.microsoft.com/fwlink/?linkid=825725)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375)	Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-115](http://go.microsoft.com/fwlink/?linkid=825727)	PDF Library Information Disclosure Vulnerability	[CVE-2016-3370](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3370)	Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-115](http://go.microsoft.com/fwlink/?linkid=825727)	PDF Library Information Disclosure Vulnerability	[CVE-2016-3374](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374)	Roberto Suggi Liverani (@malerisch) of [malerisch.net](http://blog.malerisch.net/)
[MS16-115](http://go.microsoft.com/fwlink/?linkid=825727)	PDF Library Information Disclosure Vulnerability	[CVE-2016-3374](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-114](http://go.microsoft.com/fwlink/?linkid=824826)	Windows SMB Authenticated Remote Code Execution Vulnerability	[CVE-2016-3345](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374)	Alexander Ovchinnikov of [Tuxera Inc](https://www.tuxera.com/)
[MS16-114](http://go.microsoft.com/fwlink/?linkid=824826)	Windows SMB Authenticated Remote Code Execution Vulnerability	[CVE-2016-3345](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374)	Oleg Kravtsov of [Tuxera Inc](https://www.tuxera.com/)
[MS16-112](http://go.microsoft.com/fwlink/?linkid=821605)	Windows Lock Screen Elevation of Privilege Vulnerability	[CVE-2016-3302](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3302)	Auri A. Rahimzadeh of [Auri’s Ideas](http://auri.net/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142)	Windows Session Object Elevation of Privilege Vulnerability	[CVE-2016-3305](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3305)	[The Citrix Product Security Team](https://www.citrix.com/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142)	Windows Session Object Elevation of Privilege Vulnerability	[CVE-2016-3306](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3306)	[The Citrix Product Security Team](https://www.citrix.com/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-3371](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3371)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-3372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3372)	Marcin Wiazowski, individual
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-3373](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3373)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-110](http://go.microsoft.com/fwlink/?linkid=821596)	Windows Denial of Service Vulnerability	[CVE-2016-3369](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3369)	Piotr Bania of [Cisco Talos](http://talosintel.com/vulnerability-reports/)
[MS16-110](http://go.microsoft.com/fwlink/?linkid=821596)	Windows Remote Code Execution Vulnerability	[CVE-2016-3368](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3368)	Jonathan Brown of [VMware, Inc](http://www.vmware.com/)
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829)	Defense-in-depth	-------------------	John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/)
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829)	Microsoft Exchange Information Disclosure Vulnerability	[CVE-2016-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0138)	[Bassel Rachid](mailto:bassel.rachid@dh.com) of DH Corporation
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829)	Microsoft Exchange Information Disclosure Vulnerability	[CVE-2016-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0138)	[Lucie Brochu](mailto:lucie.brochu@dh.com) of DH Corporation
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829)	Microsoft Exchange Open Redirect Vulnerability	[CVE-2016-3378](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3378)	John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/)
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829)	Microsoft Exchange Elevation of Privilege Vulnerability	[CVE-2016-3379](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3379)	Adrian Ivascu
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft APP-V ASLR Bypass	[CVE-2016-0137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0137)	Udi Yavo of [enSilo](http://ensilo.com/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3357](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3357)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3358](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3358)	Steven Seeley of Source Incite, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3359](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3359)	Steven Seeley of Source Incite, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3361](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3361)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3362](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3362)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3363)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3364](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3364)	Eduardo Braun Prado
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3365](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3365)	Steven Seeley of [Source Incite](http://srcincite.io/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817)	Microsoft Office Spoofing Vulnerability	[CVE-2016-3366](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3366)	Incident Response Team of [Certego](http://www.certego.net/)
[MS16-106](http://go.microsoft.com/fwlink/?linkid=824814)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3348](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3348)	RanchoIce of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-106](http://go.microsoft.com/fwlink/?linkid=824814)	GDI Information Disclosure Vulnerability	[CVE-2016-3354](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3354)	WanderingGlitch of [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-106](http://go.microsoft.com/fwlink/?linkid=824814)	GDI Information Disclosure Vulnerability	[CVE-2016-3355](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3355)	Liang Yin of Tencent PC Manager via GeekPwn
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Defense-in-depth	-------------------	Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Defense-in-depth	-------------------	[Jun Kokatsu](https://twitter.com/shhnjk)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3247](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3247)	SkyLined, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3291)	Nathaniel Theis ([XMPPwocky](http://xmppwocky.net/))
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-3294](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3294)	Shi Ji (@Puzzor) of VARAS@IIE, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3295)	Garage4Hackers, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3297)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3325](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3325)	SkyLined
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-3330](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3330)	F4B3CD of STARLAB
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-3350](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3350)	Microsoft ChakraCore Team
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3351](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3351)	[Kafeine](https://twitter.com/kafeine), Brooks Li of [Trend Micro](http://www.trendmicro.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3377](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3377)	Richard Zhu (fluorescence), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Defense-in-depth	-------------------	[Jun Kokatsu](https://twitter.com/shhnjk)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3247](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3247)	SkyLined, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3291)	Nathaniel Theis ([XMPPwocky](http://xmppwocky.net/))
