Acknowledgments – 2016

10/11/2017
38 minutes to read
Contributors

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID	Vulnerability Title	CVE ID	Acknowledgment
December 2016
MS16-153	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-7295	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-151	Win32k Elevation of Privilege Vulnerability	CVE-2016-7259	Behzad Najjarpour Jabbari, Secunia Research at Flexera Software
MS16-151	Win32k Elevation of Privilege Vulnerability	CVE-2016-7259	Sébastien Renaud of Quarkslab
MS16-151	Win32k Elevation of Privilege Vulnerability	CVE-2016-7259	Richard Le Dé of Quarkslab
MS16-151	Win32k Elevation of Privilege Vulnerability	CVE-2016-7260	Jfpan of IceSword Lab, Qihoo 360
MS16-151	Win32k Elevation of Privilege Vulnerability	CVE-2016-7260	Fanxiaocao of IceSword Lab, Qihoo 360
MS16-149	Windows Crypto Driver Information Disclosure Vulnerability	CVE-2016-7219	Taesoo Kim of SSLab, Georgia Institue of Technology
MS16-149	Windows Crypto Driver Information Disclosure Vulnerability	CVE-2016-7219	Su Yong Kim of SSLab, Georgia Institue of Technology
MS16-149	Windows Crypto Driver Information Disclosure Vulnerability	CVE-2016-7219	Sangho Lee of SSLab, Georgia Institue of Technology
MS16-149	Windows Crypto Driver Information Disclosure Vulnerability	CVE-2016-7219	Byoungyoung Lee of SSLab, Georgia Institue of Technology
MS16-149	Windows Installer Elevation of Privilege Vulnerability	CVE-2016-7292	Thomas Vanhoutte (@SandboxEscaper)
MS16-148	Windows GDI Information Disclosure Vulnerability	CVE-2016-7257	Steven Vittitoe of Google Project Zero
MS16-148	Microsoft Office Security Feature Bypass Vulnerability	CVE-2016-7262	Iliyan Velikov of PwC UK
MS16-148	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7263	JChen of Palo Alto Networks
MS16-148	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7264	@j00sean
MS16-148	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7265	Steven Seeley of Source Incite
MS16-148	Microsoft Office Security Feature Bypass Vulnerability	CVE-2016-7266	Robert Riskin
MS16-148	Microsoft Office Security Feature Bypass Vulnerability	CVE-2016-7267	Haifei Li of Intel Security
MS16-148	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7268	@j00sean
MS16-148	Microsoft Office OLE DLL Side Loading Vulnerability	CVE-2016-7275	Weibo Wang of Qihoo 360 Skyeye Labs
MS16-148	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7276	Steven Vittitoe of Google Project Zero
MS16-148	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7277	Jaanus Kääp of Clarified Security
MS16-148	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7289	Peixue Li of Fortinet’s FortiGuard Labs
MS16-148	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7290	Steven Seeley of Source Incite
MS16-148	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7291	Steven Seeley of Source Incite
MS16-148	Defense-in-depth	-------------------	Steven Seeley of Source Incite
MS16-148	Defense-in-depth	-------------------	@j00sean
MS16-147	Windows Uniscribe Remote Code Execution Vulnerability	CVE-2016-7274	Hossein Lotfi, Secunia Research at Flexera Software
MS16-146	Windows GDI Information Disclosure Vulnerability	CVE-2016-7257	Steven Vittitoe of Google Project Zero
MS16-146	Windows Graphics Remote Code Execution Vulnerability	CVE-2016-7272	Giwan Go of STEALIEN, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-146	Defense-in-depth	-------------------	Henry Li (zenhumany) of Trend Micro
MS16-145	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7181	Veit Hailperin (@fenceposterror) of scip AG
MS16-145	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7279	The UK's National Cyber Security Centre (NCSC)
MS16-145	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-7280	Masato Kinugawa of Cure53
MS16-145	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7286	Natalie Silvanovich of Google Project Zero
MS16-145	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7287	Natalie Silvanovich of Google Project Zero
MS16-145	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7288	Natalie Silvanovich of Google Project Zero
MS16-145	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7296	Linan Hao of Qihoo 360 Vulcan Team working with POC/PwnFest
MS16-145	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7297	Lokihart working with POC/PwnFest
MS16-145	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7297	Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-144	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7202	Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-144	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7202	Scott Bell of Security-Assessment.com
MS16-144	Windows Hyperlink Object Library Information Disclosure Vulnerability	CVE-2016-7278	Steven Seeley of Source Incite
MS16-144	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7279	The UK's National Cyber Security Centre (NCSC)
MS16-144	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7283	Scott Bell of Security-Assessment.com
MS16-144	Internet Explorer Information Disclosure Vulnerability	CVE-2016-7284	Li Kemeng of Baidu Security Lab
MS16-144	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7287	Natalie Silvanovich of Google Project Zero
MS16-144	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7293	Tigonlab
November 2016
MS16-142	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7196	Kai Song of Tencent’s Xuanwu LAB
MS16-142	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7198	Liu Long of Qihoo 360
MS16-142	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-7227	Masato Kinugawa of Cure53
MS16-142	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-7239	Masato Kinugawa via Google VRP
MS16-142	Microsoft Browser Remote Code Execution Vulnerability	CVE-2016-7241	Natalie Silvanovich of Google Project Zero
MS16-142	Defense-in-depth	-------------------	John Page of ApparitionSec
MS16-139	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-7216	James Forshaw of Google Project Zero
MS16-139	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-7216	Mateusz Jurczyk of Google Project Zero
MS16-138	VHDFS Driver Elevation of Privilege Vulnerability	CVE-2016-7223	James Forshaw of Google Project Zero
MS16-138	VHDFS Driver Elevation of Privilege Vulnerability	CVE-2016-7224	James Forshaw of Google Project Zero
MS16-138	VHDFS Driver Elevation of Privilege Vulnerability	CVE-2016-7225	James Forshaw of Google Project Zero
MS16-138	VHDFS Driver Elevation of Privilege Vulnerability	CVE-2016-7226	James Forshaw of Google Project Zero
MS16-137	Local Security Authority Subsystem Service Denial of Service Vulnerability	CVE-2016-7237	Laurent Gaffie
MS16-136	SQL RDBMS Engine Elevation of Privilege Vulnerability	CVE-2016-7250	Scott Sutherland of netSPI
MS16-135	Win32k Information Disclosure Vulnerability	CVE-2016-7214	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-135	Win32k Elevation of Privilege Vulnerability	CVE-2016-7215	bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-135	Bowser.sys Information Disclosure Vulnerabilty	CVE-2016-7218	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-135	Win32k Elevation of Privilege	CVE-2016-7246	Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-135	Win32k Elevation of Privilege Vulnerability	CVE-2016-7255	Neel Mehta of Google’s Threat Analysis Group
MS16-135	Win32k Elevation of Privilege Vulnerability	CVE-2016-7255	Billy Leonard of Google’s Threat Analysis Group
MS16-135	Win32k Elevation of Privilege Vulnerability	CVE-2016-7255	Feike Hacquebord, of Trend Micro
MS16-135	Win32k Elevation of Privilege Vulnerability	CVE-2016-7255	Peter Pi of Trend Micro
MS16-135	Win32k Elevation of Privilege Vulnerability	CVE-2016-7255	Brooks Li of Trend Micro
