The following table provides an exploitability assessment of each of the vulnerabilities addressed this month.

The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.Use this table to learn about the likelihood of code execution and denial of service exploits within 30 days of security bulletin release, for each of the security updates that you may need to install. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month’s updates.

For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.In the columns below, “Latest Software Release” refers to the subject software, and “Older Software Releases” refers to all older, supported releases of the subject software, as listed in the “Affected Software” and “Non-Affected Software” tables in the bulletin.
CVE ID                    

Vulnerability Title

Exploitability Assessment forLatest Software Release

Exploitability Assessment forOlder Software Release

Denial of ServiceExploitability Assessment

MS16-084: Cumulative Security Update for Internet Explorer (3169991)

CVE-2016-3204

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3240

Internet Explorer Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3241

Internet Explorer Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3242

Internet Explorer Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3243

Internet Explorer Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3245

Internet Explorer Security Feature Bypass Vulnerability

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not applicable

CVE-2016-3248

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3259

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3260

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3261

Internet Explorer Information Disclosure Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3264

Microsoft Browser Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3273

Microsoft Browser Information Disclosure Vulnerability

3- Exploitation Unlikely

3- Exploitation Unlikely

Not applicable

CVE-2016-3274

Microsoft Browser Spoofing Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

CVE-2016-3276

Microsoft Browser Spoofing Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3277

Microsoft Browser Information Disclosure Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

MS16-085: Cumulative Security Update for Microsoft Edge (3169999)

CVE-2016-3244

Microsoft Edge Security Feature Bypass

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3246

Microsoft Edge Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3248

Scripting Engine Memory Corruption Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3259

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3260

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3264

Microsoft Browser Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3265

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3269

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

CVE-2016-3271

Scripting Engine Information Disclosure Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3273

Microsoft Browser Information Disclosure Vulnerability

3 – Exploitation Unlikely

4 – Not affected

Not applicable

CVE-2016-3274

Microsoft Browser Spoofing Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3276

Microsoft Browser Spoofing Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

CVE-2016-3277

Microsoft Browser Information Disclosure Vulnerability

1 – Exploitation More Likely

4 – Not affected

Not applicable

MS16-086: Cumulative Security Update for JScript and VBScript (3169996)

CVE-2016-3204

Scripting Engine Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

MS16-087: Security Update for Microsoft Print Spooler (3170005)

CVE-2016-3238

Windows Print Spooler Remote Code Execution Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

CVE-2016-3239

Windows Print Spooler Elevation of Privilege Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

MS16-088: Security Update for Microsoft Office (3170008)

CVE-2016-3278

Microsoft Office Memory Corruption Vulnerability

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not applicable

CVE-2016-3279

Microsoft Office Security Feature Bypass Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

CVE-2016-3280

Microsoft Office Memory Corruption Vulnerability

4 – Not affected

2 – Exploitation Less Likely

Not applicable

CVE-2016-3281

Microsoft Office Memory Corruption Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3282

Microsoft Office Memory Corruption Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

CVE-2016-3283

Microsoft Office Memory Corruption Vulnerability

4 – Not affected

1 – Exploitation More Likely

Not applicable

CVE-2016-3284

Microsoft Office Memory Corruption Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

MS16-089: Security Update for Windows Secure Kernel Mode (3170050)

CVE-2016-3256

Windows Secure Kernel Information Disclosure Vulnerability

2 – Exploitation Less Likely

4 – Not affected

Not applicable

MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481)

CVE-2016-3249

Win32k Elevation of Privilege Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Permanent

CVE-2016-3250

Win32k Elevation of Privilege Vulnerability

3 – Exploitation Unlikely

1 – Exploitation More Likely

Permanent

CVE-2016-3251

Win32k Information Disclosure Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

CVE-2016-3252

Win32k Elevation of Privilege Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3254

Win32k Elevation of Privilege Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

CVE-2016-3286

Win32k Elevation of Privilege Vulnerability

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

MS16-091: Security Update for .NET Framework (3170048)

CVE-2016-3255

.NET Information Disclosure Vulnerability

3 – Exploitation Unlikely

2 – Exploitation Less Likely

Not applicable

MS16-092: Security Update for Windows Kernel (3171910)

CVE-2016-3258

Windows File System Security Feature Bypass

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

CVE-2016-3272

Windows Kernel Information Disclosure Vulnerability

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not applicable

MS16-093: Security Update for Adobe Flash Player (3174060)

APSB16-25

See Adobe Security Bulletin APSB16-25 for vulnerability severity and update priority ratings.

Not applicable

Not applicable

Not applicable

MS16-094: Security Update for Secure Boot (3177404)

CVE-2016-3287

Secure Boot Security Feature Bypass

1 – Exploitation More Likely

1 – Exploitation More Likely

Not applicable

Leave a Reply