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Elevation of Privilege Vulnerability	[CVE-2016-3292](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3292)	Thomas Vanhoutte, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3295)	Garage4Hackers, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3297)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3324](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3324)	SkyLined
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3325](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3325)	SkyLined
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3351](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3351)	[Kafeine](https://twitter.com/kafeine), Brooks Li of [Trend Micro](http://www.trendmicro.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Internet Explorer Security Feature Bypass	[CVE-2016-3353](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3353)	Eduardo Braun Prado, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375)	Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376)	An anonymous researcher, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375)	Simon Zuckerbraun working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375)	Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
-------------------	Defense-in-depth	-------------------	Fortinet’s FortiGuard Labs
-------------------	Defense-in-depth	-------------------	Steven Seeley of Source Incite working with iDefense
-------------------	Defense-in-depth	-------------------	Reno Robert
August 2016
[MS16-102](http://go.microsoft.com/fwlink/?linkid=823207)	Microsoft PDF Remote Code Execution Vulnerability	[CVE-2016-3319](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3319)	Aleksandar Nikolic of [Cisco Talos](http://talosintel.com/vulnerability-reports/)
[MS16-101](http://go.microsoft.com/fwlink/?linkid=821576)	Kerberos Elevation of Privilege Vulnerability	[CVE-2016-3237](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3237)	[Nabeel Ahmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3313](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3313)	Jaanus Kaap
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3313](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3313)	Sébastien Morin of [COSIG](https://smsecurity.net/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Microsoft OneNote Information Disclosure Vulnerability	[CVE-2016-3315](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3315)	dannywei of [Tencent’s Xuanwu Lab](http://www.tencent.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3316](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3316)	Francis Provencher of [COSIG](https://smsecurity.net/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3317](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3317)	Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Graphics Component Memory Corruption Vulnerability	[CVE-2016-3318](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3318)	Arun Kumar Sharma, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165)	Defense-in-depth	-----------------	Jerry Decime of Hewlett Packard Enterprise
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3308](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3308)	Peter (Keen) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3308](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3308)	ZeguangZhao (team509), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3309](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3309)	bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3310](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3310)	Wayne Low of Fortinet’s Fortiguard Labs
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3311](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3311)	[pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of Qihoo 360 Vulcan Team
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582)	Defense-in-depth	-----------------	Martin Lenord
[MS16-097](http://go.microsoft.com/fwlink/?linkid=821146)	Windows Graphics Component RCE Vulnerability	[CVE-2016-3301](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3301)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-097](http://go.microsoft.com/fwlink/?linkid=821146)	Windows Graphics Component RCE Vulnerability	[CVE-2016-3303](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3303)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-097](http://go.microsoft.com/fwlink/?linkid=821146)	Windows Graphics Component RCE Vulnerability	[CVE-2016-3304](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3304)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3289)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3293)	Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3296](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3296)	Microsoft ChakraCore Team
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft PDF Remote Code Execution Vulnerability	[CVE-2016-3319](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3319)	Aleksandar Nikolic of [Cisco Talos](http://talosintel.com/vulnerability-reports/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3322](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3322)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3326](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3326)	Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3327](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3327)	Soroush Dalili of [NCC Group](https://www.nccgroup.trust/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137)	Microsoft Browser Information Disclosure	[CVE-2016-3329](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3329)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3288](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3288)	Ivan Fratric and Martin Barbella, working with [Google Project Zero](http://www.google.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3289)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3290](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3290)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3293)	Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-3321](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3321)	Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3322](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3322)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3326](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3326)	Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3327](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3327)	Soroush Dalili of [NCC Group](https://www.nccgroup.trust/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136)	Microsoft Browser Information Disclosure	[CVE-2016-3329](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3329)	Masato Kinugawa of [Cure53](https://cure53.de/)
July 2016
[MS16-092](http://go.microsoft.com/fwlink/?linkid=808706)	Windows File System Security Feature Bypass Vulnerability	[CVE-2016-3258](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3258)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-092](http://go.microsoft.com/fwlink/?linkid=808706)	Windows Kernel Information Disclosure Vulnerability	[CVE-2016-3272](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3272)	Herbert Bos of Vrije Universiteit Amsterdam
[MS16-091](http://go.microsoft.com/fwlink/?linkid=808156)	.NET Information Disclosure Vulnerability	[CVE-2016-3255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3255)	Michael Weber, Henrique Arcoverde [NCC Group](https://www.nccgroup.trust/us/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3249](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3249)	bee13oy of CloverSec Labs
