Acknowledgments – 2016
- 38 minutes to read
-
Contributors
Microsoft extends thanks to the following for working with us to help protect customers.
| **Bulletin ID** | **Vulnerability Title** | **CVE ID** | **Acknowledgment** |
| **December 2016** | |||
| [MS16-153](https://go.microsoft.com/fwlink/?linkid=835768) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-7295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7295) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259) | Behzad Najjarpour Jabbari, Secunia Research at Flexera Software |
| [MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259) | Sébastien Renaud of [Quarkslab](http://www.quarkslab.com/) |
| [MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259) | Richard Le Dé of [Quarkslab](http://www.quarkslab.com/) |
| [MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7260) | [Jfpan](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/) |
| [MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7260) | [Fanxiaocao](https://twitter.com/tinysecex) of IceSword Lab, [Qihoo 360](http://www.360.cn/) |
| [MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) | Windows Crypto Driver Information Disclosure Vulnerability | [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) | Taesoo Kim of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) | Windows Crypto Driver Information Disclosure Vulnerability | [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) | Su Yong Kim of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) | Windows Crypto Driver Information Disclosure Vulnerability | [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) | Sangho Lee of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) | Windows Crypto Driver Information Disclosure Vulnerability | [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) | Byoungyoung Lee of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) | Windows Installer Elevation of Privilege Vulnerability | [CVE-2016-7292](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7292) | Thomas Vanhoutte ([@SandboxEscaper](https://twitter.com/sandboxescaper)) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Windows GDI Information Disclosure Vulnerability | [CVE-2016-7257](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7257) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Security Feature Bypass Vulnerability | [CVE-2016-7262](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7262) | Iliyan Velikov of PwC UK |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7263](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7263) | JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7264) | [@j00sean](https://twitter.com/j00sean) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7265](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7265) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Security Feature Bypass Vulnerability | [CVE-2016-7266](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7266) | [Robert Riskin](mailto:rriskin@protonmail.com) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Security Feature Bypass Vulnerability | [CVE-2016-7267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7267) | Haifei Li of [Intel Security](http://www.intelsecurity.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7268](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7268) | [@j00sean](https://twitter.com/j00sean) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office OLE DLL Side Loading Vulnerability | [CVE-2016-7275](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7275) | [Weibo Wang](https://twitter.com/ma1fan) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7276](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7276) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7277) | Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7289) | Peixue Li of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7290](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7290) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7291) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Defense-in-depth | ------------------- | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) | Defense-in-depth | ------------------- | [@j00sean](https://twitter.com/j00sean) |
| [MS16-147](https://go.microsoft.com/fwlink/?linkid=834947) | Windows Uniscribe Remote Code Execution Vulnerability | [CVE-2016-7274](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7274) | Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/) |
| [MS16-146](https://go.microsoft.com/fwlink/?linkid=834444) | Windows GDI Information Disclosure Vulnerability | [CVE-2016-7257](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7257) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-146](https://go.microsoft.com/fwlink/?linkid=834444) | Windows Graphics Remote Code Execution Vulnerability | [CVE-2016-7272](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7272) | Giwan Go of STEALIEN, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-146](https://go.microsoft.com/fwlink/?linkid=834444) | Defense-in-depth | ------------------- | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7181](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7181) | Veit Hailperin ([@fenceposterror](https://twitter.com/fenceposterror)) of [scip AG](https://www.scip.ch/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7279) | The UK's National Cyber Security Centre (NCSC) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-7280](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7280) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7286](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7286) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7287](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7287) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7288](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7288) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7296](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7296) | Linan Hao of [Qihoo 360](http://www.360.cn/) Vulcan Team working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7297) | Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/) |
| [MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7297) | Anonymous working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) | Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) | Scott Bell of Security-Assessment.com |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Windows Hyperlink Object Library Information Disclosure Vulnerability | [CVE-2016-7278](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7278) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7279) | The UK's National Cyber Security Centre (NCSC) |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7283](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7283) | Scott Bell of Security-Assessment.com |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-7284](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7284) | Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7287](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7287) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7293) | [Tigonlab](http://www.tigonlab.org/) |
| **November 2016** | |||
| [MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7196) | [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7198) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-7227](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7227) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-7239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7239) | Masato Kinugawa via Google VRP |
| [MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) | Microsoft Browser Remote Code Execution Vulnerability | [CVE-2016-7241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7241) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) | Defense-in-depth | ------------------- | John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/) |
| [MS16-139](https://go.microsoft.com/fwlink/?linkid=830965) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-7216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7216) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-139](https://go.microsoft.com/fwlink/?linkid=830965) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-7216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7216) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) | VHDFS Driver Elevation of Privilege Vulnerability | [CVE-2016-7223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7223) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) | VHDFS Driver Elevation of Privilege Vulnerability | [CVE-2016-7224](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7224) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) | VHDFS Driver Elevation of Privilege Vulnerability | [CVE-2016-7225](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7225) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) | VHDFS Driver Elevation of Privilege Vulnerability | [CVE-2016-7226](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7226) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-137](https://go.microsoft.com/fwlink/?linkid=833192) | Local Security Authority Subsystem Service Denial of Service Vulnerability | [CVE-2016-7237](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7237) | Laurent Gaffie |
| [MS16-136](https://go.microsoft.com/fwlink/?linkid=830963) | SQL RDBMS Engine Elevation of Privilege Vulnerability | [CVE-2016-7250](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7250) | Scott Sutherland of [netSPI](http://www.netspi.