MS16-134	Windows CLFS Elevation of Privilege	CVE-2016-0026	Daniel King, KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3332	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3333	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3334	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3334	Daniel King, KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3335	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3338	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3340	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3342	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows Common Log File System Driver Elevation of Privilege Vulnerability	CVE-2016-3343	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134	Windows CLFS Elevation of Privilege	CVE-2016-7184	Daniel King, KeenLab, Tencent
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7213	JChen of Palo Alto Networks
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7228	JChen of Palo Alto Networks
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7229	JChen of Palo Alto Networks
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7230	Steven Vittitoe of Google Project Zero
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7231	JChen of Palo Alto Networks
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7232	Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7232	Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7233	Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Information Disclosure Vulnerability	CVE-2016-7233	Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7234	Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7234	Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7235	Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7235	Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7236	Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133	Microsoft Office Denial of Service Vulnerability	CVE-2016-7244	Dmitri Kaslov, Independent Security Researcher
MS16-133	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7245	Haifei Li of Intel Security
MS16-132	Windows Animation Manager Memory Corruption Vulnerability	CVE-2016-7205	Scott Bell of Security-Assessment.com
MS16-132	Windows Animation Manager Memory Corruption Vulnerability	CVE-2016-7205	Kai Song of Tencent’s Xuanwu LAB
MS16-132	Windows Animation Manager Memory Corruption Vulnerability	CVE-2016-7205	SkyLined working with VeriSign iDefense Labs
MS16-132	Open Type Font Information Disclosure Vulnerability	CVE-2016-7210	Hossein Lotfi, Secunia Research at Flexera Software
MS16-132	Media Foundation Memory Corruption Vulnerability	CVE-2016-7217	Liu Long of Qihoo 360
MS16-132	Open Type Font Elevation of Privilege Vulnerability	CVE-2016-7256	Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA)
MS16-132	Defense-in-Depth	-------------------	Bing Sun of Intel Security Group
MS16-130	Windows Remote Code Execution Vulnerability	CVE-2016-7212	Aral Yaman of Noser Engineering AG
MS16-130	Windows IME Elevation of Privilege Vulnerability	CVE-2016-7221	Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc.
MS16-130	Task Scheduler Elevation of Privilege Vulnerability	CVE-2016-7222	Shanti Lindström Individual
MS16-129	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7195	Kai Song of Tencent’s Xuanwu LAB
MS16-129	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7196	Kai Song of Tencent’s Xuanwu LAB
MS16-129	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-7198	Liu Long of Qihoo 360
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7200	Natalie Silvanovich of Google Project Zero
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7200	Qixun Zhao of Qihoo 360 Skyeye Labs
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7201	Natalie Silvanovich of Google Project Zero
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7202	bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7202	Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7202	Natalie Silvanovich of Google Project Zero
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7202	Scott Bell of Security-Assessment.com
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7203	Natalie Silvanovich of Google Project Zero
MS16-129	Microsoft Edge Information Disclosure Vulnerability	CVE-2016-7204	Abdulrahman Alqabandi (@qab)
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7208	Microsoft ChakraCore Team
MS16-129	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-7227	Masato Kinugawa of Cure53
MS16-129	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-7239	Masato Kinugawa via Google VRP
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7240	Natalie Silvanovich of Google Project Zero
MS16-129	Microsoft Browser Remote Code Execution Vulnerability	CVE-2016-7241	Natalie Silvanovich of Google Project Zero
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7242	Qixun Zhao of Qihoo 360 Skyeye Labs
MS16-129	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7243	Nicolas Joly of MSRCE UK
October 2016
MS16-126	Internet Explorer Information Disclosure Vulnerability	CVE-2016-3298	Will Metcalf and Kafeine of Proofpoint
MS16-125	Windows Diagnostics Hub Elevation of Privilege	CVE-2016-7188	James Forshaw of Google Project Zero
MS16-124	Windows Kernel Local Elevation of Privilege	CVE-2016-0070	Fortinet’s FortiGuard Labs
MS16-124	Windows Kernel Local Elevation of Privilege	CVE-2016-0070	James Forshaw of Google Project Zero
MS16-124	Windows Kernel Local Elevation of Privilege	CVE-2016-0070	Mateusz Jurczyk of Google Project Zero
MS16-124	Windows Kernel Local Elevation of Privilege	CVE-2016-0073	James Forshaw of Google Project Zero
MS16-124	Windows Kernel Local Elevation of Privilege	CVE-2016-0075	James Forshaw of Google Project Zero
MS16-124	Windows Kernel Local Elevation of Privilege	CVE-2016-0079	James Forshaw of Google Project Zero
MS16-123	Win32k Elevation of Privilege Vulnerability	CVE-2016-3266	pgboy, zhong_sf of Qihoo 360 Vulcan Team
MS16-123	Windows Transaction Manager Elevation of Privilege Vulnerability	CVE-2016-3341	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-123	Windows Kernel Elevation of Privilege vulnerability	CVE-2016-3376	Mateusz Jurczyk of Google Project Zero
MS16-123	Windows Kernel Elevation of Privilege vulnerability	CVE-2016-3376	James Forshaw of Google Project Zero
MS16-123	Windows Kernel Driver Local Elevation of Privilege	CVE-2016-7185	James Forshaw of Google Project Zero
MS16-123	Win32k Elevation of Privilege Vulnerability	CVE-2016-7211	fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360
MS16-121	Microsoft Office Memory Corruption Vulnerability	CVE-2016-7193	Austrian MilCERT
MS16-120	True Type Font Parsing Information Disclosure Vulnerability	CVE-2016-3209	Mateusz Jurczyk of Google Project Zero
MS16-120	GDI+ Information Disclosure Vulnerability	CVE-2016-3262	Mateusz Jurczyk of Google Project Zero
MS16-120	GDI+ Information Disclosure Vulnerability	CVE-2016-3263	Mateusz Jurczyk of Google Project Zero
MS16-120	Win32k Elevation of Privilege Vulnerability	CVE-2016-3270	pgboy, zhong_sf of Qihoo 360 Vulcan Team
MS16-120	Windows Graphics Component RCE Vulnerability	CVE-2016-3393	Anton Ivanov of Kaspersky Lab
MS16-120	True Type Font Parsing Elevation of Privilege Vulnerability	CVE-2016-7182	Mateusz Jurczyk of Google Project Zero
MS16-119	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3267	Wenxiang Qian of Tencent QQBrowser
MS16-119	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3331	Zheng Huang of the Baidu Security Lab
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3382	Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3386	Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3386	Natalie Silvanovich of Google Project Zero