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3250](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3250)	[zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590)	GDI Component Information Disclosure Vulnerability	[CVE-2016-3251](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3251)	[zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3252](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3252)	[fanxiaocao](https://twitter.com/tinysecex) (@TinySec), and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3254](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3254)	[zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590)	Microsoft win32k Elevation of Privilege Vulnerability	[CVE-2016-3286](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3286)	[zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3278](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3278)	Xiaoning Li of [Intel Labs](http://www.intel.com/content/www/us/en/research/intel-research.html)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Security Feature Bypass Vulnerability	[CVE-2016-3279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3279)	Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3280](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3280)	Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3281](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3281)	Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3282](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3282)	Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3283](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3283)	Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3284](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3284)	[Alexey Belyakov](https://alwerewolf.blogspot.com/), Individual
[MS16-087](http://go.microsoft.com/fwlink/?linkid=808150)	Microsoft Print Spooler Remote Code Execution Vulnerability	[CVE-2016-3238](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3238)	[Nicolas Beauchesne](http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack) of Vectra Networks
[MS16-087](http://go.microsoft.com/fwlink/?linkid=808150)	Windows Print Spooler Elevation of Privilege	[CVE-2016-3239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3239)	[Shanti Lindström](https://linkedin.com/in/shanti-lindström-399112a8), Individual
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Edge Security Feature Bypass	[CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244)	Zheng Huang of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Edge Security Feature Bypass	[CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244)	Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Edge Security Feature Bypass	[CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244)	Kai Song ([exp](http://exp-sky.org/)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-3246](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3246)	cc working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3248](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3248)	Microsoft ChakraCore Team
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3259)	[Jaehun Jeong](https://twitter.com/n3sk) (n3sk), Individual
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3264)	[exp-sky](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://xlab.tencent.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3265](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3265)	Jordan Rabet, Microsoft Offensive Security Research Team
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3269](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3269)	Jordan Rabet, Microsoft Offensive Security Research Team
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3271](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3271)	WanderingGlitch, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3273](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3273)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Browser Spoofing Vulnerability	[CVE-2016-3274](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3274)	Ferenc Lutischán of [Magyar Telekom Nyrt](http://www.telekom.hu/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Edge Spoofing Vulnerability	[CVE-2016-3276](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3276)	Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3277)	Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3240](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3240)	Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3241)	62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3242](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3242)	62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3243](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3243)	Zheng Huang of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Internet Explorer Security Feature Bypass	[CVE-2016-3245](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3245)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3259)	[Jaehun Jeong](https://twitter.com/n3sk) (n3sk), Individual
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3260)	Jordan Rabet of Microsoft Offensive Security Research Team
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-3261](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3261)	Li Kemeng, [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-3264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3264)	[exp-sky](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://xlab.tencent.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3273](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3273)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143)	Microsoft Browser Information Disclosure Vulnerability	[CVE-2016-3277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3277)	Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
-------------------	Defense-in-depth	-------------------	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
June 2016
[MS16-081](http://go.microsoft.com/fwlink/?linkid=798515)	Active Directory Denial of Service Vulnerability	[CVE-2016-3226](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3226)	Ondrej Sevecek of [GOPAS](https://www.sevecek.com/englishpages/lists/posts/post.aspx?id=81)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620)	Windows PDF Information Disclosure Vulnerability	[CVE-2016-3201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3201)	Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620)	Windows PDF Remote Code Execution Vulnerability	[CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203)	Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620)	Windows PDF Remote Code Execution Vulnerability	[CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203)	kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620)	Windows PDF Information Disclosure Vulnerability	[CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215)	Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620)	Windows PDF Information Disclosure Vulnerability	[CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215)	kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-079](http://go.microsoft.com/fwlink/?linkid=787067)	Microsoft Exchange Information Disclosure Vulnerability	[CVE-2016-0028](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0028)	Louis-Paul Dareau of [ProcessOut](https://www.processout.com/)
[MS16-078](http://go.microsoft.com/fwlink/?linkid=799136)	Windows Diagnostics Hub Elevation of Privilege	[CVE-2016-3231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3231)	lokihardt, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-078](http://go.microsoft.com/fwlink/?linkid=799136)	Windows Diagnostics Hub Elevation of Privilege	[CVE-2016-3231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3231)	[Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-077](http://go.microsoft.com/fwlink/?linkid=798850)	WPAD Elevation of Privilege Vulnerability	[CVE-2016-3213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3213)	[Moritz Jodeit](https://twitter.com/moritzj) of [Blue Frost Security GmbH](https://www.bluefrostsecurity.de/)