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Information Disclosure Vulnerability | [CVE-2016-7214](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7214) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7215) | bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Bowser.sys Information Disclosure Vulnerabilty | [CVE-2016-7218](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7218) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege | [CVE-2016-7246](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7246) | Anonymous working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) | Neel Mehta of [Google’s](http://www.google.com/) Threat Analysis Group |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) | Billy Leonard of [Google’s](http://www.google.com/) Threat Analysis Group |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) | Feike Hacquebord, of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) | Peter Pi of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) | Brooks Li of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows CLFS Elevation of Privilege | [CVE-2016-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0026) | [Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3332](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3332) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3333](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3333) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3334](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3334) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3334](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3334) | [Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3335](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3335) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3338](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3338) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3340](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3340) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3342](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3342) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | [CVE-2016-3343](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3343) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) | Windows CLFS Elevation of Privilege | [CVE-2016-7184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7184) | [Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7213) | JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7228](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7228) | JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7229](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7229) | JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7230](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7230) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7231) | JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7232](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7232) | Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7232](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7232) | Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7233) | Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-7233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7233) | Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7234) | Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7234) | Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7235) | Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7235) | Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7236](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7236) | Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Denial of Service Vulnerability | [CVE-2016-7244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7244) | Dmitri Kaslov, Independent Security Researcher |
| [MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7245](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7245) | Haifei Li of [Intel Security](http://www.intelsecurity.com/) |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Windows Animation Manager Memory Corruption Vulnerability | [CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205) | Scott Bell of Security-Assessment.com |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Windows Animation Manager Memory Corruption Vulnerability | [CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205) | [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Windows Animation Manager Memory Corruption Vulnerability | [CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205) | SkyLined working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Open Type Font Information Disclosure Vulnerability | [CVE-2016-7210](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7210) | Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/) |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Media Foundation Memory Corruption Vulnerability | [CVE-2016-7217](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7217) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Open Type Font Elevation of Privilege Vulnerability | [CVE-2016-7256](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7256) | Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA) |
| [MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) | Defense-in-Depth | ------------------- | Bing Sun of Intel Security Group |
| [MS16-130](https://go.microsoft.com/fwlink/?linkid=833191) | Windows Remote Code Execution Vulnerability | [CVE-2016-7212](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7212) | Aral Yaman of [Noser Engineering AG](http://www.noser.com/) |
| [MS16-130](https://go.microsoft.com/fwlink/?linkid=833191) | Windows IME Elevation of Privilege Vulnerability | [CVE-2016-7221](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7221) | Takashi Yoshikawa of [Mitsui Bussan Secure Directions, Inc.](https://www.mbsd.jp/) |
| [MS16-130](https://go.microsoft.com/fwlink/?linkid=833191) | Task Scheduler Elevation of Privilege Vulnerability | [CVE-2016-7222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7222) | [Shanti Lindström](https://linkedin.com/in/shanti-lindström-399112a8) Individual |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7195](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7195) | [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7196) | [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-7198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7198) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7200) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7200) | [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7201) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) | bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) | Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) | Scott Bell of Security-Assessment.com |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7203) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2016-7204](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7204) | Abdulrahman Alqabandi ([@qab](https://twitter.com/qab)) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7208](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7208) | Microsoft ChakraCore Team |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-7227](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7227) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-7239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7239) | Masato Kinugawa via Google VRP |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7240](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7240) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Microsoft Browser Remote Code Execution Vulnerability | [CVE-2016-7241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7241) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7242](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7242) | [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/) |
| [MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7243](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7243) | Nicolas Joly of MSRCE UK |
| **October 2016** | |||
| [MS16-126](http://go.microsoft.com/fwlink/?linkid=829052) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-3298](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3298) | Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/) |
| [MS16-125](http://go.microsoft.com/fwlink/?linkid=827822) | Windows Diagnostics Hub Elevation of Privilege | [CVE-2016-7188](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7188) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) | Windows Kernel Local Elevation of Privilege | [CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070) | Fortinet’s [FortiGuard Labs](http://fortiguard.com/) |
| [MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) | Windows Kernel Local Elevation of Privilege | [CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) | Windows Kernel Local Elevation of Privilege | [CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) | Windows Kernel Local Elevation of Privilege | [CVE-2016-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0073) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) | Windows Kernel Local Elevation of Privilege | [CVE-2016-0075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0075) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) | Windows Kernel Local Elevation of Privilege | [CVE-2016-0079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0079) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3266](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3266) | [pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) | Windows Transaction Manager Elevation of Privilege Vulnerability | [CVE-2016-3341](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3341) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
| [MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) | Windows Kernel Elevation of Privilege vulnerability | [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) | Windows Kernel Elevation of Privilege vulnerability | [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) | Windows Kernel Driver Local Elevation of Privilege | [CVE-2016-7185](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7185) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-7211](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7211) | [fanxiaocao](https://twitter.com/tinysecex) (@TinySec), and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/) |
| [MS16-121](http://go.microsoft.com/fwlink/?linkid=828158) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-7193](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7193) | Austrian MilCERT |
| [MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) | True Type Font Parsing Information Disclosure Vulnerability | [CVE-2016-3209](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3209) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) | GDI+ Information Disclosure Vulnerability | [CVE-2016-3262](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3262) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) | GDI+ Information Disclosure Vulnerability | [CVE-2016-3263](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3263) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3270](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3270) | [pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of Qihoo 360 Vulcan Team |
| [MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) | Windows Graphics Component RCE Vulnerability | [CVE-2016-3393](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3393) | Anton Ivanov of [Kaspersky Lab](http://www.kaspersky.com/) |