MS16-119	Microsoft Browser Elevation of Privilege Vulnerability	CVE-2016-3387	James Forshaw of Google Project Zero
MS16-119	Microsoft Browser Elevation of Privilege Vulnerability	CVE-2016-3388	James Forshaw of Google Project Zero
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3389	Microsoft ChakraCore Team
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3390	Microsoft ChakraCore Team
MS16-119	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Stefaan Truijen, working with NVISO
MS16-119	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Adrian Toma, working with NVISO (internship)
MS16-119	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Daan Raman, working with NVISO
MS16-119	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Arne Swinnen working with NVISO
MS16-119	Microsoft Browser Security Feature Bypass	CVE-2016-3392	Xiaoyin Liu
MS16-119	Scripting Engine Information Disclosure Vulnerability	CVE-2016-7189	Natalie Silvanovich of Google Project Zero
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7190	Natalie Silvanovich of Google Project Zero
MS16-119	Scripting Engine Memory Corruption Vulnerability	CVE-2016-7194	Natalie Silvanovich of Google Project Zero
MS16-119	-------------------	-------------------	Andrew Wesie (awesie) from Theori
MS16-118	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3267	Wenxiang Qian of Tencent QQBrowser
MS16-118	Internet Explorer Information Disclosure Vulnerability	CVE-2016-3298	Will Metcalf and Kafeine of Proofpoint
MS16-118	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3331	Zheng Huang of the Baidu Security Lab
MS16-118	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3382	Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-118	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3383	0011, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-118	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3384	62600BCA031B9EB5CB4A74ADDDD6771E, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-118	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3385	Jaehun Jeong (n3sk), of WINS, WSEC Analysis Team, working with VeriSign iDefense Labs
MS16-118	Microsoft Browser Elevation of Privilege Vulnerability	CVE-2016-3387	James Forshaw of Google Project Zero
MS16-118	Microsoft Browser Elevation of Privilege Vulnerability	CVE-2016-3388	James Forshaw of Google Project Zero
MS16-118	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Stefaan Truijen, working with NVISO
MS16-118	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Adrian Toma, working with NVISO (internship)
MS16-118	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Daan Raman, working with NVISO
MS16-118	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3391	Arne Swinnen working with NVISO
-------------------	Defense-in-depth	-------------------	James Forshaw of Google Project Zero
September 2016
MS16-116	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3376	An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-116	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3375	Yuki Chen of Qihoo 360 Vulcan Team
MS16-115	PDF Library Information Disclosure Vulnerability	CVE-2016-3370	Ke Liu of Tencent’s Xuanwu Lab
MS16-115	PDF Library Information Disclosure Vulnerability	CVE-2016-3374	Roberto Suggi Liverani (@malerisch) of malerisch.net
MS16-115	PDF Library Information Disclosure Vulnerability	CVE-2016-3374	Steven Seeley of Source Incite
MS16-114	Windows SMB Authenticated Remote Code Execution Vulnerability	CVE-2016-3345	Alexander Ovchinnikov of Tuxera Inc
MS16-114	Windows SMB Authenticated Remote Code Execution Vulnerability	CVE-2016-3345	Oleg Kravtsov of Tuxera Inc
MS16-112	Windows Lock Screen Elevation of Privilege Vulnerability	CVE-2016-3302	Auri A. Rahimzadeh of Auri’s Ideas
MS16-111	Windows Session Object Elevation of Privilege Vulnerability	CVE-2016-3305	The Citrix Product Security Team
MS16-111	Windows Session Object Elevation of Privilege Vulnerability	CVE-2016-3306	The Citrix Product Security Team
MS16-111	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-3371	James Forshaw of Google Project Zero
MS16-111	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-3372	Marcin Wiazowski, individual
MS16-111	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-3373	James Forshaw of Google Project Zero
MS16-110	Windows Denial of Service Vulnerability	CVE-2016-3369	Piotr Bania of Cisco Talos
MS16-110	Windows Remote Code Execution Vulnerability	CVE-2016-3368	Jonathan Brown of VMware, Inc
MS16-108	Defense-in-depth	-------------------	John Page of ApparitionSec
MS16-108	Microsoft Exchange Information Disclosure Vulnerability	CVE-2016-0138	Bassel Rachid of DH Corporation
MS16-108	Microsoft Exchange Information Disclosure Vulnerability	CVE-2016-0138	Lucie Brochu of DH Corporation
MS16-108	Microsoft Exchange Open Redirect Vulnerability	CVE-2016-3378	John Page of ApparitionSec
MS16-108	Microsoft Exchange Elevation of Privilege Vulnerability	CVE-2016-3379	Adrian Ivascu
MS16-107	Microsoft APP-V ASLR Bypass	CVE-2016-0137	Udi Yavo of enSilo
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3357	Steven Vittitoe of Google Project Zero
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3358	Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3359	Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3361	Steven Seeley of Source Incite
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3362	Steven Seeley of Source Incite
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3363	Steven Seeley of Source Incite
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3364	Eduardo Braun Prado
MS16-107	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3365	Steven Seeley of Source Incite, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-107	Microsoft Office Spoofing Vulnerability	CVE-2016-3366	Incident Response Team of Certego
MS16-106	Win32k Elevation of Privilege Vulnerability	CVE-2016-3348	RanchoIce of the Baidu Security Lab
MS16-106	GDI Information Disclosure Vulnerability	CVE-2016-3354	WanderingGlitch of Trend Micro’s Zero Day Initiative (ZDI)
MS16-106	GDI Information Disclosure Vulnerability	CVE-2016-3355	Liang Yin of Tencent PC Manager via GeekPwn
MS16-105	Defense-in-depth	-------------------	Henry Li (zenhumany) of Trend Micro
MS16-105	Defense-in-depth	-------------------	Jun Kokatsu
MS16-105	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3247	SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-105	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3291	Nathaniel Theis (XMPPwocky)
MS16-105	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-3294	Shi Ji (@Puzzor) of VARAS@IIE, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-105	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3295	Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-105	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3297	Liu Long of Qihoo 360
MS16-105	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3325	SkyLined
MS16-105	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-3330	F4B3CD of STARLAB
MS16-105	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-3350	Microsoft ChakraCore Team
MS16-105	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3351	Kafeine, Brooks Li of Trend Micro
MS16-105	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3377	Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Defense-in-depth	-------------------	Jun Kokatsu
MS16-104	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3247	SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3291	Nathaniel Theis (XMPPwocky)
MS16-104	Microsoft Browser Elevation of Privilege Vulnerability	CVE-2016-3292	Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3295	Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3297	Liu Long of Qihoo 360
