Patch Tuesday: Microsoft Security Bulletin Summary for December 2016

  • Post author:
  • Reading time:5 mins read

Microsoft December 2016 Patch Tuesday brings 12 Security bulletins addressing 62 Vulnerabilities. Six bulletins are rated as Critical and remaining six are rated as Important.

This month high priority fixes are for Internet Explorer, Microsoft Edge, Microsoft Office, Adobe Flash Player which addresses 50 vulnerabilities out of 62 vulnerabilities.

The Six Critical bulletins are as follows:

  • MS16-144 for Internet Explorer covers 8 CVE’s
  • MS16-145 for Microsoft’s Edge covers 11 CVE’s
  • MS16-146 for Microsoft Windows covers 3 CVE’s
  • MS16-147 for Microsoft Uniscribe covers 1 CVE
  • MS16-148 for Microsoft Office covers 16 CVE’s
  • MS16-154 for Adobe Flash Player covers 15 CVE’s

Critical vulnerabilities allow remote attackers to perform Remote Code Execution. The other bulletins which are marked as important allow Remote code execution and Elevation of Privilege.

One Zero day vulnerability is addressed in () addresses a zero-day flaw in Adobe Flash Player  which allows attackers lead to arbitrary code execution. It is an use-after-free vulnerability, which has been used in limited targeted attacks against users running the 32-bit version of IE on Windows.

Microsoft security bulletin summary for December 2016 in the order of severity:

MS16-144: Vulnerabilities in Internet Explorer (3204059)
Severity Rating: Critical
Affected Software: Internet Explorer
Impact: Remote Code Execution

MS16-145: Vulnerabilities in Microsoft Edge (3204062)
Severity Rating: Critical
Affected Software: Microsoft Edge
Impact: Remote Code Execution

MS16-146: Vulnerabilities in Microsoft Windows (3204066)
Severity Rating: Critical
Affected Software: Microsoft Windows
Impact: Remote Code Execution

MS16-147: Vulnerability in Microsoft Uniscribe (3204063)
Severity Rating: Critical
Affected Software: Microsoft Uniscribe
Impact: Remote Code Execution

MS16-148: Vulnerabilities in Microsoft Office (3204068)
Severity Rating: Critical
Affected Software: Microsoft Office
Impact: Remote Code Execution

MS16-154: Vulnerabilities in Adobe Flash Player (3209498)
Severity Rating: Critical
Affected Software: Adobe Flash Player
Impact: Remote Code Execution

MS16-149: Vulnerabilities in Microsoft Windows (3205655)
Severity Rating: Important
Affected Software: Microsoft Windows
Impact: Elevation of Privilege

MS16-150: Vulnerability in Windows Secure Kernel Mode (3205642)
Severity Rating: Important
Affected Software: Windows Secure Kernel Mode
Impact: Elevation of Privilege

MS16-151: Vulnerabilities in Windows Kernel-Mode Drivers (3205651)
Severity Rating: Important
Affected Software: Windows Kernel-Mode Drivers
Impact: Elevation of Privilege

MS16-152: Vulnerability in Microsoft Windows Kernel (3199709)
Severity Rating: Important
Affected Software: Microsoft Windows Kernel
Impact: Elevation of Privilege

MS16-153: Vulnerability in Common Log File System Driver (3207328)
Severity Rating: Important
Affected Software: Windows Common Log File System (CLFS) driver
Impact: Elevation of Privilege

MS16-155: Vulnerability in .NET Framework (3205640)
Severity Rating: Important
Affected Software: .NET Framework
Impact: Information Disclosure

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.