| [MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) | True Type Font Parsing Elevation of Privilege Vulnerability | [CVE-2016-7182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7182) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3267) | Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3331](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3331) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3382) | Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3386](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3386) | Richard Zhu (fluorescence), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3386](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3386) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2016-3387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3387) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2016-3388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3388) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3389](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3389) | Microsoft ChakraCore Team |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3390](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3390) | Microsoft ChakraCore Team |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | Stefaan Truijen, working with [NVISO](https://www.nviso.be/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | Adrian Toma, working with [NVISO](https://www.nviso.be/) (internship) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | Daan Raman, working with [NVISO](https://www.nviso.be/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | [Arne Swinnen](https://www.arneswinnen.net/) working with [NVISO](https://nviso.be/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Microsoft Browser Security Feature Bypass | [CVE-2016-3392](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3392) | [Xiaoyin Liu](https://twitter.com/general_nfs) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Information Disclosure Vulnerability | [CVE-2016-7189](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7189) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7190](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7190) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-7194](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7194) | Natalie Silvanovich of [Google Project Zero](http://www.google.com/) |
| [MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) | ------------------- | ------------------- | Andrew Wesie (awesie) from [Theori](http://theori.io/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3267) | Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-3298](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3298) | Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3331](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3331) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3382) | Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3383) | 0011, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3384](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3384) | 62600BCA031B9EB5CB4A74ADDDD6771E, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3385) | [Jaehun Jeong](https://twitter.com/n3sk) (n3sk), of WINS, WSEC Analysis Team, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2016-3387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3387) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2016-3388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3388) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | Stefaan Truijen, working with [NVISO](https://www.nviso.be/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | Adrian Toma, working with [NVISO](https://www.nviso.be/) (internship) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | Daan Raman, working with [NVISO](https://www.nviso.be/) |
| [MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) | [Arne Swinnen](https://www.arneswinnen.net/) working with [NVISO](https://nviso.be/) |
| ------------------- | Defense-in-depth | ------------------- | James Forshaw of [Google Project Zero](http://www.google.com/) |
| **September 2016** | |||
| [MS16-116](http://go.microsoft.com/fwlink/?linkid=825725) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) | An anonymous researcher, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-116](http://go.microsoft.com/fwlink/?linkid=825725) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) | Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS16-115](http://go.microsoft.com/fwlink/?linkid=825727) | PDF Library Information Disclosure Vulnerability | [CVE-2016-3370](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3370) | Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-115](http://go.microsoft.com/fwlink/?linkid=825727) | PDF Library Information Disclosure Vulnerability | [CVE-2016-3374](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) | Roberto Suggi Liverani (@malerisch) of [malerisch.net](http://blog.malerisch.net/) |
| [MS16-115](http://go.microsoft.com/fwlink/?linkid=825727) | PDF Library Information Disclosure Vulnerability | [CVE-2016-3374](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-114](http://go.microsoft.com/fwlink/?linkid=824826) | Windows SMB Authenticated Remote Code Execution Vulnerability | [CVE-2016-3345](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) | Alexander Ovchinnikov of [Tuxera Inc](https://www.tuxera.com/) |
| [MS16-114](http://go.microsoft.com/fwlink/?linkid=824826) | Windows SMB Authenticated Remote Code Execution Vulnerability | [CVE-2016-3345](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) | Oleg Kravtsov of [Tuxera Inc](https://www.tuxera.com/) |
| [MS16-112](http://go.microsoft.com/fwlink/?linkid=821605) | Windows Lock Screen Elevation of Privilege Vulnerability | [CVE-2016-3302](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3302) | Auri A. Rahimzadeh of [Auri’s Ideas](http://auri.net/) |
| [MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) | Windows Session Object Elevation of Privilege Vulnerability | [CVE-2016-3305](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3305) | [The Citrix Product Security Team](https://www.citrix.com/) |
| [MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) | Windows Session Object Elevation of Privilege Vulnerability | [CVE-2016-3306](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3306) | [The Citrix Product Security Team](https://www.citrix.com/) |
| [MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-3371](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3371) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-3372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3372) | Marcin Wiazowski, individual |
| [MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-3373](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3373) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-110](http://go.microsoft.com/fwlink/?linkid=821596) | Windows Denial of Service Vulnerability | [CVE-2016-3369](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3369) | Piotr Bania of [Cisco Talos](http://talosintel.com/vulnerability-reports/) |
| [MS16-110](http://go.microsoft.com/fwlink/?linkid=821596) | Windows Remote Code Execution Vulnerability | [CVE-2016-3368](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3368) | Jonathan Brown of [VMware, Inc](http://www.vmware.com/) |
| [MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) | Defense-in-depth | ------------------- | John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/) |
| [MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) | Microsoft Exchange Information Disclosure Vulnerability | [CVE-2016-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0138) | [Bassel Rachid](mailto:bassel.rachid@dh.com) of DH Corporation |
| [MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) | Microsoft Exchange Information Disclosure Vulnerability | [CVE-2016-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0138) | [Lucie Brochu](mailto:lucie.brochu@dh.com) of DH Corporation |
| [MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) | Microsoft Exchange Open Redirect Vulnerability | [CVE-2016-3378](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3378) | John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/) |
| [MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) | Microsoft Exchange Elevation of Privilege Vulnerability | [CVE-2016-3379](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3379) | Adrian Ivascu |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft APP-V ASLR Bypass | [CVE-2016-0137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0137) | Udi Yavo of [enSilo](http://ensilo.com/) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3357](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3357) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3358](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3358) | Steven Seeley of Source Incite, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3359](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3359) | Steven Seeley of Source Incite, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3361](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3361) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3362](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3362) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3363) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3364](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3364) | Eduardo Braun Prado |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3365](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3365) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) | Microsoft Office Spoofing Vulnerability | [CVE-2016-3366](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3366) | Incident Response Team of [Certego](http://www.certego.net/) |
| [MS16-106](http://go.microsoft.com/fwlink/?linkid=824814) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3348](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3348) | RanchoIce of the [Baidu Security Lab](http://xlab.baidu.com/) |
| [MS16-106](http://go.microsoft.com/fwlink/?linkid=824814) | GDI Information Disclosure Vulnerability | [CVE-2016-3354](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3354) | WanderingGlitch of [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-106](http://go.microsoft.com/fwlink/?linkid=824814) | GDI Information Disclosure Vulnerability | [CVE-2016-3355](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3355) | Liang Yin of Tencent PC Manager via GeekPwn |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Defense-in-depth | ------------------- | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Defense-in-depth | ------------------- | [Jun Kokatsu](https://twitter.com/shhnjk) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3247](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3247) | SkyLined, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3291) | Nathaniel Theis ([XMPPwocky](http://xmppwocky.net/)) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-3294](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3294) | Shi Ji (@Puzzor) of VARAS@IIE, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3295) | Garage4Hackers, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3297) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3325](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3325) | SkyLined |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-3330](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3330) | F4B3CD of STARLAB |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-3350](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3350) | Microsoft ChakraCore Team |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3351](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3351) | [Kafeine](https://twitter.com/kafeine), Brooks Li of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3377](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3377) | Richard Zhu (fluorescence), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Defense-in-depth | ------------------- | [Jun Kokatsu](https://twitter.com/shhnjk) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3247](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3247) | SkyLined, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3291) | Nathaniel Theis ([XMPPwocky](http://xmppwocky.net/)) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2016-3292](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3292) | Thomas Vanhoutte, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3295) | Garage4Hackers, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3297) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3324](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3324) | SkyLined |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3325](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3325) | SkyLined |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3351](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3351) | [Kafeine](https://twitter.com/kafeine), Brooks Li of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Internet Explorer Security Feature Bypass | [CVE-2016-3353](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3353) | Eduardo Braun Prado, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) | Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) | An anonymous researcher, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) | Simon Zuckerbraun working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) | Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| ------------------- | Defense-in-depth | ------------------- | Fortinet’s FortiGuard Labs |
