Security Advisory - May 11, 2016

Zscaler Protects against Multiple Security Vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft RPC and Windows Kernel-Mode Drivers.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 15 vulnerabilities included in the May 2016 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

MS16-051 – Cumulative Security Update for Internet Explorer

Severity: Critical

Affected Software

Internet Explorer 9-11

CVE-2016-0187 – Scripting Engine Memory Corruption Vulnerability

CVE-2016-0192 – Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0194 – Internet Explorer Information Disclosure Vulnerability

Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-052 – Cumulative Security Update for Microsoft Edge

Severity: Critical

Affected Software

Microsoft Edge

CVE-2016-0191 – Microsoft Edge Memory Corruption Vulnerability

CVE-2016-0192 – Microsoft Browser Memory Corruption Vulnerability

CVE-2016-0193 – Scripting Engine Memory Corruption Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-055 – Security Update for Microsoft Graphics Component

Severity: Critical

Affected Software

Windows Vista SP2

Windows Server 2008 SP2

Windows 7 SP1

Windows Server 2008 R2 SP1

Windows 8.1

Windows Server 2012 and Windows Server 2012 R2

Windows RT 8.1

Windows 10

CVE-2016-0170 – Windows Graphics Component RCE Vulnerability

CVE-2016-0184 – Direct3D Use After Free Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-061 – Security Update for Microsoft RPC

Severity: Important

Affected Software

Windows Vista

Windows Server 2008

Windows Server 2008 R2

Windows 8.1

Windows Server 2012 and Windows Server 2012 R2

Windows RT 8.1

Windows 10

CVE-2016-0178 – RPC Network Data Representation Engine Elevation of Privilege Vulnerability

Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.

MS16-062 – Security Update for Windows Kernel-Mode Drivers

Severity: Important

Affected Software

Windows Vista SP2

Windows Server 2008

Windows 7 SP1

Windows Server 2008 R2 SP1

Windows 8.1

Windows Server 2012 and Windows Server 2012 R2

Windows RT 8.1

Windows 10

CVE-2016-0171 – Win32k Elevation of Privilege Vulnerability

CVE-2016-0172 – Win32k Elevation of Privilege Vulnerability

CVE-2016-0173 – Win32k Elevation of Privilege Vulnerability

CVE-2016-0174 – Win32k Elevation of Privilege Vulnerability

CVE-2016-0175 – Win32k Elevation of Privilege Vulnerability

CVE-2016-0176 – Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2016-0196 – Win32k Elevation of Privilege Vulnerability

Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Your world, secured

Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

The Zscaler Difference

Zero Trust Fundamentals

Secure Your Users

Secure Your Workloads

Secure Your IoT and OT

Products

Solution Areas

Zero Trust Exchange Platform

Transform with Zero Trust Architecture

Secure Your Business Goals

Learn, connect, and get support.

Amplifying the voices of real-world digital and zero trust pioneers

Resource Center

Events & Trainings

Security Research & Services

Tools

Community & Support

Industry & Market Solutions

About Zscaler

Partners

News & Announcements

Leadership Team

Partner Integrations

Investor Relations

Environmental, Social & Governance

Careers

Press Center

Compliance

Zenith Ventures

Security Advisory - May 11, 2016

Zscaler Protects against Multiple Security Vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft RPC and Windows Kernel-Mode Drivers.