MS16-104	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3324	SkyLined
MS16-104	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3325	SkyLined
MS16-104	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3351	Kafeine, Brooks Li of Trend Micro
MS16-104	Internet Explorer Security Feature Bypass	CVE-2016-3353	Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3375	Yuki Chen of Qihoo 360 Vulcan Team
MS16-104	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3376	An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3375	Simon Zuckerbraun working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3375	Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
-------------------	Defense-in-depth	-------------------	Fortinet’s FortiGuard Labs
-------------------	Defense-in-depth	-------------------	Steven Seeley of Source Incite working with iDefense
-------------------	Defense-in-depth	-------------------	Reno Robert
August 2016
MS16-102	Microsoft PDF Remote Code Execution Vulnerability	CVE-2016-3319	Aleksandar Nikolic of Cisco Talos
MS16-101	Kerberos Elevation of Privilege Vulnerability	CVE-2016-3237	Nabeel Ahmed of Dimension Data
MS16-099	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3313	Jaanus Kaap
MS16-099	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3313	Sébastien Morin of COSIG
MS16-099	Microsoft OneNote Information Disclosure Vulnerability	CVE-2016-3315	dannywei of Tencent’s Xuanwu Lab
MS16-099	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3316	Francis Provencher of COSIG
MS16-099	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3317	Dhanesh Kizhakkinan of FireEye Inc
MS16-099	Graphics Component Memory Corruption Vulnerability	CVE-2016-3318	Arun Kumar Sharma, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-099	Defense-in-depth	-----------------	Jerry Decime of Hewlett Packard Enterprise
MS16-098	Win32k Elevation of Privilege Vulnerability	CVE-2016-3308	Peter (Keen) working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-098	Win32k Elevation of Privilege Vulnerability	CVE-2016-3308	ZeguangZhao (team509), working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-098	Win32k Elevation of Privilege Vulnerability	CVE-2016-3309	bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-098	Win32k Elevation of Privilege Vulnerability	CVE-2016-3310	Wayne Low of Fortinet’s Fortiguard Labs
MS16-098	Win32k Elevation of Privilege Vulnerability	CVE-2016-3311	pgboy, zhong_sf of Qihoo 360 Vulcan Team
MS16-098	Defense-in-depth	-----------------	Martin Lenord
MS16-097	Windows Graphics Component RCE Vulnerability	CVE-2016-3301	Mateusz Jurczyk of Google Project Zero
MS16-097	Windows Graphics Component RCE Vulnerability	CVE-2016-3303	Mateusz Jurczyk of Google Project Zero
MS16-097	Windows Graphics Component RCE Vulnerability	CVE-2016-3304	Mateusz Jurczyk of Google Project Zero
MS16-096	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3289	Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-096	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3293	Kai Song (exp-sky) of Tencent’s Xuanwu LAB
MS16-096	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3296	Microsoft ChakraCore Team
MS16-096	Microsoft PDF Remote Code Execution Vulnerability	CVE-2016-3319	Aleksandar Nikolic of Cisco Talos
MS16-096	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3322	Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-096	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3326	Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-096	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3327	Soroush Dalili of NCC Group
MS16-096	Microsoft Browser Information Disclosure	CVE-2016-3329	Masato Kinugawa of Cure53
MS16-095	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3288	Ivan Fratric and Martin Barbella, working with Google Project Zero
MS16-095	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3289	Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-095	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3290	Liu Long of Qihoo 360
MS16-095	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3293	Kai Song (exp-sky) of Tencent’s Xuanwu LAB
MS16-095	Internet Explorer Information Disclosure Vulnerability	CVE-2016-3321	Yorick Koster of Securify B.V.
MS16-095	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3322	Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-095	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3326	Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-095	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3327	Soroush Dalili of NCC Group
MS16-095	Microsoft Browser Information Disclosure	CVE-2016-3329	Masato Kinugawa of Cure53
July 2016
MS16-092	Windows File System Security Feature Bypass Vulnerability	CVE-2016-3258	James Forshaw of Google Project Zero
MS16-092	Windows Kernel Information Disclosure Vulnerability	CVE-2016-3272	Herbert Bos of Vrije Universiteit Amsterdam
MS16-091	.NET Information Disclosure Vulnerability	CVE-2016-3255	Michael Weber, Henrique Arcoverde NCC Group
MS16-090	Win32k Elevation of Privilege Vulnerability	CVE-2016-3249	bee13oy of CloverSec Labs
MS16-090	Win32k Elevation of Privilege Vulnerability	CVE-2016-3250	zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-090	GDI Component Information Disclosure Vulnerability	CVE-2016-3251	zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-090	Win32k Elevation of Privilege Vulnerability	CVE-2016-3252	fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360
MS16-090	Win32k Elevation of Privilege Vulnerability	CVE-2016-3254	zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-090	Microsoft win32k Elevation of Privilege Vulnerability	CVE-2016-3286	zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-088	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3278	Xiaoning Li of Intel Labs
MS16-088	Microsoft Security Feature Bypass Vulnerability	CVE-2016-3279	Haifei Li of Intel Security
MS16-088	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3280	Lucas Leong of Trend Micro
MS16-088	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3281	Jaanus Kääp of Clarified Security
MS16-088	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3282	Jaanus Kääp of Clarified Security
MS16-088	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3283	Jaanus Kääp of Clarified Security
MS16-088	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3284	Alexey Belyakov, Individual
MS16-087	Microsoft Print Spooler Remote Code Execution Vulnerability	CVE-2016-3238	Nicolas Beauchesne of Vectra Networks
MS16-087	Windows Print Spooler Elevation of Privilege	CVE-2016-3239	Shanti Lindström, Individual
MS16-085	Microsoft Edge Security Feature Bypass	CVE-2016-3244	Zheng Huang of the Baidu Security Lab
MS16-085	Microsoft Edge Security Feature Bypass	CVE-2016-3244	Henry Li (zenhumany) of Trend Micro
MS16-085	Microsoft Edge Security Feature Bypass	CVE-2016-3244	Kai Song (exp-sky) of Tencent’s Xuanwu LAB
MS16-085	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-3246	cc working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-085	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3248	Microsoft ChakraCore Team
MS16-085	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3259	Jaehun Jeong (n3sk), Individual
MS16-085	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3264	exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-085	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3265	Jordan Rabet, Microsoft Offensive Security Research Team
MS16-085	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3269	Jordan Rabet, Microsoft Offensive Security Research Team
MS16-085	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3271	WanderingGlitch, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-085	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3273	Masato Kinugawa of Cure53