| ------------------- | Defense-in-depth | ------------------- | Steven Seeley of Source Incite working with iDefense |
| ------------------- | Defense-in-depth | ------------------- | Reno Robert |
| **August 2016** | |||
| [MS16-102](http://go.microsoft.com/fwlink/?linkid=823207) | Microsoft PDF Remote Code Execution Vulnerability | [CVE-2016-3319](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3319) | Aleksandar Nikolic of [Cisco Talos](http://talosintel.com/vulnerability-reports/) |
| [MS16-101](http://go.microsoft.com/fwlink/?linkid=821576) | Kerberos Elevation of Privilege Vulnerability | [CVE-2016-3237](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3237) | [Nabeel Ahmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/) |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3313](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3313) | Jaanus Kaap |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3313](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3313) | Sébastien Morin of [COSIG](https://smsecurity.net/) |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Microsoft OneNote Information Disclosure Vulnerability | [CVE-2016-3315](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3315) | dannywei of [Tencent’s Xuanwu Lab](http://www.tencent.com/) |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3316](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3316) | Francis Provencher of [COSIG](https://smsecurity.net/) |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3317](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3317) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Graphics Component Memory Corruption Vulnerability | [CVE-2016-3318](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3318) | Arun Kumar Sharma, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) | Defense-in-depth | ----------------- | Jerry Decime of Hewlett Packard Enterprise |
| [MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3308](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3308) | Peter (Keen) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3308](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3308) | ZeguangZhao (team509), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3309](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3309) | bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3310](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3310) | Wayne Low of Fortinet’s Fortiguard Labs |
| [MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3311](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3311) | [pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of Qihoo 360 Vulcan Team |
| [MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) | Defense-in-depth | ----------------- | Martin Lenord |
| [MS16-097](http://go.microsoft.com/fwlink/?linkid=821146) | Windows Graphics Component RCE Vulnerability | [CVE-2016-3301](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3301) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-097](http://go.microsoft.com/fwlink/?linkid=821146) | Windows Graphics Component RCE Vulnerability | [CVE-2016-3303](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3303) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-097](http://go.microsoft.com/fwlink/?linkid=821146) | Windows Graphics Component RCE Vulnerability | [CVE-2016-3304](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3304) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3289) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3293) | Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3296](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3296) | Microsoft ChakraCore Team |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft PDF Remote Code Execution Vulnerability | [CVE-2016-3319](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3319) | Aleksandar Nikolic of [Cisco Talos](http://talosintel.com/vulnerability-reports/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3322](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3322) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3326](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3326) | Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3327](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3327) | Soroush Dalili of [NCC Group](https://www.nccgroup.trust/) |
| [MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) | Microsoft Browser Information Disclosure | [CVE-2016-3329](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3329) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3288](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3288) | Ivan Fratric and Martin Barbella, working with [Google Project Zero](http://www.google.com/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3289) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3290](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3290) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3293) | Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-3321](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3321) | Yorick Koster of [Securify B.V.](https://securify.nl/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3322](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3322) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3326](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3326) | Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3327](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3327) | Soroush Dalili of [NCC Group](https://www.nccgroup.trust/) |
| [MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) | Microsoft Browser Information Disclosure | [CVE-2016-3329](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3329) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| **July 2016** | |||
| [MS16-092](http://go.microsoft.com/fwlink/?linkid=808706) | Windows File System Security Feature Bypass Vulnerability | [CVE-2016-3258](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3258) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-092](http://go.microsoft.com/fwlink/?linkid=808706) | Windows Kernel Information Disclosure Vulnerability | [CVE-2016-3272](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3272) | Herbert Bos of Vrije Universiteit Amsterdam |
| [MS16-091](http://go.microsoft.com/fwlink/?linkid=808156) | .NET Information Disclosure Vulnerability | [CVE-2016-3255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3255) | Michael Weber, Henrique Arcoverde [NCC Group](https://www.nccgroup.trust/us/) |
| [MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3249](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3249) | bee13oy of CloverSec Labs |
| [MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3250](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3250) | [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) | GDI Component Information Disclosure Vulnerability | [CVE-2016-3251](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3251) | [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3252](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3252) | [fanxiaocao](https://twitter.com/tinysecex) (@TinySec), and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/) |
| [MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3254](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3254) | [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) | Microsoft win32k Elevation of Privilege Vulnerability | [CVE-2016-3286](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3286) | [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3278](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3278) | Xiaoning Li of [Intel Labs](http://www.intel.com/content/www/us/en/research/intel-research.html) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Security Feature Bypass Vulnerability | [CVE-2016-3279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3279) | Haifei Li of [Intel Security](http://www.intelsecurity.com/) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3280](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3280) | Lucas Leong of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3281](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3281) | Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3282](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3282) | Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3283](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3283) | Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/) |
| [MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3284](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3284) | [Alexey Belyakov](https://alwerewolf.blogspot.com/), Individual |
| [MS16-087](http://go.microsoft.com/fwlink/?linkid=808150) | Microsoft Print Spooler Remote Code Execution Vulnerability | [CVE-2016-3238](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3238) | [Nicolas Beauchesne](http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack) of Vectra Networks |
