Acknowledgments – 2016

Microsoft extends thanks to the following for working with us to help protect customers.

**Bulletin ID** **Vulnerability Title** **CVE ID** **Acknowledgment**
**December 2016**
[MS16-153](https://go.microsoft.com/fwlink/?linkid=835768) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-7295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7295) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) Win32k Elevation of Privilege Vulnerability [CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259) Behzad Najjarpour Jabbari, Secunia Research at Flexera Software
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) Win32k Elevation of Privilege Vulnerability [CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259) Sébastien Renaud of [Quarkslab](http://www.quarkslab.com/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) Win32k Elevation of Privilege Vulnerability [CVE-2016-7259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7259) Richard Le Dé of [Quarkslab](http://www.quarkslab.com/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) Win32k Elevation of Privilege Vulnerability [CVE-2016-7260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7260) [Jfpan](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-151](https://go.microsoft.com/fwlink/?linkid=834956) Win32k Elevation of Privilege Vulnerability [CVE-2016-7260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7260) [Fanxiaocao](https://twitter.com/tinysecex) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) Windows Crypto Driver Information Disclosure Vulnerability [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) Taesoo Kim of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) Windows Crypto Driver Information Disclosure Vulnerability [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) Su Yong Kim of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) Windows Crypto Driver Information Disclosure Vulnerability [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) Sangho Lee of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) Windows Crypto Driver Information Disclosure Vulnerability [CVE-2016-7219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7219) Byoungyoung Lee of [SSLab, Georgia Institue of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-149](https://go.microsoft.com/fwlink/?linkid=834964) Windows Installer Elevation of Privilege Vulnerability [CVE-2016-7292](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7292) Thomas Vanhoutte ([@SandboxEscaper](https://twitter.com/sandboxescaper))
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Windows GDI Information Disclosure Vulnerability [CVE-2016-7257](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7257) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Security Feature Bypass Vulnerability [CVE-2016-7262](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7262) Iliyan Velikov of PwC UK
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7263](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7263) JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7264) [@j00sean](https://twitter.com/j00sean)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7265](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7265) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Security Feature Bypass Vulnerability [CVE-2016-7266](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7266) [Robert Riskin](mailto:rriskin@protonmail.com)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Security Feature Bypass Vulnerability [CVE-2016-7267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7267) Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7268](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7268) [@j00sean](https://twitter.com/j00sean)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office OLE DLL Side Loading Vulnerability [CVE-2016-7275](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7275) [Weibo Wang](https://twitter.com/ma1fan) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7276](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7276) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7277) Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7289) Peixue Li of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7290](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7290) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7291) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Defense-in-depth ------------------- Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-148](https://go.microsoft.com/fwlink/?linkid=834445) Defense-in-depth ------------------- [@j00sean](https://twitter.com/j00sean)
[MS16-147](https://go.microsoft.com/fwlink/?linkid=834947) Windows Uniscribe Remote Code Execution Vulnerability [CVE-2016-7274](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7274) Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/)
[MS16-146](https://go.microsoft.com/fwlink/?linkid=834444) Windows GDI Information Disclosure Vulnerability [CVE-2016-7257](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7257) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-146](https://go.microsoft.com/fwlink/?linkid=834444) Windows Graphics Remote Code Execution Vulnerability [CVE-2016-7272](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7272) Giwan Go of STEALIEN, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-146](https://go.microsoft.com/fwlink/?linkid=834444) Defense-in-depth ------------------- Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7181](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7181) Veit Hailperin ([@fenceposterror](https://twitter.com/fenceposterror)) of [scip AG](https://www.scip.ch/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7279) The UK's National Cyber Security Centre (NCSC)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-7280](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7280) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7286](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7286) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7287](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7287) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7288](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7288) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7296](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7296) Linan Hao of [Qihoo 360](http://www.360.cn/) Vulcan Team working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7297) Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS16-145](https://go.microsoft.com/fwlink/?linkid=834442) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7297) Anonymous working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) Scott Bell of Security-Assessment.com
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Windows Hyperlink Object Library Information Disclosure Vulnerability [CVE-2016-7278](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7278) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7279) The UK's National Cyber Security Centre (NCSC)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7283](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7283) Scott Bell of Security-Assessment.com