MS16-085	Microsoft Browser Spoofing Vulnerability	CVE-2016-3274	Ferenc Lutischán of Magyar Telekom Nyrt
MS16-085	Microsoft Edge Spoofing Vulnerability	CVE-2016-3276	Wenxiang Qian of Tencent QQBrowser
MS16-085	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3277	Henry Li (zenhumany) of Trend Micro
MS16-084	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3240	Hui Gao of Palo Alto Networks
MS16-084	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3241	62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-084	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3242	62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-084	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3243	Zheng Huang of the Baidu Security Lab
MS16-084	Internet Explorer Security Feature Bypass	CVE-2016-3245	Masato Kinugawa of Cure53
MS16-084	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3259	Jaehun Jeong (n3sk), Individual
MS16-084	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3260	Jordan Rabet of Microsoft Offensive Security Research Team
MS16-084	Internet Explorer Information Disclosure Vulnerability	CVE-2016-3261	Li Kemeng, Baidu Security Lab
MS16-084	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-3264	exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-084	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3273	Masato Kinugawa of Cure53
MS16-084	Microsoft Browser Information Disclosure Vulnerability	CVE-2016-3277	Henry Li (zenhumany) of Trend Micro
-------------------	Defense-in-depth	-------------------	Tao Yan (@Ga1ois) of Palo Alto Networks
June 2016
MS16-081	Active Directory Denial of Service Vulnerability	CVE-2016-3226	Ondrej Sevecek of GOPAS
MS16-080	Windows PDF Information Disclosure Vulnerability	CVE-2016-3201	Jaanus Kääp of Clarified Security
MS16-080	Windows PDF Remote Code Execution Vulnerability	CVE-2016-3203	Ke Liu of Tencent’s Xuanwu Lab
MS16-080	Windows PDF Remote Code Execution Vulnerability	CVE-2016-3203	kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-080	Windows PDF Information Disclosure Vulnerability	CVE-2016-3215	Ke Liu of Tencent’s Xuanwu Lab
MS16-080	Windows PDF Information Disclosure Vulnerability	CVE-2016-3215	kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-079	Microsoft Exchange Information Disclosure Vulnerability	CVE-2016-0028	Louis-Paul Dareau of ProcessOut
MS16-078	Windows Diagnostics Hub Elevation of Privilege	CVE-2016-3231	lokihardt, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-078	Windows Diagnostics Hub Elevation of Privilege	CVE-2016-3231	Qihoo 360 Vulcan Team
MS16-077	WPAD Elevation of Privilege Vulnerability	CVE-2016-3213	Moritz Jodeit of Blue Frost Security GmbH
MS16-077	WPAD Elevation of Privilege Vulnerability	CVE-2016-3213	Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab
MS16-074	Windows Graphics Component Information Disclosure Vulnerability	CVE-2016-3216	Mateusz Jurczyk of Google Project Zero
MS16-074	Win32k Elevation of Privilege Vulnerability	CVE-2016-3219	James Forshaw of Google Project Zero
MS16-074	ATMFD.DLL Elevation of Privilege Vulnerability	CVE-2016-3220	Mateusz Jurczyk of Google Project Zero
MS16-073	Win32k Elevation of Privilege Vulnerability	CVE-2016-3218	zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-073	Win32k Elevation of Privilege Vulnerability	CVE-2016-3221	RanchoIce of the Baidu Security Lab
MS16-072	Group Policy Elevation of Privilege Vulnerability	CVE-2016-3223	NabeelAhmed of Dimension Data
MS16-072	Group Policy Elevation of Privilege Vulnerability	CVE-2016-3223	Tom Gilis of Dimension Data
MS16-070	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0025	YangKang of 360 QEX Team
MS16-070	Microsoft Office Memory Corruption Vulnerability	CVE-2016-3233	David D. Rude II working with iDefense
MS16-070	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0025	LiYaDong of 360 QEX Team
MS16-070	Microsoft Office Information Disclosure Vulnerability	CVE-2016-3234	Dhanesh Kizhakkinan of FireEye Inc
MS16-070	Microsoft Office OLE DLL Side Loading Vulnerability	CVE-2016-3235	Yorick Koster of Securify B.V.
MS16-070	Defense-in-depth	-----------------	Danny Wei Wei of Tencent’s Xuanwu Lab
MS16-069	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3205	Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-069	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3206	Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-069	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3207	Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-068	Microsoft Edge Security Feature Bypass	CVE-2016-3198	Mario Heiderich of Cure53
MS16-068	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3199	lokihardt working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068	Windows PDF Information Disclosure Vulnerability	CVE-2016-3201	Jaanus Kääp of Clarified Security
MS16-068	Windows PDF Remote Code Execution Vulnerability	CVE-2016-3203	kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3214	Jordan Rabet of Microsoft Offensive Security Research Team
MS16-068	Windows PDF Information Disclosure Vulnerability	CVE-2016-3215	Ke Liu of Tencent’s Xuanwu Lab
MS16-068	Windows PDF Information Disclosure Vulnerability	CVE-2016-3215	kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-3222	Shi Ji (@Puzzor) of VARAS@IIE working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-3222	Kai Song (exp-sky) of Tencent’s Xuanwu Lab
MS16-063	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0199	SkyLined working with iDefense
MS16-063	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0200	62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-063	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3205	Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-063	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3206	Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-063	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3207	Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-063	Scripting Engine Memory Corruption Vulnerability	CVE-2016-3210	Moritz Jodeit of Blue Frost Security
MS16-063	Internet Explorer Memory Corruption Vulnerability	CVE-2016-3211	Ashutosh Mehra working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-063	Internet Explorer XSS Filter Vulnerability	CVE-2016-3212	Masato Kinugawa of Cure53
MS16-063	WPAD Elevation of Privilege Vulnerability	CVE-2016-3299	Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab
May 2016
MS16-067	Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability	CVE-2016-0190	Sandeep Kumar of Citrix Systems Inc.
MS16-066	Hypervisor Code Integrity Security Feature Bypass	CVE-2016-0181	Rafal Wojtczuk of Bromium
MS16-062	Win32k Elevation of Privilege Vulnerability	CVE-2016-0171	Nils Sommer of bytegeist, working with Google Project Zero
MS16-062	Win32k Elevation of Privilege Vulnerability	CVE-2016-0173	Nils Sommer of bytegeist, working with Google Project Zero
MS16-062	Win32k Elevation of Privilege Vulnerability	CVE-2016-0173	Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062	Win32k Elevation of Privilege Vulnerability	CVE-2016-0174	Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062	Win32k Information Disclosure Vulnerability	CVE-2016-0175	Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062	Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability	CVE-2016-0176	Peter Hlavaty of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062	Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability	CVE-2016-0176	Daniel King of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062	Win32k Elevation of Privilege Vulnerability	CVE-2016-0196	Dhanesh Kizhakkinan of FireEye, Inc.