[MS16-077](http://go.microsoft.com/fwlink/?linkid=798850)	WPAD Elevation of Privilege Vulnerability	[CVE-2016-3213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3213)	Yu Yang (@tombkeeper) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-074](http://go.microsoft.com/fwlink/?linkid=798504)	Windows Graphics Component Information Disclosure Vulnerability	[CVE-2016-3216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3216)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-074](http://go.microsoft.com/fwlink/?linkid=798504)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3219)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-074](http://go.microsoft.com/fwlink/?linkid=798504)	ATMFD.DLL Elevation of Privilege Vulnerability	[CVE-2016-3220](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3220)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-073](http://go.microsoft.com/fwlink/?linkid=798502)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3218](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3218)	[zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-073](http://go.microsoft.com/fwlink/?linkid=798502)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-3221](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3221)	RanchoIce of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-072](http://go.microsoft.com/fwlink/?linkid=798378)	Group Policy Elevation of Privilege Vulnerability	[CVE-2016-3223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3223)	[NabeelAhmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-072](http://go.microsoft.com/fwlink/?linkid=798378)	Group Policy Elevation of Privilege Vulnerability	[CVE-2016-3223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3223)	[Tom Gilis](https://twitter.com/tgilis) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0025)	YangKang of [360 QEX Team](http://www.360.cn/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-3233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3233)	David D. Rude II working with iDefense
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0025)	LiYaDong of [360 QEX Team](http://www.360.cn/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377)	Microsoft Office Information Disclosure Vulnerability	[CVE-2016-3234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3234)	Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377)	Microsoft Office OLE DLL Side Loading Vulnerability	[CVE-2016-3235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3235)	Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377)	Defense-in-depth	-----------------	[Danny Wei Wei](https://twitter.com/danny_wei) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-069](http://go.microsoft.com/fwlink/?linkid=798411)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3205)	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-069](http://go.microsoft.com/fwlink/?linkid=798411)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3206](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3206)	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-069](http://go.microsoft.com/fwlink/?linkid=798411)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3207](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3207)	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Microsoft Edge Security Feature Bypass	[CVE-2016-3198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3198)	Mario Heiderich of [Cure53](https://cure53.de/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3199](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3199)	lokihardt working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Windows PDF Information Disclosure Vulnerability	[CVE-2016-3201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3201)	Jaanus Kääp of Clarified Security
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Windows PDF Remote Code Execution Vulnerability	[CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203)	kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3214](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3214)	Jordan Rabet of Microsoft Offensive Security Research Team
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Windows PDF Information Disclosure Vulnerability	[CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215)	Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Windows PDF Information Disclosure Vulnerability	[CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215)	kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-3222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3222)	Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-3222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3222)	Kai Song (exp-sky) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0199](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0199)	SkyLined working with iDefense
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0200)	62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3205)	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3206](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3206)	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3207](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3207)	Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-3210](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3210)	[Moritz Jodeit](https://twitter.com/moritzj) of [Blue Frost Security](https://www.bluefrostsecurity.de/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-3211](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3211)	[Ashutosh Mehra](https://twitter.com/ashutoshmehra) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	Internet Explorer XSS Filter Vulnerability	[CVE-2016-3212](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3212)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510)	WPAD Elevation of Privilege Vulnerability	[CVE-2016-3299](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3299)	Yu Yang (@tombkeeper) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
May 2016
[MS16-067](http://go.microsoft.com/fwlink/?linkid=786475)	Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability	[CVE-2016-0190](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0190)	Sandeep Kumar of [Citrix Systems Inc.](http://www.citrix.com/)
[MS16-066](http://go.microsoft.com/fwlink/?linkid=785792)	Hypervisor Code Integrity Security Feature Bypass	[CVE-2016-0181](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0181)	Rafal Wojtczuk of [Bromium](http://www.bromium.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0171](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0171)	Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0173)	Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0173)	[Qihoo 360 Vulcan Team](http://www.360.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0174](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0174)	Liang Yin of Tencent PC Manager working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Information Disclosure Vulnerability	[CVE-2016-0175](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0175)	Liang Yin of Tencent PC Manager working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability	[CVE-2016-0176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0176)	Peter Hlavaty of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability	[CVE-2016-0176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0176)	Daniel King of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0196)	Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0196)	[Qihoo 360 Vulcan Team](http://www.360.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923)	Defense-in-depth	-----------------	Fermin J. Serna