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Internet Explorer Information Disclosure Vulnerability [CVE-2016-7284](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7284) Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7287](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7287) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-144](https://go.microsoft.com/fwlink/?linkid=834441) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7293) [Tigonlab](http://www.tigonlab.org/)
**November 2016**
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7196) [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7198) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-7227](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7227) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-7239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7239) Masato Kinugawa via Google VRP
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) Microsoft Browser Remote Code Execution Vulnerability [CVE-2016-7241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7241) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-142](https://go.microsoft.com/fwlink/?linkid=830372) Defense-in-depth ------------------- John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/)
[MS16-139](https://go.microsoft.com/fwlink/?linkid=830965) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-7216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7216) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-139](https://go.microsoft.com/fwlink/?linkid=830965) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-7216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7216) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) VHDFS Driver Elevation of Privilege Vulnerability [CVE-2016-7223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7223) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) VHDFS Driver Elevation of Privilege Vulnerability [CVE-2016-7224](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7224) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) VHDFS Driver Elevation of Privilege Vulnerability [CVE-2016-7225](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7225) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-138](https://go.microsoft.com/fwlink/?linkid=830965) VHDFS Driver Elevation of Privilege Vulnerability [CVE-2016-7226](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7226) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-137](https://go.microsoft.com/fwlink/?linkid=833192) Local Security Authority Subsystem Service Denial of Service Vulnerability [CVE-2016-7237](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7237) Laurent Gaffie
[MS16-136](https://go.microsoft.com/fwlink/?linkid=830963) SQL RDBMS Engine Elevation of Privilege Vulnerability [CVE-2016-7250](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7250) Scott Sutherland of [netSPI](http://www.netspi.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Information Disclosure Vulnerability [CVE-2016-7214](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7214) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege Vulnerability [CVE-2016-7215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7215) bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Bowser.sys Information Disclosure Vulnerabilty [CVE-2016-7218](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7218) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege [CVE-2016-7246](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7246) Anonymous working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege Vulnerability [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) Neel Mehta of [Google’s](http://www.google.com/) Threat Analysis Group
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege Vulnerability [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) Billy Leonard of [Google’s](http://www.google.com/) Threat Analysis Group
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege Vulnerability [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) Feike Hacquebord, of [Trend Micro](http://www.trendmicro.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege Vulnerability [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) Peter Pi of [Trend Micro](http://www.trendmicro.com/)
[MS16-135](https://go.microsoft.com/fwlink/?linkid=830428) Win32k Elevation of Privilege Vulnerability [CVE-2016-7255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7255) Brooks Li of [Trend Micro](http://www.trendmicro.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows CLFS Elevation of Privilege [CVE-2016-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0026) [Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3332](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3332) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3333](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3333) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3334](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3334) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3334](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3334) [Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3335](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3335) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3338](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3338) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3340](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3340) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3342](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3342) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows Common Log File System Driver Elevation of Privilege Vulnerability [CVE-2016-3343](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3343) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-134](http://go.microsoft.com/fwlink/?linkid=828018) Windows CLFS Elevation of Privilege [CVE-2016-7184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7184) [Daniel King](https://twitter.com/long123king), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7213) JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7228](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7228) JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7229](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7229) JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7230](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7230) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7231) JChen of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7232](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7232) Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7232](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7232) Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7233) Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Information Disclosure Vulnerability [CVE-2016-7233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7233) Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7234) Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7234) Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7235) Rocco Calvi of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7235) Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7236](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7236) Steven Seeley of [Source Incite](http://srcincite.io/) working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Denial of Service Vulnerability [CVE-2016-7244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7244) Dmitri Kaslov, Independent Security Researcher