| [MS16-087](http://go.microsoft.com/fwlink/?linkid=808150) | Windows Print Spooler Elevation of Privilege | [CVE-2016-3239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3239) | [Shanti Lindström](https://linkedin.com/in/shanti-lindström-399112a8), Individual |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Edge Security Feature Bypass | [CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244) | Zheng Huang of the [Baidu Security Lab](http://xlab.baidu.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Edge Security Feature Bypass | [CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244) | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Edge Security Feature Bypass | [CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244) | Kai Song ([exp](http://exp-sky.org/)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-3246](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3246) | cc working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3248](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3248) | Microsoft ChakraCore Team |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3259) | [Jaehun Jeong](https://twitter.com/n3sk) (n3sk), Individual |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3264) | [exp-sky](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://xlab.tencent.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3265](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3265) | Jordan Rabet, Microsoft Offensive Security Research Team |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3269](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3269) | Jordan Rabet, Microsoft Offensive Security Research Team |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3271](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3271) | WanderingGlitch, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3273](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3273) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Browser Spoofing Vulnerability | [CVE-2016-3274](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3274) | Ferenc Lutischán of [Magyar Telekom Nyrt](http://www.telekom.hu/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Edge Spoofing Vulnerability | [CVE-2016-3276](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3276) | Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/) |
| [MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3277) | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3240](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3240) | Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3241) | 62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3242](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3242) | 62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3243](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3243) | Zheng Huang of the [Baidu Security Lab](http://xlab.baidu.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Internet Explorer Security Feature Bypass | [CVE-2016-3245](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3245) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3259) | [Jaehun Jeong](https://twitter.com/n3sk) (n3sk), Individual |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3260) | Jordan Rabet of Microsoft Offensive Security Research Team |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-3261](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3261) | Li Kemeng, [Baidu Security Lab](http://xlab.baidu.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-3264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3264) | [exp-sky](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://xlab.tencent.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3273](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3273) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2016-3277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3277) | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
| ------------------- | Defense-in-depth | ------------------- | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| **June 2016** | |||
| [MS16-081](http://go.microsoft.com/fwlink/?linkid=798515) | Active Directory Denial of Service Vulnerability | [CVE-2016-3226](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3226) | Ondrej Sevecek of [GOPAS](https://www.sevecek.com/englishpages/lists/posts/post.aspx?id=81) |
| [MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) | Windows PDF Information Disclosure Vulnerability | [CVE-2016-3201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3201) | Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/) |
| [MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) | Windows PDF Remote Code Execution Vulnerability | [CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203) | Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) | Windows PDF Remote Code Execution Vulnerability | [CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203) | kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) | Windows PDF Information Disclosure Vulnerability | [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) | Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) | Windows PDF Information Disclosure Vulnerability | [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) | kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-079](http://go.microsoft.com/fwlink/?linkid=787067) | Microsoft Exchange Information Disclosure Vulnerability | [CVE-2016-0028](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0028) | Louis-Paul Dareau of [ProcessOut](https://www.processout.com/) |
| [MS16-078](http://go.microsoft.com/fwlink/?linkid=799136) | Windows Diagnostics Hub Elevation of Privilege | [CVE-2016-3231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3231) | lokihardt, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-078](http://go.microsoft.com/fwlink/?linkid=799136) | Windows Diagnostics Hub Elevation of Privilege | [CVE-2016-3231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3231) | [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-077](http://go.microsoft.com/fwlink/?linkid=798850) | WPAD Elevation of Privilege Vulnerability | [CVE-2016-3213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3213) | [Moritz Jodeit](https://twitter.com/moritzj) of [Blue Frost Security GmbH](https://www.bluefrostsecurity.de/) |
| [MS16-077](http://go.microsoft.com/fwlink/?linkid=798850) | WPAD Elevation of Privilege Vulnerability | [CVE-2016-3213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3213) | Yu Yang (@tombkeeper) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-074](http://go.microsoft.com/fwlink/?linkid=798504) | Windows Graphics Component Information Disclosure Vulnerability | [CVE-2016-3216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3216) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-074](http://go.microsoft.com/fwlink/?linkid=798504) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3219) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-074](http://go.microsoft.com/fwlink/?linkid=798504) | ATMFD.DLL Elevation of Privilege Vulnerability | [CVE-2016-3220](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3220) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-073](http://go.microsoft.com/fwlink/?linkid=798502) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3218](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3218) | [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-073](http://go.microsoft.com/fwlink/?linkid=798502) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-3221](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3221) | RanchoIce of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-072](http://go.microsoft.com/fwlink/?linkid=798378) | Group Policy Elevation of Privilege Vulnerability | [CVE-2016-3223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3223) | [NabeelAhmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/) |
| [MS16-072](http://go.microsoft.com/fwlink/?linkid=798378) | Group Policy Elevation of Privilege Vulnerability | [CVE-2016-3223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3223) | [Tom Gilis](https://twitter.com/tgilis) of [Dimension Data](http://www.dimensiondata.com/) |
| [MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0025) | YangKang of [360 QEX Team](http://www.360.cn/) |
| [MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-3233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3233) | David D. Rude II working with iDefense |
| [MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0025) | LiYaDong of [360 QEX Team](http://www.360.cn/) |
| [MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) | Microsoft Office Information Disclosure Vulnerability | [CVE-2016-3234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3234) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
| [MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) | Microsoft Office OLE DLL Side Loading Vulnerability | [CVE-2016-3235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3235) | Yorick Koster of [Securify B.V.](https://securify.nl/) |
| [MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) | Defense-in-depth | ----------------- | [Danny Wei Wei](https://twitter.com/danny_wei) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-069](http://go.microsoft.com/fwlink/?linkid=798411) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3205) | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-069](http://go.microsoft.com/fwlink/?linkid=798411) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3206](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3206) | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-069](http://go.microsoft.com/fwlink/?linkid=798411) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3207](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3207) | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Microsoft Edge Security Feature Bypass | [CVE-2016-3198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3198) | Mario Heiderich of [Cure53](https://cure53.de/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3199](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3199) | lokihardt working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Windows PDF Information Disclosure Vulnerability | [CVE-2016-3201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3201) | Jaanus Kääp of Clarified Security |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Windows PDF Remote Code Execution Vulnerability | [CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203) | kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3214](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3214) | Jordan Rabet of Microsoft Offensive Security Research Team |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Windows PDF Information Disclosure Vulnerability | [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) | Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Windows PDF Information Disclosure Vulnerability | [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) | kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-3222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3222) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-3222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3222) | Kai Song (exp-sky) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0199](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0199) | SkyLined working with iDefense |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0200) | 62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3205) | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3206](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3206) | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3207](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3207) | Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-3210](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3210) | [Moritz Jodeit](https://twitter.com/moritzj) of [Blue Frost Security](https://www.bluefrostsecurity.de/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-3211](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3211) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | Internet Explorer XSS Filter Vulnerability | [CVE-2016-3212](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3212) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) | WPAD Elevation of Privilege Vulnerability | [CVE-2016-3299](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3299) | Yu Yang (@tombkeeper) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/) |