[MS16-061](http://go.microsoft.com/fwlink/?linkid=785871)	RPC Network Data Representation Engine Elevation of Privilege Vulnerability	[CVE-2016-0178](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0178)	Evgeny Kotkov of [VisualSVN](https://www.visualsvn.com/)
[MS16-061](http://go.microsoft.com/fwlink/?linkid=785871)	RPC Network Data Representation Engine Elevation of Privilege Vulnerability	[CVE-2016-0178](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0178)	Ivan Zhakov of [VisualSVN](https://www.visualsvn.com/)
[MS16-060](http://go.microsoft.com/fwlink/?linkid=785239)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-0180](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0180)	Loren Robinson of [CrowdStrike, Inc.](http://www.crowdstrike.com/)
[MS16-060](http://go.microsoft.com/fwlink/?linkid=785239)	Windows Kernel Elevation of Privilege Vulnerability	[CVE-2016-0180](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0180)	Alex Ionescu of [CrowdStrike, Inc.](http://www.crowdstrike.com/)
[MS16-059](http://go.microsoft.com/fwlink/?linkid=786468)	Windows Media Center Remote Code Execution Vulnerability	[CVE-2016-0185](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0185)	Eduardo Braun Prado, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-057](http://go.microsoft.com/fwlink/?linkid=786534)	Windows Shell Remote Code Execution Vulnerability	[CVE-2016-0179](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0179)	Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-056](http://go.microsoft.com/fwlink/?linkid=786477)	Journal Memory Corruption Vulnerability	[CVE-2016-0182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0182)	Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-056](http://go.microsoft.com/fwlink/?linkid=786477)	Journal Memory Corruption Vulnerability	[CVE-2016-0182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0182)	Bingchang Liu of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471)	Windows Graphics Component Information Disclosure Vulnerability	[CVE-2016-0168](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0168)	Mateusz Jurczyk of Google Project Zero
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471)	Windows Graphics Component Information Disclosure Vulnerability	[CVE-2016-0169](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0169)	Mateusz Jurczyk of Google Project Zero
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471)	WIndows Graphics Component RCE vulnerability	[CVE-2016-0170](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0170)	Mateusz Jurczyk of Google Project Zero
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471)	Direct3D Use After Free RCE Vulnerability	[CVE-2016-0184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0184)	Henry Li(zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0126)	An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0126)	Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0140)	Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875)	Office Graphics RCE Vulnerability	[CVE-2016-0183](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0183)	Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-053](http://go.microsoft.com/fwlink/?linkid=786478)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0187](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0187)	Kai Kang
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0186](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0186)	Brian Pak (cai) from Theori, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0186](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0186)	Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0191](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0191)	Lokihart working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0192](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0192)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0193](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0193)	Zhen Feng, Wen Xu of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874)	Defense-in-depth	-----------------	[Bing Sun](https://www.linkedin.com/in/bing-sun-064a3372) Intel Security Group
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0187](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0187)	Kai Kang
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0192](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0192)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-0194](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0194)	Thomas Vanhoutte, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873)	Defense-in-depth	-----------------	Zhang Yunhai of [NSFOCUS](http://www.nsfocus.com/)
April 2016
[MS16-049](http://go.microsoft.com/fwlink/?linkid=746932)	HTTP.sys Denial of Service Vulnerability	[CVE-2016-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0150)	Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-049](http://go.microsoft.com/fwlink/?linkid=746932)	HTTP.sys Denial of Service Vulnerability	[CVE-2016-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0150)	Noam Mazor of [Imperva](http://www.imperva.com/)
[MS16-048](http://go.microsoft.com/fwlink/?linkid=746886)	Windows CSRSS Security Feature Bypass Vulnerability	[CVE-2016-0151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0151)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-047](http://go.microsoft.com/fwlink/?linkid=746885)	Windows RPC Downgrade Vulnerability	[CVE-2016-0128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0128)	This vulnerability was discovered and researched by Stefan Metzmacher of [SAMBA+](https://samba.plus/) and the [Samba Team](https://www.samba.org/), which also helped design a fix for the problem. For more information about the vulnerability named “BADLOCK,” see [Badlock Bug](http://badlock.org/).
[MS16-046](http://go.microsoft.com/fwlink/?linkid=746896)	Secondary Logon Elevation of Privilege Vulnerability	[CVE-2016-0135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0135)	Tenable Network Security
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440)	Hyper-V Remote Code Execution Vulnerability	[CVE-2016-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0088)	Kostya Kortchinsky of the Google Security Team
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440)	Hyper-V Remote Code Execution Vulnerability	[CVE-2016-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0088)	Thomas Garnier
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440)	Hyper-V Information Disclosure vulnerability	[CVE-2016-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0089)	Kostya Kortchinsky of the Google Security Team
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440)	Hyper-V Information Disclosure vulnerability	[CVE-2016-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0089)	Thomas Garnier
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440)	Hyper-V Information Disclosure vulnerability	[CVE-2016-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0090)	Kostya Kortchinsky of the Google Security Team
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440)	Hyper-V Information Disclosure vulnerability	[CVE-2016-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0090)	Thomas Garnier
[MS16-044](http://go.microsoft.com/fwlink/?linkid=747040)	Windows OLE Remote Code Execution Vulnerability	[CVE-2016-0153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0153)	[Debasish Mandal](https://twitter.com/debasishm89) of the [Intel Security](http://www.intelsecurity.com/) IPS Vulnerability Research Team
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0122)	Sébastien Morin of [COSIG](https://smsecurity.net/)