[MS16-133](https://go.microsoft.com/fwlink/?linkid=833188) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7245](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7245) Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Windows Animation Manager Memory Corruption Vulnerability [CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205) Scott Bell of Security-Assessment.com
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Windows Animation Manager Memory Corruption Vulnerability [CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205) [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Windows Animation Manager Memory Corruption Vulnerability [CVE-2016-7205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7205) SkyLined working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Open Type Font Information Disclosure Vulnerability [CVE-2016-7210](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7210) Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Media Foundation Memory Corruption Vulnerability [CVE-2016-7217](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7217) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Open Type Font Elevation of Privilege Vulnerability [CVE-2016-7256](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7256) Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA)
[MS16-132](https://go.microsoft.com/fwlink/?linkid=830425) Defense-in-Depth ------------------- Bing Sun of Intel Security Group
[MS16-130](https://go.microsoft.com/fwlink/?linkid=833191) Windows Remote Code Execution Vulnerability [CVE-2016-7212](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7212) Aral Yaman of [Noser Engineering AG](http://www.noser.com/)
[MS16-130](https://go.microsoft.com/fwlink/?linkid=833191) Windows IME Elevation of Privilege Vulnerability [CVE-2016-7221](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7221) Takashi Yoshikawa of [Mitsui Bussan Secure Directions, Inc.](https://www.mbsd.jp/)
[MS16-130](https://go.microsoft.com/fwlink/?linkid=833191) Task Scheduler Elevation of Privilege Vulnerability [CVE-2016-7222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7222) [Shanti Lindström](https://linkedin.com/in/shanti-lindström-399112a8) Individual
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7195](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7195) [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7196) [Kai Song](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-7198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7198) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7200) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7200) [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7201) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) Li Kemeng of [Baidu Security Lab](http://xteam.baidu.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7202](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7202) Scott Bell of Security-Assessment.com
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7203) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Edge Information Disclosure Vulnerability [CVE-2016-7204](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7204) Abdulrahman Alqabandi ([@qab](https://twitter.com/qab))
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7208](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7208) Microsoft ChakraCore Team
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-7227](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7227) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-7239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7239) Masato Kinugawa via Google VRP
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7240](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7240) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Microsoft Browser Remote Code Execution Vulnerability [CVE-2016-7241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7241) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7242](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7242) [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://skyeye.360safe.com/)
[MS16-129](https://go.microsoft.com/fwlink/?linkid=830431) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7243](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7243) Nicolas Joly of MSRCE UK
**October 2016**
[MS16-126](http://go.microsoft.com/fwlink/?linkid=829052) Internet Explorer Information Disclosure Vulnerability [CVE-2016-3298](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3298) Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/)
[MS16-125](http://go.microsoft.com/fwlink/?linkid=827822) Windows Diagnostics Hub Elevation of Privilege [CVE-2016-7188](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7188) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) Windows Kernel Local Elevation of Privilege [CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070) Fortinet’s [FortiGuard Labs](http://fortiguard.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) Windows Kernel Local Elevation of Privilege [CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) Windows Kernel Local Elevation of Privilege [CVE-2016-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0070) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) Windows Kernel Local Elevation of Privilege [CVE-2016-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0073) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) Windows Kernel Local Elevation of Privilege [CVE-2016-0075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0075) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-124](http://go.microsoft.com/fwlink/?linkid=827821) Windows Kernel Local Elevation of Privilege [CVE-2016-0079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0079) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) Win32k Elevation of Privilege Vulnerability [CVE-2016-3266](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3266) [pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) Windows Transaction Manager Elevation of Privilege Vulnerability [CVE-2016-3341](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3341) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) Windows Kernel Elevation of Privilege vulnerability [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) Windows Kernel Elevation of Privilege vulnerability [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) Windows Kernel Driver Local Elevation of Privilege [CVE-2016-7185](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7185) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-123](http://go.microsoft.com/fwlink/?linkid=827595) Win32k Elevation of Privilege Vulnerability [CVE-2016-7211](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7211) [fanxiaocao](https://twitter.com/tinysecex) (@TinySec), and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-121](http://go.microsoft.com/fwlink/?linkid=828158) Microsoft Office Memory Corruption Vulnerability [CVE-2016-7193](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7193)  Austrian MilCERT