| **May 2016** | |||
| [MS16-067](http://go.microsoft.com/fwlink/?linkid=786475) | Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability | [CVE-2016-0190](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0190) | Sandeep Kumar of [Citrix Systems Inc.](http://www.citrix.com/) |
| [MS16-066](http://go.microsoft.com/fwlink/?linkid=785792) | Hypervisor Code Integrity Security Feature Bypass | [CVE-2016-0181](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0181) | Rafal Wojtczuk of [Bromium](http://www.bromium.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0171](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0171) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0173) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0173) | [Qihoo 360 Vulcan Team](http://www.360.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0174](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0174) | Liang Yin of Tencent PC Manager working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Information Disclosure Vulnerability | [CVE-2016-0175](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0175) | Liang Yin of Tencent PC Manager working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | [CVE-2016-0176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0176) | Peter Hlavaty of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | [CVE-2016-0176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0176) | Daniel King of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0196) | Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0196) | [Qihoo 360 Vulcan Team](http://www.360.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) | Defense-in-depth | ----------------- | Fermin J. Serna |
| [MS16-061](http://go.microsoft.com/fwlink/?linkid=785871) | RPC Network Data Representation Engine Elevation of Privilege Vulnerability | [CVE-2016-0178](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0178) | Evgeny Kotkov of [VisualSVN](https://www.visualsvn.com/) |
| [MS16-061](http://go.microsoft.com/fwlink/?linkid=785871) | RPC Network Data Representation Engine Elevation of Privilege Vulnerability | [CVE-2016-0178](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0178) | Ivan Zhakov of [VisualSVN](https://www.visualsvn.com/) |
| [MS16-060](http://go.microsoft.com/fwlink/?linkid=785239) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-0180](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0180) | Loren Robinson of [CrowdStrike, Inc.](http://www.crowdstrike.com/) |
| [MS16-060](http://go.microsoft.com/fwlink/?linkid=785239) | Windows Kernel Elevation of Privilege Vulnerability | [CVE-2016-0180](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0180) | Alex Ionescu of [CrowdStrike, Inc.](http://www.crowdstrike.com/) |
| [MS16-059](http://go.microsoft.com/fwlink/?linkid=786468) | Windows Media Center Remote Code Execution Vulnerability | [CVE-2016-0185](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0185) | Eduardo Braun Prado, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-057](http://go.microsoft.com/fwlink/?linkid=786534) | Windows Shell Remote Code Execution Vulnerability | [CVE-2016-0179](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0179) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS16-056](http://go.microsoft.com/fwlink/?linkid=786477) | Journal Memory Corruption Vulnerability | [CVE-2016-0182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0182) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-056](http://go.microsoft.com/fwlink/?linkid=786477) | Journal Memory Corruption Vulnerability | [CVE-2016-0182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0182) | Bingchang Liu of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) | Windows Graphics Component Information Disclosure Vulnerability | [CVE-2016-0168](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0168) | Mateusz Jurczyk of Google Project Zero |
| [MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) | Windows Graphics Component Information Disclosure Vulnerability | [CVE-2016-0169](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0169) | Mateusz Jurczyk of Google Project Zero |
| [MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) | WIndows Graphics Component RCE vulnerability | [CVE-2016-0170](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0170) | Mateusz Jurczyk of Google Project Zero |
| [MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) | Direct3D Use After Free RCE Vulnerability | [CVE-2016-0184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0184) | Henry Li(zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0126) | An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team |
| [MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0126) | Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.com/) |
| [MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0140) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) | Office Graphics RCE Vulnerability | [CVE-2016-0183](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0183) | Lucas Leong of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-053](http://go.microsoft.com/fwlink/?linkid=786478) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0187](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0187) | Kai Kang |
| [MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0186](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0186) | Brian Pak (cai) from Theori, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0186](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0186) | Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0191](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0191) | Lokihart working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0192](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0192) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0193](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0193) | Zhen Feng, Wen Xu of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) | Defense-in-depth | ----------------- | [Bing Sun](https://www.linkedin.com/in/bing-sun-064a3372) Intel Security Group |
| [MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0187](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0187) | Kai Kang |
| [MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0192](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0192) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-0194](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0194) | Thomas Vanhoutte, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) | Defense-in-depth | ----------------- | Zhang Yunhai of [NSFOCUS](http://www.nsfocus.com/) |
| **April 2016** | |||
| [MS16-049](http://go.microsoft.com/fwlink/?linkid=746932) | HTTP.sys Denial of Service Vulnerability | [CVE-2016-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0150) | Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS16-049](http://go.microsoft.com/fwlink/?linkid=746932) | HTTP.sys Denial of Service Vulnerability | [CVE-2016-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0150) | Noam Mazor of [Imperva](http://www.imperva.com/) |
| [MS16-048](http://go.microsoft.com/fwlink/?linkid=746886) | Windows CSRSS Security Feature Bypass Vulnerability | [CVE-2016-0151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0151) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-047](http://go.microsoft.com/fwlink/?linkid=746885) | Windows RPC Downgrade Vulnerability | [CVE-2016-0128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0128) | This vulnerability was discovered and researched by Stefan Metzmacher of [SAMBA+](https://samba.plus/) and the [Samba Team](https://www.samba.org/), which also helped design a fix for the problem. For more information about the vulnerability named “BADLOCK,” see [Badlock Bug](http://badlock.org/). |
| [MS16-046](http://go.microsoft.com/fwlink/?linkid=746896) | Secondary Logon Elevation of Privilege Vulnerability | [CVE-2016-0135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0135) | Tenable Network Security |
| [MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) | Hyper-V Remote Code Execution Vulnerability | [CVE-2016-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0088) | Kostya Kortchinsky of the Google Security Team |
| [MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) | Hyper-V Remote Code Execution Vulnerability | [CVE-2016-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0088) | Thomas Garnier |
| [MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) | Hyper-V Information Disclosure vulnerability | [CVE-2016-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0089) | Kostya Kortchinsky of the Google Security Team |
| [MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) | Hyper-V Information Disclosure vulnerability | [CVE-2016-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0089) | Thomas Garnier |
| [MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) | Hyper-V Information Disclosure vulnerability | [CVE-2016-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0090) | Kostya Kortchinsky of the Google Security Team |
| [MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) | Hyper-V Information Disclosure vulnerability | [CVE-2016-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0090) | Thomas Garnier |
| [MS16-044](http://go.microsoft.com/fwlink/?linkid=747040) | Windows OLE Remote Code Execution Vulnerability | [CVE-2016-0153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0153) | [Debasish Mandal](https://twitter.com/debasishm89) of the [Intel Security](http://www.intelsecurity.com/) IPS Vulnerability Research Team |
| [MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0122) | Sébastien Morin of [COSIG](https://smsecurity.net/) |
| [MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0127) | Lucas Leong of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0136) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0139) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-041](http://go.microsoft.com/fwlink/?linkid=746929) | .NET Framework Remote Code Execution Vulnerability | [CVE-2016-0148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0148) | Yorick Koster of [Securify B.V.](https://securify.nl/) |
| [MS16-041](http://go.microsoft.com/fwlink/?linkid=746929) | .NET Framework Remote Code Execution Vulnerability | [CVE-2016-0148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0148) | rgod, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
