Yesterday was the 2nd Tuesday of the month so that means it was “Patch Tuesday” it was a busy day for Microsoft with the following issues being resolved:

  • MS16-129 is a cumulative update for the Edge browser.
  • MS16-130 is an update for three Windows flaws that could allow a locally installed application to achieve remote code execution.
  • MS16-131 patches a flaw in Microsoft Video Control for Windows.
  • MS16-132 addresses four CVE-listed vulnerabilities in the Microsoft Graphics Component.
  • MS16-133 is this month’s Office update, addressing a total of 12 CVE-listed issues for both Windows & Mac.
  • MS16-134 is a patch for 10 elevation of privilege vulnerabilities in the Windows Common Log File System Driver.
  • MS16-135 resolves five elevation of privilege issues in the Windows Kernel Mode Driver that can potentially allow malicious applications to perform privilege escalation.
  • MS16-136 is an update for SQL Server that would allow an attacker to elevate their account privileges to view and delete data on the target system or create new accounts.
  • MS16-137 patches three CVE-listed flaws related to the way Windows handles authentication.
  • MS16-138 is an update for the Microsoft Virtual Hard Disk Driver in Windows and Windows Server. It addresses four elevation of privilege flaws that, if exploited, would allow an attacker to remotely access other restricted files on a targeted hard drive.
  • MS16-139 is a fix for a single elevation of privilege flaw in the Windows kernel.
  • MS16-140 addresses a flaw in the Windows Boot Manager that could allow an attacker with physical access to the system the ability to bypass code integrity checks and run test-signed applications and drivers on the target machine.
  • MS16-141 is Microsoft’s release of the November security update for Adobe Flash Player, patching all ten remote code execution vulnerabilities.
  • MS16-142 is the cumulative update for Internet Explorer, addressing seven CVE-listed flaws allowing for remote code execution and information disclosure by way of a malformed webpage.