FacebookPixel

PatchTuesday.png

APRIL 2016

Bulletin ID

Bulletin Title and Executive Summary

Maximum Severity Rating
and Vulnerability Impact

MS16-037

Cumulative Security Update for Internet Explorer (3148531)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Critical 
Remote Code Execution

MS16-038

Cumulative Security Update for Microsoft Edge (3148532)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Critical 
Remote Code Execution

MS16-039

Security Update for Microsoft Graphics Component (3148522) 
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

Critical 
Remote Code Execution

MS16-040

Security Update for Microsoft XML Core Services (3148541) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Critical 
Remote Code Execution

MS16-041

Security Update for .NET Framework (3148789) 
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.

Important 
Remote Code Execution

MS16-042

Security Update for Microsoft Office (3148775) 
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical 
Remote Code Execution

MS16-044

Security Update for Windows OLE (3146706) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Important 
Remote Code Execution

MS16-045

Security Update for Windows Hyper-V (3143118) 
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Important 
Remote Code Execution

MS16-046

Security Update for Secondary Logon (3148538) 
This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Important 
Elevation of Privilege

MS16-047

Security Update for SAM and LSAD Remote Protocols (3148527)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.

Important 
Elevation of Privilege

MS16-048

Security Update for CSRSS (3148528)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.

Important 
Security Feature Bypass

MS16-049

Security Update for HTTP.sys (3148795)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

Important 
Denial of Service

MS16-050

Security Update for Adobe Flash Player (3154132) 
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Critical 
Remote Code Execution