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0127)	Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0136)	Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0139)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-041](http://go.microsoft.com/fwlink/?linkid=746929)	.NET Framework Remote Code Execution Vulnerability	[CVE-2016-0148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0148)	Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-041](http://go.microsoft.com/fwlink/?linkid=746929)	.NET Framework Remote Code Execution Vulnerability	[CVE-2016-0148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0148)	rgod, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-040](http://go.microsoft.com/fwlink/?linkid=746897)	MSXML 3.0 Remote Code Execution Vulnerability	[CVE-2016-0147](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0147)	Nicolas Grégoire of [Agarri](http://www.agarri.fr/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0143](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0143)	Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883)	Graphics Memory Corruption Vulnerability	[CVE-2016-0145](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0145)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0165](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0165)	[Kaspersky Lab](http://www.kaspersky.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0167](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0167)	Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883)	Defense-in-depth	-----------------	[Richard Shupak](https://www.linkedin.com/in/rshupak)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0154)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0155)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0156)	Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0156)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0157](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0157)	d81b2a7b317c035a8da11d63122964c2, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Edge Elevation of Privilege Vulnerability	[CVE-2016-0158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0158)	lokihardt, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894)	Microsoft Edge Information Disclosure Vulnerability	[CVE-2016-0161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0161)	QianWen Xiang of Tencent QQBrowser
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0154)	Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0159)	B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891)	DLL Loading Remote Code Execution Vulnerability	[CVE-2016-0160](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0160)	[Sandro Poppi](https://spoppi.wordpress.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-0162](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0162)	Ladislav Janko, working with [ESET](http://www.eset.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0164](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0164)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0166](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0166)	Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[3152550](https://technet.microsoft.com/library/security/3152550.aspx)	N/A	N/A	Marc Newlin of the Bastille Threat Research Team
March 2016
[MS16-035](http://go.microsoft.com/fwlink/?linkid=730728)	.NET XML Validation Security Feature Bypass	[CVE-2016-0132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0132)	[Anders Abel](https://coding.abel.nu/) of [Kentor](http://www.kentor.se/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0093)	Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0094)	Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0095)	Jueming of [Security Threat Information Center](http://security.alibaba.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0095)	bee13oy of CloverSec Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0096)	[fanxiaocao](http://weibo.com/cdutboy) and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-033](http://go.microsoft.com/fwlink/?linkid=733468)	USB Mass Storage Elevation of Privilege Vulnerability	[CVE-2016-0133](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0133)	Andy Davis, [NCC Group](https://www.nccgroup.trust/us/)
[MS16-032](http://go.microsoft.com/fwlink/?linkid=733467)	Secondary Logon Elevation of Privilege Vulnerability	[CVE-2016-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0099)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-031](http://go.microsoft.com/fwlink/?linkid=733466)	Windows Elevation of Privilege Vulnerability	[CVE-2016-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0087)	Meysam Firozi @[R00tkitSmm](https://twitter.com/r00tkitsmm)
[MS16-030](http://go.microsoft.com/fwlink/?linkid=733465)	Windows OLE Memory Remote Code Execution Vulnerability	[CVE-2016-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0091)	Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-030](http://go.microsoft.com/fwlink/?linkid=733465)	Windows OLE Memory Remote Code Execution Vulnerability	[CVE-2016-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0092)	Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0021)	Richard Warren of [NCC Group](https://www.nccgroup.trust/us/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083)	Microsoft Security Feature Bypass Vulnerability	[CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057)	Eric Clausing of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083)	Microsoft Security Feature Bypass Vulnerability	[CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057)	Ulf Loesche of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083)	Microsoft Security Feature Bypass Vulnerability	[CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057)	Maik Morgenstern of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083)	Microsoft Security Feature Bypass Vulnerability	[CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057)	Andreas Marx of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0134)	Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0102)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-028](http://go.microsoft.com/fwlink/?linkid=733419)	Windows Remote Code Execution Vulnerability	[CVE-2016-0117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0117)	Mark Yason, IBM X-Force
[MS16-028](http://go.microsoft.com/fwlink/?linkid=733419)	Windows Remote Code Execution Vulnerability	[CVE-2016-0118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0118)	Jaanus Kp Clarified Security, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-027](http://go.microsoft.com/fwlink/?linkid=733470)	Windows Media Parsing Remote Code Execution Vulnerability	[CVE-2016-0101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0101)	[Bruno Martinez](mailto:bruno.uy@gmail.com)
[MS16-026](http://go.microsoft.com/fwlink/?linkid=733471)	OpenType Font Parsing Vulnerability	[CVE-2016-0120](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0120)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-026](http://go.microsoft.com/fwlink/?linkid=733471)	OpenType Font Parsing Vulnerability	[CVE-2016-0121](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0121)	Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-025](http://go.microsoft.com/fwlink/?linkid=733940)	Library Loading Input Validation Remote Code Execution Vulnerability	[CVE-2016-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0100)	Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0102)	Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0105)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0109)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0110)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0116](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0116)	The Microsoft ChakraCore Team