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) True Type Font Parsing Information Disclosure Vulnerability [CVE-2016-3209](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3209) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) GDI+ Information Disclosure Vulnerability [CVE-2016-3262](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3262) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) GDI+ Information Disclosure Vulnerability [CVE-2016-3263](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3263) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) Win32k Elevation of Privilege Vulnerability [CVE-2016-3270](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3270) [pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of Qihoo 360 Vulcan Team
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) Windows Graphics Component RCE Vulnerability [CVE-2016-3393](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3393) Anton Ivanov of [Kaspersky Lab](http://www.kaspersky.com/)
[MS16-120](http://go.microsoft.com/fwlink/?linkid=827590) True Type Font Parsing Elevation of Privilege Vulnerability [CVE-2016-7182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7182) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3267) Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3331](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3331) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3382) Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3386](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3386) Richard Zhu (fluorescence), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3386](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3386) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2016-3387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3387) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2016-3388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3388) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3389](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3389) Microsoft ChakraCore Team
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3390](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3390) Microsoft ChakraCore Team
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) Stefaan Truijen, working with [NVISO](https://www.nviso.be/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) Adrian Toma, working with [NVISO](https://www.nviso.be/) (internship)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) Daan Raman, working with [NVISO](https://www.nviso.be/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) [Arne Swinnen](https://www.arneswinnen.net/) working with [NVISO](https://nviso.be/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Microsoft Browser Security Feature Bypass [CVE-2016-3392](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3392) [Xiaoyin Liu](https://twitter.com/general_nfs)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Information Disclosure Vulnerability [CVE-2016-7189](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7189) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7190](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7190) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) Scripting Engine Memory Corruption Vulnerability [CVE-2016-7194](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7194) Natalie Silvanovich of [Google Project Zero](http://www.google.com/)
[MS16-119](http://go.microsoft.com/fwlink/?linkid=827592) ------------------- ------------------- Andrew Wesie (awesie) from [Theori](http://theori.io/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3267](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3267) Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Internet Explorer Information Disclosure Vulnerability [CVE-2016-3298](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3298) Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3331](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3331) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3382) Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3383) 0011, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3384](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3384) 62600BCA031B9EB5CB4A74ADDDD6771E, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3385) [Jaehun Jeong](https://twitter.com/n3sk) (n3sk), of WINS, WSEC Analysis Team, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2016-3387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3387) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2016-3388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3388) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) Stefaan Truijen, working with [NVISO](https://www.nviso.be/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) Adrian Toma, working with [NVISO](https://www.nviso.be/) (internship)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) Daan Raman, working with [NVISO](https://www.nviso.be/)
[MS16-118](http://go.microsoft.com/fwlink/?linkid=827591) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3391) [Arne Swinnen](https://www.arneswinnen.net/) working with [NVISO](https://nviso.be/)
------------------- Defense-in-depth ------------------- James Forshaw of [Google Project Zero](http://www.google.com/)
**September 2016**
[MS16-116](http://go.microsoft.com/fwlink/?linkid=825725) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) An anonymous researcher, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-116](http://go.microsoft.com/fwlink/?linkid=825725) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-115](http://go.microsoft.com/fwlink/?linkid=825727) PDF Library Information Disclosure Vulnerability [CVE-2016-3370](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3370) Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-115](http://go.microsoft.com/fwlink/?linkid=825727) PDF Library Information Disclosure Vulnerability [CVE-2016-3374](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) Roberto Suggi Liverani (@malerisch) of [malerisch.net](http://blog.malerisch.net/)
[MS16-115](http://go.microsoft.com/fwlink/?linkid=825727) PDF Library Information Disclosure Vulnerability [CVE-2016-3374](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-114](http://go.microsoft.com/fwlink/?linkid=824826) Windows SMB Authenticated Remote Code Execution Vulnerability [CVE-2016-3345](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) Alexander Ovchinnikov of [Tuxera Inc](https://www.tuxera.com/)
[MS16-114](http://go.microsoft.com/fwlink/?linkid=824826) Windows SMB Authenticated Remote Code Execution Vulnerability [CVE-2016-3345](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3374) Oleg Kravtsov of [Tuxera Inc](https://www.tuxera.com/)
[MS16-112](http://go.microsoft.com/fwlink/?linkid=821605) Windows Lock Screen Elevation of Privilege Vulnerability [CVE-2016-3302](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3302) Auri A. Rahimzadeh of [Auri’s Ideas](http://auri.net/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) Windows Session Object Elevation of Privilege Vulnerability [CVE-2016-3305](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3305) [The Citrix Product Security Team](https://www.citrix.com/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) Windows Session Object Elevation of Privilege Vulnerability [CVE-2016-3306](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3306) [The Citrix Product Security Team](https://www.citrix.com/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-3371](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3371) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-3372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3372) Marcin Wiazowski, individual