| [MS16-040](http://go.microsoft.com/fwlink/?linkid=746897) | MSXML 3.0 Remote Code Execution Vulnerability | [CVE-2016-0147](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0147) | Nicolas Grégoire of [Agarri](http://www.agarri.fr/) |
| [MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0143](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0143) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) | Graphics Memory Corruption Vulnerability | [CVE-2016-0145](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0145) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0165](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0165) | [Kaspersky Lab](http://www.kaspersky.com/) |
| [MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0167](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0167) | Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) | Defense-in-depth | ----------------- | [Richard Shupak](https://www.linkedin.com/in/rshupak) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0154) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0155) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0156) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0156) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0157](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0157) | d81b2a7b317c035a8da11d63122964c2, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Edge Elevation of Privilege Vulnerability | [CVE-2016-0158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0158) | lokihardt, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2016-0161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0161) | QianWen Xiang of Tencent QQBrowser |
| [MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0154) | Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0159) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) | DLL Loading Remote Code Execution Vulnerability | [CVE-2016-0160](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0160) | [Sandro Poppi](https://spoppi.wordpress.com/) |
| [MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-0162](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0162) | Ladislav Janko, working with [ESET](http://www.eset.com/) |
| [MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0164](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0164) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0166](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0166) | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [3152550](https://technet.microsoft.com/library/security/3152550.aspx) | N/A | N/A | Marc Newlin of the Bastille Threat Research Team |
| **March 2016** | |||
| [MS16-035](http://go.microsoft.com/fwlink/?linkid=730728) | .NET XML Validation Security Feature Bypass | [CVE-2016-0132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0132) | [Anders Abel](https://coding.abel.nu/) of [Kentor](http://www.kentor.se/) |
| [MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0093) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0094) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0095) | Jueming of [Security Threat Information Center](http://security.alibaba.com/) |
| [MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0095) | bee13oy of CloverSec Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0096) | [fanxiaocao](http://weibo.com/cdutboy) and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/) |
| [MS16-033](http://go.microsoft.com/fwlink/?linkid=733468) | USB Mass Storage Elevation of Privilege Vulnerability | [CVE-2016-0133](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0133) | Andy Davis, [NCC Group](https://www.nccgroup.trust/us/) |
| [MS16-032](http://go.microsoft.com/fwlink/?linkid=733467) | Secondary Logon Elevation of Privilege Vulnerability | [CVE-2016-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0099) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-031](http://go.microsoft.com/fwlink/?linkid=733466) | Windows Elevation of Privilege Vulnerability | [CVE-2016-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0087) | Meysam Firozi @[R00tkitSmm](https://twitter.com/r00tkitsmm) |
| [MS16-030](http://go.microsoft.com/fwlink/?linkid=733465) | Windows OLE Memory Remote Code Execution Vulnerability | [CVE-2016-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0091) | Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-030](http://go.microsoft.com/fwlink/?linkid=733465) | Windows OLE Memory Remote Code Execution Vulnerability | [CVE-2016-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0092) | Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0021) | Richard Warren of [NCC Group](https://www.nccgroup.trust/us/) |
| [MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) | Microsoft Security Feature Bypass Vulnerability | [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) | Eric Clausing of [AV-TEST GmbH](https://www.av-test.org/) |
| [MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) | Microsoft Security Feature Bypass Vulnerability | [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) | Ulf Loesche of [AV-TEST GmbH](https://www.av-test.org/) |
| [MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) | Microsoft Security Feature Bypass Vulnerability | [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) | Maik Morgenstern of [AV-TEST GmbH](https://www.av-test.org/) |
| [MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) | Microsoft Security Feature Bypass Vulnerability | [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) | Andreas Marx of [AV-TEST GmbH](https://www.av-test.org/) |
| [MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0134) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0102) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-028](http://go.microsoft.com/fwlink/?linkid=733419) | Windows Remote Code Execution Vulnerability | [CVE-2016-0117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0117) | Mark Yason, IBM X-Force |
| [MS16-028](http://go.microsoft.com/fwlink/?linkid=733419) | Windows Remote Code Execution Vulnerability | [CVE-2016-0118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0118) | Jaanus Kp Clarified Security, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-027](http://go.microsoft.com/fwlink/?linkid=733470) | Windows Media Parsing Remote Code Execution Vulnerability | [CVE-2016-0101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0101) | [Bruno Martinez](mailto:bruno.uy@gmail.com) |
| [MS16-026](http://go.microsoft.com/fwlink/?linkid=733471) | OpenType Font Parsing Vulnerability | [CVE-2016-0120](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0120) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-026](http://go.microsoft.com/fwlink/?linkid=733471) | OpenType Font Parsing Vulnerability | [CVE-2016-0121](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0121) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS16-025](http://go.microsoft.com/fwlink/?linkid=733940) | Library Loading Input Validation Remote Code Execution Vulnerability | [CVE-2016-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0100) | Yorick Koster of [Securify B.V.](https://securify.nl/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0102) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0105) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0109) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0110) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0116](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0116) | The Microsoft ChakraCore Team |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0123) | d81b2a7b317c035a8da11d63122964c2, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0124](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0124) | 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125) | Richard Shupak |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125) | [Hariram Balasundaram](https://www.linkedin.com/in/hariramb) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125) | [Yashvier Kosaraju](https://www.linkedin.com/in/yashvier) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0129](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0129) | The Microsoft ChakraCore Team |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0130) | The Microsoft ChakraCore Team |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Defense-in-depth | ----------------- | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) | Defense-in-depth | ----------------- | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0103) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0104) | Li Kemeng of the [Baidu Security Lab](http://xlab.baidu.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0105) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0106](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0106) | sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107) | Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107) | [Tigonlab](http://www.tigonlab.org/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0108](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0108) | Abhishek Arya and Martin Barbella, working with [Google Project Zero](http://www.google.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0109) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0110) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111) | Abhishek Arya working with [Google Project Zero](http://www.google.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111) | Martin Barbella, working with [Google Project Zero](http://www.google.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0112) | sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0112) | 0011, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0113) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0114](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0114) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) | Defense-in-depth | ----------------- | Simon Zuckerbraun working with [HP’s](http://www.hpenterprisesecurity.com/products)[Zero Day Initiative](http://www.zerodayinitiative.com/) |
| **February 2016** | |||
| [MS16-018](http://go.microsoft.com/fwlink/?linkid=722617) | Win32k Elevation of Privilege Vulnerability | [CVE-2016-0048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0048) | [fanxiaocao](http://weibo.com/cdutboy) and [pjf](http://weibo.com/jfpan) of [Qihoo 360](http://www.360.cn/) |
| [MS16-016](http://go.microsoft.com/fwlink/?linkid=722536) | WebDAV Elevation of Privilege Vulnerability | [CVE-2016-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0051) | [Tamás Koczka](https://twitter.com/koczkatamas) of [Tresorit](http://www.tresorit.com/) |
| [MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0022) | Lucas Leong of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0052) | Lucas Leong of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0053) | Lucas Leong of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0055) | Kai Lu of Fortinet’s FortiGuard Labs |
| [MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0056) | An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team |