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0123)	d81b2a7b317c035a8da11d63122964c2, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0124](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0124)	003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Information Disclosure Vulnerability	[CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125)	Richard Shupak
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Information Disclosure Vulnerability	[CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125)	[Hariram Balasundaram](https://www.linkedin.com/in/hariramb)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Information Disclosure Vulnerability	[CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125)	[Yashvier Kosaraju](https://www.linkedin.com/in/yashvier)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0129](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0129)	The Microsoft ChakraCore Team
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0130)	The Microsoft ChakraCore Team
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Defense-in-depth	-----------------	0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246)	Defense-in-depth	-----------------	Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0103)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0104)	Li Kemeng of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0105)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0106](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0106)	sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107)	Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107)	B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107)	[Tigonlab](http://www.tigonlab.org/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0108](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0108)	Abhishek Arya and Martin Barbella, working with [Google Project Zero](http://www.google.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0109)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0110)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111)	Abhishek Arya working with [Google Project Zero](http://www.google.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111)	Martin Barbella, working with [Google Project Zero](http://www.google.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0112)	sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0112)	0011, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0113)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0114](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0114)	Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245)	Defense-in-depth	-----------------	Simon Zuckerbraun working with [HP’s](http://www.hpenterprisesecurity.com/products)[Zero Day Initiative](http://www.zerodayinitiative.com/)
February 2016
[MS16-018](http://go.microsoft.com/fwlink/?linkid=722617)	Win32k Elevation of Privilege Vulnerability	[CVE-2016-0048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0048)	[fanxiaocao](http://weibo.com/cdutboy) and [pjf](http://weibo.com/jfpan) of [Qihoo 360](http://www.360.cn/)
[MS16-016](http://go.microsoft.com/fwlink/?linkid=722536)	WebDAV Elevation of Privilege Vulnerability	[CVE-2016-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0051)	[Tamás Koczka](https://twitter.com/koczkatamas) of [Tresorit](http://www.tresorit.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0022)	Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0052)	Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0053)	Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0055)	Kai Lu of Fortinet’s FortiGuard Labs
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0056)	An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214)	Microsoft SharePoint XSS Vulnerability	[CVE-2016-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0039)	Hadji Samir of [Evolution Security GmbH](http://www.evolution-sec.com/) (Vulnerability Lab)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows Elevation of Privilege Vulnerability	[CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040)	Meysam Firozi [@R00tkitSmm](https://twitter.com/r00tkitsmm)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows Elevation of Privilege Vulnerability	[CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040)	Su Yong Kim of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows Elevation of Privilege Vulnerability	[CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040)	Taesoo Kim of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows Elevation of Privilege Vulnerability	[CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040)	Byoungyoung Lee of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	DLL Loading Remote Code Execution Vulnerability	[CVE-2016-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0041)	Greg Linares, working with [CyberPoint SRT](http://cyberpointllc.com/srt)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	DLL Loading Remote Code Execution Vulnerability	[CVE-2016-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0041)	Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows DLL Loading Remote Code Execution Vulnerability	[CVE-2016-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0042)	Richard Warren of [NCC Group](https://www.nccgroup.trust/us/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows Kerberos Security Feature Bypass	[CVE-2016-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0049)	Vulnerability discovered by [Nabeel Ahmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215)	Windows Kerberos Security Feature Bypass	[CVE-2016-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0049)	Vulnerability discovered by [Tom Gilis](https://twitter.com/tgilis) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-013](http://go.microsoft.com/fwlink/?linkid=722340)	Windows Journal Memory Corruption Vulnerability	[CVE-2016-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0038)	Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-012](http://go.microsoft.com/fwlink/?linkid=623622)	Microsoft Windows Reader Vulnerability	[CVE-2016-0046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0046)	Jaanus Kp Clarified Security, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-012](http://go.microsoft.com/fwlink/?linkid=623622)	Microsoft PDF Library Buffer Overflow Vulnerability	[CVE-2016-0058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0058)	Atte Kettunen of [OUSPG](https://www.ee.oulu.fi/research/ouspg/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0060)	003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0061)	SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0062)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213)	Microsoft Edge ASLR Bypass	[CVE-2016-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0080)	Zhang Yunhai of [NSFOCUS](http://www.nsfocus.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0059)	Kai Lu of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Information Disclosure Vulnerability	[CVE-2016-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0059)	Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0060)	003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0061)	SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Microsoft Browser Memory Corruption Vulnerability	[CVE-2016-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0062)	Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0063)	SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0064)	Jack Tang of [Trend Micro](http://trendmicro.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Elevation of Privilege Vulnerability	[CVE-2016-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0068)	Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Elevation of Privilege Vulnerability	[CVE-2016-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0069)	Yosuke HASEGAWA of Secure Sky Technology Inc.