[MS16-111](http://go.microsoft.com/fwlink/?linkid=825142) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-3373](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3373) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-110](http://go.microsoft.com/fwlink/?linkid=821596) Windows Denial of Service Vulnerability [CVE-2016-3369](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3369) Piotr Bania of [Cisco Talos](http://talosintel.com/vulnerability-reports/)
[MS16-110](http://go.microsoft.com/fwlink/?linkid=821596) Windows Remote Code Execution Vulnerability [CVE-2016-3368](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3368) Jonathan Brown of [VMware, Inc](http://www.vmware.com/)
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) Defense-in-depth ------------------- John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/) 
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) Microsoft Exchange Information Disclosure Vulnerability [CVE-2016-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0138) [Bassel Rachid](mailto:bassel.rachid@dh.com) of DH Corporation
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) Microsoft Exchange Information Disclosure Vulnerability [CVE-2016-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0138) [Lucie Brochu](mailto:lucie.brochu@dh.com) of DH Corporation
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) Microsoft Exchange Open Redirect Vulnerability [CVE-2016-3378](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3378) John Page of [ApparitionSec](http://hyp3rlinx.altervista.org/) 
[MS16-108](http://go.microsoft.com/fwlink/?linkid=824829) Microsoft Exchange Elevation of Privilege Vulnerability [CVE-2016-3379](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3379) Adrian Ivascu
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft APP-V ASLR Bypass [CVE-2016-0137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0137) Udi Yavo of [enSilo](http://ensilo.com/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3357](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3357) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3358](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3358) Steven Seeley of Source Incite, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3359](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3359) Steven Seeley of Source Incite, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3361](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3361) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3362](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3362) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3363) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3364](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3364) Eduardo Braun Prado
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3365](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3365) Steven Seeley of [Source Incite](http://srcincite.io/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-107](http://go.microsoft.com/fwlink/?linkid=824817) Microsoft Office Spoofing Vulnerability [CVE-2016-3366](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3366) Incident Response Team of [Certego](http://www.certego.net/)
[MS16-106](http://go.microsoft.com/fwlink/?linkid=824814) Win32k Elevation of Privilege Vulnerability [CVE-2016-3348](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3348) RanchoIce of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-106](http://go.microsoft.com/fwlink/?linkid=824814) GDI Information Disclosure Vulnerability [CVE-2016-3354](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3354) WanderingGlitch of [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-106](http://go.microsoft.com/fwlink/?linkid=824814) GDI Information Disclosure Vulnerability [CVE-2016-3355](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3355) Liang Yin of Tencent PC Manager via GeekPwn
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Defense-in-depth ------------------- Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Defense-in-depth ------------------- [Jun Kokatsu](https://twitter.com/shhnjk)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3247](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3247) SkyLined, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3291) Nathaniel Theis ([XMPPwocky](http://xmppwocky.net/))
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-3294](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3294) Shi Ji (@Puzzor) of VARAS@IIE, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3295) Garage4Hackers, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3297) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3325](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3325) SkyLined
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-3330](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3330) F4B3CD of STARLAB
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-3350](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3350) Microsoft ChakraCore Team
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3351](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3351) [Kafeine](https://twitter.com/kafeine), Brooks Li of [Trend Micro](http://www.trendmicro.com/)
[MS16-105](http://go.microsoft.com/fwlink/?linkid=823625) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3377](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3377) Richard Zhu (fluorescence), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Defense-in-depth ------------------- [Jun Kokatsu](https://twitter.com/shhnjk)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3247](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3247) SkyLined, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3291](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3291) Nathaniel Theis ([XMPPwocky](http://xmppwocky.net/))
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2016-3292](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3292) Thomas Vanhoutte, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3295](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3295) Garage4Hackers, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3297](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3297) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3324](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3324) SkyLined
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3325](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3325) SkyLined
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3351](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3351) [Kafeine](https://twitter.com/kafeine), Brooks Li of [Trend Micro](http://www.trendmicro.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Internet Explorer Security Feature Bypass [CVE-2016-3353](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3353) Eduardo Braun Prado, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3376) An anonymous researcher, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) Simon Zuckerbraun working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-104](http://go.microsoft.com/fwlink/?linkid=823624) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3375) Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
