Published on: 14 September 2016
Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:
MS16-104 Cumulative Security Update for Internet Explorer
MS16-105 Cumulative Security Update for Microsoft Edge
MS16-106 Security Update for Microsoft Graphics Component
MS16-107 Security Update for Microsoft Office
MS16-108 Security Update for Microsoft Exchange Server
MS16-109 Security Update for Silverlight
MS16-110 Security Update for Windows
MS16-111 Security Update for Windows Kernel
MS16-112 Security Update for Windows Lock Screen
MS16-113 Security Update for Windows Secure Kernel Mode
MS16-114 Security Update for SMBv1 Server
MS16-115 Security Update for Microsoft Windows PDF Library
MS16-116 Security Update in OLE Automation for VBScript Scripting Engine
MS16-117 Security Update for Adobe Flash Player
Reports indicate that the vulnerabilities of Internet Explorer and Edge are being actively exploited in wild.
A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:
https://technet.microsoft.com/library/security/ms16-sep
Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege, information disclosure, and remote code execution.
Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
If any problem is encountered during the patch installation via automated methods, patches for various affected systems can also be downloaded individually from the "Affected and Non-Affected Software" section of the corresponding Microsoft Security Advisory and Bulletins which can be accessed from the URL(s) listed in the "More Information" section of this Security Alert.
https://technet.microsoft.com/en-us/library/security/ms16-sep
https://technet.microsoft.com/en-us/library/security/MS16-104
https://technet.microsoft.com/en-us/library/security/MS16-105
https://technet.microsoft.com/en-us/library/security/MS16-106
https://technet.microsoft.com/en-us/library/security/MS16-107
https://technet.microsoft.com/en-us/library/security/MS16-108
https://technet.microsoft.com/en-us/library/security/MS16-109
https://technet.microsoft.com/en-us/library/security/MS16-110
https://technet.microsoft.com/en-us/library/security/MS16-111
https://technet.microsoft.com/en-us/library/security/MS16-112
https://technet.microsoft.com/en-us/library/security/MS16-113
https://technet.microsoft.com/en-us/library/security/MS16-114
https://technet.microsoft.com/en-us/library/security/MS16-115
https://technet.microsoft.com/en-us/library/security/MS16-116
https://technet.microsoft.com/en-us/library/security/MS16-117
https://www.hkcert.org/my_url/en/alert/16091401
https://www.us-cert.gov/ncas/current-activity/2016/09/13/Microsoft-Releases-September-2016-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0137 (to CVE-2016-0138)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3291 (to CVE-2016-3292)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3294 (to CVE-2016-3295)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3305 (to CVE-2016-3306)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3324 (to CVE-2016-3325)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3344 (to CVE-2016-3346)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3348 (to CVE-2016-3375)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3377 (to CVE-2016-3379)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3381