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0071)	Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Internet Explorer Memory Corruption Vulnerability	[CVE-2016-0072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0072)	0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212)	Microsoft Browser Spoofing Vulnerability	[CVE-2016-0077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0077)	[Kacper Rybczyński](https://twitter.com/kacperybczynski)
[3137909](https://technet.microsoft.com/library/security/3137909.aspx)	N/A	N/A	[Michael Reizelman](https://www.facebook.com/michael.reizelman)
January 2016
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997)	Microsoft Exchange Spoofing Vulnerability	[CVE-2016-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0029)	Abdulrahman Alqabandi
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997)	Microsoft Exchange Spoofing Vulnerability	[CVE-2016-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0030)	Alexandru Coltuneac
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997)	Microsoft Exchange Spoofing Vulnerability	[CVE-2016-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0031)	[Nirmal Kirubakaran](https://www.linkedin.com/in/nirmalkirubakaran), Individual
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997)	Microsoft Exchange Spoofing Vulnerability	[CVE-2016-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0032)	Ysrael Gurt of [BugSec](http://bughunting.gurt.co.il/)
[MS16-008](http://go.microsoft.com/fwlink/?linkid=718007)	Windows Mount Point Elevation of Privilege Vulnerability	[CVE-2016-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0006)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-008](http://go.microsoft.com/fwlink/?linkid=718007)	Windows Mount Point Elevation of Privilege Vulnerability	[CVE-2016-0007](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0007)	James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	DLL Loading Elevation of Privilege Vulnerability	[CVE-2016-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0014)	Stefan Kanthak of [Me, myself & IT](http://home.arcor.de/skanthak/safer.html)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	Windows DirectShow Heap Corruption RCE vulnerability	[CVE-2016-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0015)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	Windows Library Loading Remote Code Execution Vulnerability	[CVE-2016-0016](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0016)	Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	Windows Library Loading Remote Code Execution Vulnerability	[CVE-2016-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0018)	[parvez@greyhathacker.net](https://technet.microsoft.com/en-us/mailto:parvez@greyhathacker.net)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	Windows Library Loading Remote Code Execution Vulnerability	[CVE-2016-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0018)	[Debasish Mandal](https://twitter.com/debasishm89) of the [Intel Security](http://www.intelsecurity.com/) IPS Vulnerability Research Team
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	Windows Remote Desktop Protocol Security Bypass Vulnerability	[CVE-2016-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0019)	Gal Goldshtein of [Citadel](http://citadel.co.il/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	Windows Remote Desktop Protocol Security Bypass Vulnerability	[CVE-2016-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0019)	Viktor Minin of [Citadel](http://citadel.co.il/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006)	MAPI LoadLibrary EoP Vulnerability	[CVE-2016-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0020)	[Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-006](http://go.microsoft.com/fwlink/?linkid=717994)	Silverlight Runtime Remote Code Execution Vulnerability	[CVE-2016-0034](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0034)	Anton Ivanov and Costin Raiu of [Kaspersky Lab](http://www.kaspersky.com/)
[MS16-005](http://go.microsoft.com/fwlink/?linkid=718001)	Windows GDI32.dll ASLR Bypass Vulnerability	[CVE-2016-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0008)	Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-005](http://go.microsoft.com/fwlink/?linkid=718001)	Win32k Remote Code Execution Vulnerability	[CVE-2016-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0009)	Kerem Gümrükcü
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0010)	Kai Lu of Fortinet’s FortiGuard Labs
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998)	ASLR bypass vulnerability	[CVE-2016-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0012)	IBM X-Forcer researcher Tom Kahana
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998)	ASLR bypass vulnerability	[CVE-2016-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0012)	IBM X-Forcer researcher Elad Menahem
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998)	Microsoft SharePoint Security Feature Bypass Vulnerability	[CVE-2015-6117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6117)	Jonas Nilsson of [Disruptive Innovations AB](http://www.disruptivei.com/)
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998)	Microsoft Office Memory Corruption Vulnerability	[CVE-2016-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0035)	Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-003](http://go.microsoft.com/fwlink/?linkid=718004)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0002](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0002)	Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003)	003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002)	Microsoft Edge Memory Corruption Vulnerability	[CVE-2016-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003)	Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0024)	CESG
[MS16-001](http://go.microsoft.com/fwlink/?linkid=717999)	Scripting Engine Memory Corruption Vulnerability	[CVE-2016-0002](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0002)	Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998)	Defense-in-depth	-----------------	Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002)	Defense-in-depth	-----------------	Wenbin Zheng of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-001](http://go.microsoft.com/fwlink/?linkid=717999)	Defense-in-depth	-----------------	Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/)
[3109853](https://technet.microsoft.com/library/security/3109853.aspx)	Defense-in-depth	-----------------	Thanks to Patrick Donahue, [CloudFlare](https://www.cloudflare.com/), for assistance in identifying the issue.
[3109853](https://technet.microsoft.com/library/security/3109853.aspx)	Defense-in-depth	-----------------	Thanks to Jeremiah Cohick, [Fitbit](https://www.fitbit.com/), for assistance in identifying the issue.
[3109853](https://technet.microsoft.com/library/security/3109853.aspx)	Defense-in-depth	-----------------	Thanks to Aaron Coleman, [Fitabase](https://www.fitabase.com/), for assistance in identifying the issue.