20160309, Microsoft March 8 released 13 security patches

Source: Internet
Author: User
Tags ole microsoft edge

Hello, we are Microsoft Greater China Security Support team.

Microsoft released 13 new security bulletins on March 8, 2016 in Beijing time, of which 5 were critical levels, 8 were critical levels, fixed internet Explorer, Microsoft Edge, Windows Vista, Windows Server, Vulnerabilities in Microsoft Windows and Microsoft Office software.

The patch list is as follows:

Announcement ID

Announcement Title and Executive summary

Highest severity Rating
and vulnerability impact

Restart requirements

The Affected Software

ms16-023

Cumulative security update for Internet Explorer (3142015)
This security update fixes multiple vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user uses Internet Explorer to view a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install the program, view, change, or delete data, or create a new account with full user rights.

Serious
Remote Code Execution

Reboot required

Microsoft Windows,
Internet Explorer

ms16-024

Cumulative security update for Microsoft Edge (3142019)
This security update fixes multiple vulnerabilities in Microsoft Edge. The most severe of these vulnerabilities could allow remote code execution if a user uses Microsoft Edge to view a specially crafted webpage. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Accounts that are configured to have fewer system user rights are less impacted than customers who have administrative user rights.

Serious
Remote Code Execution

Reboot required

Microsoft Windows,
Microsoft Edge

ms16-025

Security update for Windows library load to repair Remote code execution Vulnerability (3140709)
This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows does not validate input correctly before loading certain libraries. However, an attacker must first gain access to the local system to execute a malicious application.

Important
Remote Code Execution

Reboot required

Microsoft Windows

ms16-026

Security update for graphical fonts for repairing remote Code Execution vulnerabilities (3143148)
This security update fixes multiple vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to access a Web site that contains specially crafted embedded OpenType fonts.

Serious
Remote Code Execution

Reboot required

Microsoft Windows

ms16-027

Windows Media security Update for repairing a remote Code execution Vulnerability (3143146)
This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens specially crafted media content hosted on the site.

Serious
Remote Code Execution

May require a restart

Microsoft Windows

ms16-028

Security update for Microsoft Windows PDF Library to repair Remote Code execution Vulnerability (3143081)
This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted. pdf file.

Serious
Remote Code Execution

May require a restart

Microsoft Windows

ms16-029

Microsoft Office security Update for repairing a remote Code execution Vulnerability (3141806)
This security update fixes multiple vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. Accounts that are configured to have fewer system user rights are less impacted than customers who have administrative user rights.

Important
Remote Code Execution

May require a restart

Microsoft Office,
Microsoft Office Services and Web Apps,
Microsoft Server Software

ms16-030

Windows OLE security Update for repairing a remote Code execution Vulnerability (3143136)
This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution when Windows OLE fails to properly validate user input. Attackers can exploit these vulnerabilities to execute malicious code. However, an attacker must first convince a user to open a specially crafted file or program in a Web page or e-mail message.

Important
Remote Code Execution

Reboot required

Microsoft Windows

ms16-031

Microsoft Windows Security Update (3140410) to fix elevation of privilege vulnerability
This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker could log on to the target system and run a specially crafted application.

Important
Privilege elevation

Reboot required

Microsoft Windows

ms16-032

Security update for secondary logons to fix elevation of Privilege Vulnerability (3143141)
This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon service fails to properly manage request handles in memory.

Important
Privilege elevation

Reboot required

Microsoft Windows

ms16-033

Security update for Windows USB mass storage class driver to fix elevation of Privilege Vulnerability (3143142)
This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access would insert a specially crafted USB device into the system.

Important
Privilege elevation

May require a restart

Microsoft Windows

ms16-034

Security update for Windows kernel-mode drivers to fix elevation of Privilege Vulnerability (3143145)
This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

Important
Privilege elevation

Reboot required

Microsoft Windows

ms16-035

Security update for the. NET Framework to fix security feature Bypass Vulnerability (3141780)
This security update fixes a vulnerability in the Microsoft. NET Framework. If the. NET Framework component does not correctly validate certain elements in the signed XML document, a security feature bypass vulnerability exists in the component.

Important
Bypassing security features

May require a restart

Microsoft Windows,
Microsoft. NET Framework

For more information, refer to the March 2016 security bulletin Summary:

Https://technet.microsoft.com/zh-cn/library/security/ms16-mar

20160309, Microsoft March 8 released 13 security patches

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.