MS16-062	Win32k Elevation of Privilege Vulnerability	CVE-2016-0196	Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062	Defense-in-depth	-----------------	Fermin J. Serna
MS16-061	RPC Network Data Representation Engine Elevation of Privilege Vulnerability	CVE-2016-0178	Evgeny Kotkov of VisualSVN
MS16-061	RPC Network Data Representation Engine Elevation of Privilege Vulnerability	CVE-2016-0178	Ivan Zhakov of VisualSVN
MS16-060	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-0180	Loren Robinson of CrowdStrike, Inc.
MS16-060	Windows Kernel Elevation of Privilege Vulnerability	CVE-2016-0180	Alex Ionescu of CrowdStrike, Inc.
MS16-059	Windows Media Center Remote Code Execution Vulnerability	CVE-2016-0185	Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-057	Windows Shell Remote Code Execution Vulnerability	CVE-2016-0179	Shi Ji (@Puzzor) of VARAS@IIE
MS16-056	Journal Memory Corruption Vulnerability	CVE-2016-0182	Jason Kratzer, working with VeriSign iDefense Labs
MS16-056	Journal Memory Corruption Vulnerability	CVE-2016-0182	Bingchang Liu of VARAS@IIE
MS16-055	Windows Graphics Component Information Disclosure Vulnerability	CVE-2016-0168	Mateusz Jurczyk of Google Project Zero
MS16-055	Windows Graphics Component Information Disclosure Vulnerability	CVE-2016-0169	Mateusz Jurczyk of Google Project Zero
MS16-055	WIndows Graphics Component RCE vulnerability	CVE-2016-0170	Mateusz Jurczyk of Google Project Zero
MS16-055	Direct3D Use After Free RCE Vulnerability	CVE-2016-0184	Henry Li(zenhumany) of Trend Micro
MS16-054	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0126	An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team
MS16-054	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0126	Hao Linan of Qihoo 360 Vulcan Team
MS16-054	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0140	Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-054	Office Graphics RCE Vulnerability	CVE-2016-0183	Lucas Leong of Trend Micro
MS16-053	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0187	Kai Kang
MS16-052	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0186	Brian Pak (cai) from Theori, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0186	Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0191	Lokihart working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0192	Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0193	Zhen Feng, Wen Xu of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052	Defense-in-depth	-----------------	Bing Sun Intel Security Group
MS16-051	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0187	Kai Kang
MS16-051	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0192	Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-051	Internet Explorer Information Disclosure Vulnerability	CVE-2016-0194	Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-051	Defense-in-depth	-----------------	Zhang Yunhai of NSFOCUS
April 2016
MS16-049	HTTP.sys Denial of Service Vulnerability	CVE-2016-0150	Dhanesh Kizhakkinan of FireEye, Inc.
MS16-049	HTTP.sys Denial of Service Vulnerability	CVE-2016-0150	Noam Mazor of Imperva
MS16-048	Windows CSRSS Security Feature Bypass Vulnerability	CVE-2016-0151	James Forshaw of Google Project Zero
MS16-047	Windows RPC Downgrade Vulnerability	CVE-2016-0128	This vulnerability was discovered and researched by Stefan Metzmacher of SAMBA+ and the Samba Team, which also helped design a fix for the problem. For more information about the vulnerability named “BADLOCK,” see Badlock Bug.
MS16-046	Secondary Logon Elevation of Privilege Vulnerability	CVE-2016-0135	Tenable Network Security
MS16-045	Hyper-V Remote Code Execution Vulnerability	CVE-2016-0088	Kostya Kortchinsky of the Google Security Team
MS16-045	Hyper-V Remote Code Execution Vulnerability	CVE-2016-0088	Thomas Garnier
MS16-045	Hyper-V Information Disclosure vulnerability	CVE-2016-0089	Kostya Kortchinsky of the Google Security Team
MS16-045	Hyper-V Information Disclosure vulnerability	CVE-2016-0089	Thomas Garnier
MS16-045	Hyper-V Information Disclosure vulnerability	CVE-2016-0090	Kostya Kortchinsky of the Google Security Team
MS16-045	Hyper-V Information Disclosure vulnerability	CVE-2016-0090	Thomas Garnier
MS16-044	Windows OLE Remote Code Execution Vulnerability	CVE-2016-0153	Debasish Mandal of the Intel Security IPS Vulnerability Research Team
MS16-042	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0122	Sébastien Morin of COSIG
MS16-042	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0127	Lucas Leong of Trend Micro
MS16-042	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0136	Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-042	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0139	Steven Seeley of Source Incite
MS16-041	.NET Framework Remote Code Execution Vulnerability	CVE-2016-0148	Yorick Koster of Securify B.V.
MS16-041	.NET Framework Remote Code Execution Vulnerability	CVE-2016-0148	rgod, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-040	MSXML 3.0 Remote Code Execution Vulnerability	CVE-2016-0147	Nicolas Grégoire of Agarri
MS16-039	Win32k Elevation of Privilege Vulnerability	CVE-2016-0143	Nils Sommer of bytegeist, working with Google Project Zero
MS16-039	Graphics Memory Corruption Vulnerability	CVE-2016-0145	Mateusz Jurczyk of Google Project Zero
MS16-039	Win32k Elevation of Privilege Vulnerability	CVE-2016-0165	Kaspersky Lab
MS16-039	Win32k Elevation of Privilege Vulnerability	CVE-2016-0167	Dhanesh Kizhakkinan of FireEye, Inc.
