Security Alert (A16-11-03): Multiple Vulnerabilities in Microsoft Products (November 2016)
09 November 2016
Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:
MS16-129 Cumulative Security Update for Microsoft Edge MS16-130 Security Update for Microsoft Windows MS16-131 Security Update for Microsoft Video Control MS16-132 Security Update for Microsoft Graphics Component MS16-133 Security Update for Microsoft Office MS16-134 Security Update for Common Log File System Driver MS16-135 Security Update for Windows Kernel-Mode Drivers MS16-136 Security Update for SQL Server MS16-137 Security Update for Windows Authentication Methods MS16-138 Security Update to Microsoft Virtual Hard Disk Driver MS16-139 Security Update for Windows Kernel MS16-140 Security Update for Boot Manager MS16-141 Security Update for Adobe Flash Player MS16-142 Cumulative Security Update for Internet Explorer
Reports indicate that the vulnerabilities mentioned in MS16-132 and MS16-135 are being exploited in wild. In addition, there are scattered exploits observed against the vulnerabilities mentioned in MS16-129 and MS16-142.
Microsoft Internet Explorer 9, 10, 11
Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
Microsoft Office Compatibility Pack, Excel Viewer, PowerPoint Viewer
Microsoft Windows Vista, 7, 8.1, RT 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
Microsoft Office Web Apps 2010, 2013
Microsoft SharePoint Server 2010, 2013
Microsoft SQL Server 2012, 2014, 2016
A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at: https://technet.microsoft.com/library/security/ms16-nov
Depending on the vulnerability exploited, a successful attack could lead to information disclosure, denial of service, elevation of privilege, security feature bypass and remote code execution.
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
Microsoft Update http://update.microsoft.com/microsoftupdate