20160309, Microsoft March 8 released 13 security patches

Hello, we are Microsoft Greater China Security Support team.

Microsoft released 13 new security bulletins on March 8, 2016 in Beijing time, of which 5 were critical levels, 8 were critical levels, fixed internet Explorer, Microsoft Edge, Windows Vista, Windows Server, Vulnerabilities in Microsoft Windows and Microsoft Office software.

The patch list is as follows:

Announcement ID	Announcement Title and Executive summary	Highest severity Rating and vulnerability impact	Restart requirements	The Affected Software
ms16-023	Cumulative security update for Internet Explorer (3142015) This security update fixes multiple vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user uses Internet Explorer to view a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install the program, view, change, or delete data, or create a new account with full user rights.	Serious Remote Code Execution	Reboot required	Microsoft Windows, Internet Explorer
ms16-024	Cumulative security update for Microsoft Edge (3142019) This security update fixes multiple vulnerabilities in Microsoft Edge. The most severe of these vulnerabilities could allow remote code execution if a user uses Microsoft Edge to view a specially crafted webpage. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Accounts that are configured to have fewer system user rights are less impacted than customers who have administrative user rights.	Serious Remote Code Execution	Reboot required	Microsoft Windows, Microsoft Edge
ms16-025	Security update for Windows library load to repair Remote code execution Vulnerability (3140709) This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows does not validate input correctly before loading certain libraries. However, an attacker must first gain access to the local system to execute a malicious application.	Important Remote Code Execution	Reboot required	Microsoft Windows
ms16-026	Security update for graphical fonts for repairing remote Code Execution vulnerabilities (3143148) This security update fixes multiple vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to access a Web site that contains specially crafted embedded OpenType fonts.	Serious Remote Code Execution	Reboot required	Microsoft Windows
ms16-027	Windows Media security Update for repairing a remote Code execution Vulnerability (3143146) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens specially crafted media content hosted on the site.	Serious Remote Code Execution	May require a restart	Microsoft Windows
ms16-028	Security update for Microsoft Windows PDF Library to repair Remote Code execution Vulnerability (3143081) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted. pdf file.	Serious Remote Code Execution	May require a restart	Microsoft Windows
ms16-029	Microsoft Office security Update for repairing a remote Code execution Vulnerability (3141806) This security update fixes multiple vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. Accounts that are configured to have fewer system user rights are less impacted than customers who have administrative user rights.	Important Remote Code Execution	May require a restart	Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software
ms16-030	Windows OLE security Update for repairing a remote Code execution Vulnerability (3143136) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution when Windows OLE fails to properly validate user input. Attackers can exploit these vulnerabilities to execute malicious code. However, an attacker must first convince a user to open a specially crafted file or program in a Web page or e-mail message.	Important Remote Code Execution	Reboot required	Microsoft Windows
ms16-031	Microsoft Windows Security Update (3140410) to fix elevation of privilege vulnerability This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker could log on to the target system and run a specially crafted application.	Important Privilege elevation	Reboot required	Microsoft Windows
ms16-032	Security update for secondary logons to fix elevation of Privilege Vulnerability (3143141) This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon service fails to properly manage request handles in memory.	Important Privilege elevation	Reboot required	Microsoft Windows
ms16-033	Security update for Windows USB mass storage class driver to fix elevation of Privilege Vulnerability (3143142) This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access would insert a specially crafted USB device into the system.	Important Privilege elevation	May require a restart	Microsoft Windows
ms16-034	Security update for Windows kernel-mode drivers to fix elevation of Privilege Vulnerability (3143145) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.	Important Privilege elevation	Reboot required	Microsoft Windows
ms16-035	Security update for the. NET Framework to fix security feature Bypass Vulnerability (3141780) This security update fixes a vulnerability in the Microsoft. NET Framework. If the. NET Framework component does not correctly validate certain elements in the signed XML document, a security feature bypass vulnerability exists in the component.	Important Bypassing security features	May require a restart	Microsoft Windows, Microsoft. NET Framework

For more information, refer to the March 2016 security bulletin Summary:

Https://technet.microsoft.com/zh-cn/library/security/ms16-mar

20160309, Microsoft March 8 released 13 security patches