MS16-039	Defense-in-depth	-----------------	Richard Shupak
MS16-038	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0154	Liu Long of Qihoo 360
MS16-038	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0155	Liu Long of Qihoo 360
MS16-038	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0156	Shi Ji (@Puzzor) of VARAS@IIE
MS16-038	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0156	Liu Long of Qihoo 360
MS16-038	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0157	d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative
MS16-038	Microsoft Edge Elevation of Privilege Vulnerability	CVE-2016-0158	lokihardt, working with HP’s Zero Day Initiative
MS16-038	Microsoft Edge Information Disclosure Vulnerability	CVE-2016-0161	QianWen Xiang of Tencent QQBrowser
MS16-037	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0154	Liu Long of the Qihoo 360 Vulcan Team
MS16-037	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0159	B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
MS16-037	DLL Loading Remote Code Execution Vulnerability	CVE-2016-0160	Sandro Poppi
MS16-037	Internet Explorer Information Disclosure Vulnerability	CVE-2016-0162	Ladislav Janko, working with ESET
MS16-037	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0164	Zheng Huang of the Baidu Security Lab
MS16-037	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0166	Henry Li (zenhumany) of Trend Micro, working with HP’s Zero Day Initiative
3152550	N/A	N/A	Marc Newlin of the Bastille Threat Research Team
March 2016
MS16-035	.NET XML Validation Security Feature Bypass	CVE-2016-0132	Anders Abel of Kentor
MS16-034	Win32k Elevation of Privilege Vulnerability	CVE-2016-0093	Nils Sommer of bytegeist, working with Google Project Zero
MS16-034	Win32k Elevation of Privilege Vulnerability	CVE-2016-0094	Nils Sommer of bytegeist, working with Google Project Zero
MS16-034	Win32k Elevation of Privilege Vulnerability	CVE-2016-0095	Jueming of Security Threat Information Center
MS16-034	Win32k Elevation of Privilege Vulnerability	CVE-2016-0095	bee13oy of CloverSec Labs, working with HP’s Zero Day Initiative
MS16-034	Win32k Elevation of Privilege Vulnerability	CVE-2016-0096	fanxiaocao and pjf of IceSword Lab, Qihoo 360
MS16-033	USB Mass Storage Elevation of Privilege Vulnerability	CVE-2016-0133	Andy Davis, NCC Group
MS16-032	Secondary Logon Elevation of Privilege Vulnerability	CVE-2016-0099	James Forshaw of Google Project Zero
MS16-031	Windows Elevation of Privilege Vulnerability	CVE-2016-0087	Meysam Firozi @R00tkitSmm
MS16-030	Windows OLE Memory Remote Code Execution Vulnerability	CVE-2016-0091	Anonymous, working with HP’s Zero Day Initiative
MS16-030	Windows OLE Memory Remote Code Execution Vulnerability	CVE-2016-0092	Anonymous, working with HP’s Zero Day Initiative
MS16-029	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0021	Richard Warren of NCC Group
MS16-029	Microsoft Security Feature Bypass Vulnerability	CVE-2016-0057	Eric Clausing of AV-TEST GmbH
MS16-029	Microsoft Security Feature Bypass Vulnerability	CVE-2016-0057	Ulf Loesche of AV-TEST GmbH
MS16-029	Microsoft Security Feature Bypass Vulnerability	CVE-2016-0057	Maik Morgenstern of AV-TEST GmbH
MS16-029	Microsoft Security Feature Bypass Vulnerability	CVE-2016-0057	Andreas Marx of AV-TEST GmbH
MS16-029	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0134	Jack Tang of Trend Micro
MS16-023	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0102	Liu Long of Qihoo 360
MS16-028	Windows Remote Code Execution Vulnerability	CVE-2016-0117	Mark Yason, IBM X-Force
MS16-028	Windows Remote Code Execution Vulnerability	CVE-2016-0118	Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative
MS16-027	Windows Media Parsing Remote Code Execution Vulnerability	CVE-2016-0101	Bruno Martinez
MS16-026	OpenType Font Parsing Vulnerability	CVE-2016-0120	Mateusz Jurczyk of Google Project Zero
MS16-026	OpenType Font Parsing Vulnerability	CVE-2016-0121	Mateusz Jurczyk of Google Project Zero
MS16-025	Library Loading Input Validation Remote Code Execution Vulnerability	CVE-2016-0100	Yorick Koster of Securify B.V.
MS16-024	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0102	Liu Long of Qihoo 360
MS16-024	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0105	Zheng Huang of the Baidu Security Lab
MS16-024	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0109	Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-024	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0110	Zheng Huang of the Baidu Security Lab
MS16-024	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0111	Zheng Huang of the Baidu Security Lab
MS16-024	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0116	The Microsoft ChakraCore Team
MS16-024	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0123	d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative
MS16-024	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0124	003, working with HP’s Zero Day Initiative
MS16-024	Microsoft Edge Information Disclosure Vulnerability	CVE-2016-0125	Richard Shupak
MS16-024	Microsoft Edge Information Disclosure Vulnerability	CVE-2016-0125	Hariram Balasundaram
MS16-024	Microsoft Edge Information Disclosure Vulnerability	CVE-2016-0125	Yashvier Kosaraju
MS16-024	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0129	The Microsoft ChakraCore Team
MS16-024	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0130	The Microsoft ChakraCore Team
MS16-024	Defense-in-depth	-----------------	0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative
MS16-024	Defense-in-depth	-----------------	Simon Zuckerbraun, working with HP’s Zero Day Initiative
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0103	Zheng Huang of the Baidu Security Lab
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0104	Li Kemeng of the Baidu Security Lab
MS16-023	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0105	Zheng Huang of the Baidu Security Lab
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0106	sky, working with HP’s Zero Day Initiative
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0107	Hui Gao of Palo Alto Networks
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0107	B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0107	Tigonlab
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0108	Abhishek Arya and Martin Barbella, working with Google Project Zero
MS16-023	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0109	Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-023	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0110	Zheng Huang of the Baidu Security Lab
MS16-023	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0111	Abhishek Arya working with Google Project Zero
MS16-023	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0111	Martin Barbella, working with Google Project Zero
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0112	sky, working with HP’s Zero Day Initiative
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0112	0011, working with HP’s Zero Day Initiative
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0113	Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-023	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0114	Simon Zuckerbraun, working with HP’s Zero Day Initiative
MS16-023	Defense-in-depth	-----------------	Simon Zuckerbraun working with HP’s Zero Day Initiative
February 2016
MS16-018	Win32k Elevation of Privilege Vulnerability	CVE-2016-0048	fanxiaocao and pjf of Qihoo 360
MS16-016	WebDAV Elevation of Privilege Vulnerability	CVE-2016-0051	Tamás Koczka of Tresorit
MS16-015	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0022	Lucas Leong of Trend Micro
MS16-015	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0052	Lucas Leong of Trend Micro
MS16-015	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0053	Lucas Leong of Trend Micro
MS16-015	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0055	Kai Lu of Fortinet’s FortiGuard Labs
MS16-015	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0056	An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team
MS16-015	Microsoft SharePoint XSS Vulnerability	CVE-2016-0039	Hadji Samir of Evolution Security GmbH (Vulnerability Lab)
MS16-014	Windows Elevation of Privilege Vulnerability	CVE-2016-0040	Meysam Firozi @R00tkitSmm
MS16-014	Windows Elevation of Privilege Vulnerability	CVE-2016-0040	Su Yong Kim of SSLab, Georgia Institute of Technology
MS16-014	Windows Elevation of Privilege Vulnerability	CVE-2016-0040	Taesoo Kim of SSLab, Georgia Institute of Technology
MS16-014	Windows Elevation of Privilege Vulnerability	CVE-2016-0040	Byoungyoung Lee of SSLab, Georgia Institute of Technology
MS16-014	DLL Loading Remote Code Execution Vulnerability	CVE-2016-0041	Greg Linares, working with CyberPoint SRT
MS16-014	DLL Loading Remote Code Execution Vulnerability	CVE-2016-0041	Yorick Koster of Securify B.V.