| [MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) | Microsoft SharePoint XSS Vulnerability | [CVE-2016-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0039) | Hadji Samir of [Evolution Security GmbH](http://www.evolution-sec.com/) (Vulnerability Lab) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows Elevation of Privilege Vulnerability | [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) | Meysam Firozi [@R00tkitSmm](https://twitter.com/r00tkitsmm) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows Elevation of Privilege Vulnerability | [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) | Su Yong Kim of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows Elevation of Privilege Vulnerability | [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) | Taesoo Kim of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows Elevation of Privilege Vulnerability | [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) | Byoungyoung Lee of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | DLL Loading Remote Code Execution Vulnerability | [CVE-2016-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0041) | Greg Linares, working with [CyberPoint SRT](http://cyberpointllc.com/srt) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | DLL Loading Remote Code Execution Vulnerability | [CVE-2016-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0041) | Yorick Koster of [Securify B.V.](https://securify.nl/) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows DLL Loading Remote Code Execution Vulnerability | [CVE-2016-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0042) | Richard Warren of [NCC Group](https://www.nccgroup.trust/us/) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows Kerberos Security Feature Bypass | [CVE-2016-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0049) | Vulnerability discovered by [Nabeel Ahmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/) |
| [MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) | Windows Kerberos Security Feature Bypass | [CVE-2016-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0049) | Vulnerability discovered by [Tom Gilis](https://twitter.com/tgilis) of [Dimension Data](http://www.dimensiondata.com/) |
| [MS16-013](http://go.microsoft.com/fwlink/?linkid=722340) | Windows Journal Memory Corruption Vulnerability | [CVE-2016-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0038) | Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-012](http://go.microsoft.com/fwlink/?linkid=623622) | Microsoft Windows Reader Vulnerability | [CVE-2016-0046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0046) | Jaanus Kp Clarified Security, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-012](http://go.microsoft.com/fwlink/?linkid=623622) | Microsoft PDF Library Buffer Overflow Vulnerability | [CVE-2016-0058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0058) | Atte Kettunen of [OUSPG](https://www.ee.oulu.fi/research/ouspg/) |
| [MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0060) | 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0061) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0062) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) | Microsoft Edge ASLR Bypass | [CVE-2016-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0080) | Zhang Yunhai of [NSFOCUS](http://www.nsfocus.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0059) | Kai Lu of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Information Disclosure Vulnerability | [CVE-2016-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0059) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0060) | 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0061) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2016-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0062) | Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0063) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0064) | Jack Tang of [Trend Micro](http://trendmicro.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2016-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0068) | Masato Kinugawa of [Cure53](https://cure53.de/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2016-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0069) | Yosuke HASEGAWA of Secure Sky Technology Inc. |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0071) | Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Internet Explorer Memory Corruption Vulnerability | [CVE-2016-0072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0072) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) | Microsoft Browser Spoofing Vulnerability | [CVE-2016-0077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0077) | [Kacper Rybczyński](https://twitter.com/kacperybczynski) |
| [3137909](https://technet.microsoft.com/library/security/3137909.aspx) | N/A | N/A | [Michael Reizelman](https://www.facebook.com/michael.reizelman) |
| **January 2016** | |||
| [MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) | Microsoft Exchange Spoofing Vulnerability | [CVE-2016-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0029) | Abdulrahman Alqabandi |
| [MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) | Microsoft Exchange Spoofing Vulnerability | [CVE-2016-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0030) | Alexandru Coltuneac |
| [MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) | Microsoft Exchange Spoofing Vulnerability | [CVE-2016-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0031) | [Nirmal Kirubakaran](https://www.linkedin.com/in/nirmalkirubakaran), Individual |
| [MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) | Microsoft Exchange Spoofing Vulnerability | [CVE-2016-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0032) | Ysrael Gurt of [BugSec](http://bughunting.gurt.co.il/) |
| [MS16-008](http://go.microsoft.com/fwlink/?linkid=718007) | Windows Mount Point Elevation of Privilege Vulnerability | [CVE-2016-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0006) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-008](http://go.microsoft.com/fwlink/?linkid=718007) | Windows Mount Point Elevation of Privilege Vulnerability | [CVE-2016-0007](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0007) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | DLL Loading Elevation of Privilege Vulnerability | [CVE-2016-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0014) | Stefan Kanthak of [Me, myself & IT](http://home.arcor.de/skanthak/safer.html) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | Windows DirectShow Heap Corruption RCE vulnerability | [CVE-2016-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0015) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2016-0016](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0016) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2016-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0018) | [parvez@greyhathacker.net](https://technet.microsoft.com/en-us/mailto:parvez@greyhathacker.net) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2016-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0018) | [Debasish Mandal](https://twitter.com/debasishm89) of the [Intel Security](http://www.intelsecurity.com/) IPS Vulnerability Research Team |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | Windows Remote Desktop Protocol Security Bypass Vulnerability | [CVE-2016-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0019) | Gal Goldshtein of [Citadel](http://citadel.co.il/) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | Windows Remote Desktop Protocol Security Bypass Vulnerability | [CVE-2016-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0019) | Viktor Minin of [Citadel](http://citadel.co.il/) |
| [MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) | MAPI LoadLibrary EoP Vulnerability | [CVE-2016-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0020) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-006](http://go.microsoft.com/fwlink/?linkid=717994) | Silverlight Runtime Remote Code Execution Vulnerability | [CVE-2016-0034](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0034) | Anton Ivanov and Costin Raiu of [Kaspersky Lab](http://www.kaspersky.com/) |
| [MS16-005](http://go.microsoft.com/fwlink/?linkid=718001) | Windows GDI32.dll ASLR Bypass Vulnerability | [CVE-2016-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0008) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-005](http://go.microsoft.com/fwlink/?linkid=718001) | Win32k Remote Code Execution Vulnerability | [CVE-2016-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0009) | Kerem Gümrükcü |
| [MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0010) | Kai Lu of Fortinet’s FortiGuard Labs |
| [MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) | ASLR bypass vulnerability | [CVE-2016-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0012) | IBM X-Forcer researcher Tom Kahana |
| [MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) | ASLR bypass vulnerability | [CVE-2016-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0012) | IBM X-Forcer researcher Elad Menahem |
| [MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) | Microsoft SharePoint Security Feature Bypass Vulnerability | [CVE-2015-6117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6117) | Jonas Nilsson of [Disruptive Innovations AB](http://www.disruptivei.com/) |
| [MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) | Microsoft Office Memory Corruption Vulnerability | [CVE-2016-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0035) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-003](http://go.microsoft.com/fwlink/?linkid=718004) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0002](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0002) | Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003) | 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2016-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0024) | CESG |
| [MS16-001](http://go.microsoft.com/fwlink/?linkid=717999) | Scripting Engine Memory Corruption Vulnerability | [CVE-2016-0002](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0002) | Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) | Defense-in-depth | ----------------- | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) | Defense-in-depth | ----------------- | Wenbin Zheng of [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS16-001](http://go.microsoft.com/fwlink/?linkid=717999) | Defense-in-depth | ----------------- | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) |
| [3109853](https://technet.microsoft.com/library/security/3109853.aspx) | Defense-in-depth | ----------------- | Thanks to Patrick Donahue, [CloudFlare](https://www.cloudflare.com/), for assistance in identifying the issue. |
| [3109853](https://technet.microsoft.com/library/security/3109853.aspx) | Defense-in-depth | ----------------- | Thanks to Jeremiah Cohick, [Fitbit](https://www.fitbit.com/), for assistance in identifying the issue. |
| [3109853](https://technet.microsoft.com/library/security/3109853.aspx) | Defense-in-depth | ----------------- | Thanks to Aaron Coleman, [Fitabase](https://www.fitabase.com/), for assistance in identifying the issue. |