MS16-014	Windows DLL Loading Remote Code Execution Vulnerability	CVE-2016-0042	Richard Warren of NCC Group
MS16-014	Windows Kerberos Security Feature Bypass	CVE-2016-0049	Vulnerability discovered by Nabeel Ahmed of Dimension Data
MS16-014	Windows Kerberos Security Feature Bypass	CVE-2016-0049	Vulnerability discovered by Tom Gilis of Dimension Data
MS16-013	Windows Journal Memory Corruption Vulnerability	CVE-2016-0038	Rohit Mothe of VeriSign iDefense Labs
MS16-012	Microsoft Windows Reader Vulnerability	CVE-2016-0046	Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative
MS16-012	Microsoft PDF Library Buffer Overflow Vulnerability	CVE-2016-0058	Atte Kettunen of OUSPG
MS16-011	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0060	003, working with HP’s Zero Day Initiative
MS16-011	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0061	SkyLined, working with HP’s Zero Day Initiative
MS16-011	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0062	Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-011	Microsoft Edge ASLR Bypass	CVE-2016-0080	Zhang Yunhai of NSFOCUS
MS16-009	Internet Explorer Information Disclosure Vulnerability	CVE-2016-0059	Kai Lu of Fortinet’s FortiGuard Labs
MS16-009	Internet Explorer Information Disclosure Vulnerability	CVE-2016-0059	Steven Seeley of Source Incite
MS16-009	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0060	003, working with HP’s Zero Day Initiative
MS16-009	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0061	SkyLined, working with HP’s Zero Day Initiative
MS16-009	Microsoft Browser Memory Corruption Vulnerability	CVE-2016-0062	Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-009	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0063	SkyLined, working with HP’s Zero Day Initiative
MS16-009	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0064	Jack Tang of Trend Micro
MS16-009	Internet Explorer Elevation of Privilege Vulnerability	CVE-2016-0068	Masato Kinugawa of Cure53
MS16-009	Internet Explorer Elevation of Privilege Vulnerability	CVE-2016-0069	Yosuke HASEGAWA of Secure Sky Technology Inc.
MS16-009	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0071	Dhanesh Kizhakkinan of FireEye, Inc.
MS16-009	Internet Explorer Memory Corruption Vulnerability	CVE-2016-0072	0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative
MS16-009	Microsoft Browser Spoofing Vulnerability	CVE-2016-0077	Kacper Rybczyński
3137909	N/A	N/A	Michael Reizelman
January 2016
MS16-010	Microsoft Exchange Spoofing Vulnerability	CVE-2016-0029	Abdulrahman Alqabandi
MS16-010	Microsoft Exchange Spoofing Vulnerability	CVE-2016-0030	Alexandru Coltuneac
MS16-010	Microsoft Exchange Spoofing Vulnerability	CVE-2016-0031	Nirmal Kirubakaran, Individual
MS16-010	Microsoft Exchange Spoofing Vulnerability	CVE-2016-0032	Ysrael Gurt of BugSec
MS16-008	Windows Mount Point Elevation of Privilege Vulnerability	CVE-2016-0006	James Forshaw of Google Project Zero
MS16-008	Windows Mount Point Elevation of Privilege Vulnerability	CVE-2016-0007	James Forshaw of Google Project Zero
MS16-007	DLL Loading Elevation of Privilege Vulnerability	CVE-2016-0014	Stefan Kanthak of Me, myself & IT
MS16-007	Windows DirectShow Heap Corruption RCE vulnerability	CVE-2016-0015	Steven Vittitoe of Google Project Zero
MS16-007	Windows Library Loading Remote Code Execution Vulnerability	CVE-2016-0016	Steven Vittitoe of Google Project Zero
MS16-007	Windows Library Loading Remote Code Execution Vulnerability	CVE-2016-0018	parvez@greyhathacker.net
MS16-007	Windows Library Loading Remote Code Execution Vulnerability	CVE-2016-0018	Debasish Mandal of the Intel Security IPS Vulnerability Research Team
MS16-007	Windows Remote Desktop Protocol Security Bypass Vulnerability	CVE-2016-0019	Gal Goldshtein of Citadel
MS16-007	Windows Remote Desktop Protocol Security Bypass Vulnerability	CVE-2016-0019	Viktor Minin of Citadel
MS16-007	MAPI LoadLibrary EoP Vulnerability	CVE-2016-0020	Ashutosh Mehra, working with HP’s Zero Day Initiative
MS16-006	Silverlight Runtime Remote Code Execution Vulnerability	CVE-2016-0034	Anton Ivanov and Costin Raiu of Kaspersky Lab
MS16-005	Windows GDI32.dll ASLR Bypass Vulnerability	CVE-2016-0008	Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-005	Win32k Remote Code Execution Vulnerability	CVE-2016-0009	Kerem Gümrükcü
MS16-004	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0010	Kai Lu of Fortinet’s FortiGuard Labs
MS16-004	ASLR bypass vulnerability	CVE-2016-0012	IBM X-Forcer researcher Tom Kahana
MS16-004	ASLR bypass vulnerability	CVE-2016-0012	IBM X-Forcer researcher Elad Menahem
MS16-004	Microsoft SharePoint Security Feature Bypass Vulnerability	CVE-2015-6117	Jonas Nilsson of Disruptive Innovations AB
MS16-004	Microsoft Office Memory Corruption Vulnerability	CVE-2016-0035	Steven Seeley of Source Incite, working with HP’s Zero Day Initiative
MS16-003	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0002	Anonymous contributor, working with VeriSign iDefense Labs
MS16-002	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0003	003, working with HP’s Zero Day Initiative
MS16-002	Microsoft Edge Memory Corruption Vulnerability	CVE-2016-0003	Shi Ji (@Puzzor) of VARAS@IIE
MS16-002	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0024	CESG
MS16-001	Scripting Engine Memory Corruption Vulnerability	CVE-2016-0002	Anonymous contributor, working with VeriSign iDefense Labs
MS16-004	Defense-in-depth	-----------------	Jack Tang of Trend Micro
MS16-002	Defense-in-depth	-----------------	Wenbin Zheng of Qihoo 360 Vulcan Team
MS16-001	Defense-in-depth	-----------------	Heige (a.k.a. SuperHei) from Knownsec 404 Security Team
3109853	Defense-in-depth	-----------------	Thanks to Patrick Donahue, CloudFlare, for assistance in identifying the issue.
3109853	Defense-in-depth	-----------------	Thanks to Jeremiah Cohick, Fitbit, for assistance in identifying the issue.
3109853	Defense-in-depth	-----------------	Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.