------------------- Defense-in-depth ------------------- Fortinet’s FortiGuard Labs
------------------- Defense-in-depth ------------------- Steven Seeley of Source Incite working with iDefense
------------------- Defense-in-depth ------------------- Reno Robert
**August 2016**
[MS16-102](http://go.microsoft.com/fwlink/?linkid=823207) Microsoft PDF Remote Code Execution Vulnerability [CVE-2016-3319](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3319) Aleksandar Nikolic of [Cisco Talos](http://talosintel.com/vulnerability-reports/)
[MS16-101](http://go.microsoft.com/fwlink/?linkid=821576) Kerberos Elevation of Privilege Vulnerability [CVE-2016-3237](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3237) [Nabeel Ahmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3313](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3313) Jaanus Kaap
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3313](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3313) Sébastien Morin of [COSIG](https://smsecurity.net/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Microsoft OneNote Information Disclosure Vulnerability [CVE-2016-3315](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3315) dannywei of [Tencent’s Xuanwu Lab](http://www.tencent.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3316](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3316) Francis Provencher of [COSIG](https://smsecurity.net/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3317](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3317) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Graphics Component Memory Corruption Vulnerability [CVE-2016-3318](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3318) Arun Kumar Sharma, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-099](http://go.microsoft.com/fwlink/?linkid=821165) Defense-in-depth ----------------- Jerry Decime of Hewlett Packard Enterprise
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) Win32k Elevation of Privilege Vulnerability [CVE-2016-3308](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3308) Peter (Keen) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) Win32k Elevation of Privilege Vulnerability [CVE-2016-3308](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3308) ZeguangZhao (team509), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) Win32k Elevation of Privilege Vulnerability [CVE-2016-3309](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3309) bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) Win32k Elevation of Privilege Vulnerability [CVE-2016-3310](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3310) Wayne Low of Fortinet’s Fortiguard Labs
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) Win32k Elevation of Privilege Vulnerability [CVE-2016-3311](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3311) [pgboy](http://weibo.com/pgboy1988), [zhong\_sf](http://weibo.com/2641521260) of Qihoo 360 Vulcan Team
[MS16-098](http://go.microsoft.com/fwlink/?linkid=821582) Defense-in-depth ----------------- Martin Lenord
[MS16-097](http://go.microsoft.com/fwlink/?linkid=821146) Windows Graphics Component RCE Vulnerability [CVE-2016-3301](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3301) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-097](http://go.microsoft.com/fwlink/?linkid=821146) Windows Graphics Component RCE Vulnerability [CVE-2016-3303](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3303) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-097](http://go.microsoft.com/fwlink/?linkid=821146) Windows Graphics Component RCE Vulnerability [CVE-2016-3304](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3304) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3289) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3293) Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3296](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3296) Microsoft ChakraCore Team
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft PDF Remote Code Execution Vulnerability [CVE-2016-3319](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3319) Aleksandar Nikolic of [Cisco Talos](http://talosintel.com/vulnerability-reports/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3322](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3322) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3326](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3326) Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3327](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3327) Soroush Dalili of [NCC Group](https://www.nccgroup.trust/)
[MS16-096](http://go.microsoft.com/fwlink/?linkid=821137) Microsoft Browser Information Disclosure [CVE-2016-3329](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3329) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3288](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3288) Ivan Fratric and Martin Barbella, working with [Google Project Zero](http://www.google.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3289](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3289) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3290](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3290) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3293](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3293) Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Internet Explorer Information Disclosure Vulnerability [CVE-2016-3321](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3321) Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3322](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3322) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3326](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3326) Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3327](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3327) Soroush Dalili of [NCC Group](https://www.nccgroup.trust/)
[MS16-095](http://go.microsoft.com/fwlink/?linkid=821136) Microsoft Browser Information Disclosure [CVE-2016-3329](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3329) Masato Kinugawa of [Cure53](https://cure53.de/)
**July 2016**
[MS16-092](http://go.microsoft.com/fwlink/?linkid=808706) Windows File System Security Feature Bypass Vulnerability [CVE-2016-3258](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3258) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-092](http://go.microsoft.com/fwlink/?linkid=808706) Windows Kernel Information Disclosure Vulnerability [CVE-2016-3272](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3272) Herbert Bos of Vrije Universiteit Amsterdam
[MS16-091](http://go.microsoft.com/fwlink/?linkid=808156) .NET Information Disclosure Vulnerability [CVE-2016-3255](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3255) Michael Weber, Henrique Arcoverde [NCC Group](https://www.nccgroup.trust/us/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) Win32k Elevation of Privilege Vulnerability [CVE-2016-3249](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3249) bee13oy of CloverSec Labs
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) Win32k Elevation of Privilege Vulnerability [CVE-2016-3250](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3250) [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) GDI Component Information Disclosure Vulnerability [CVE-2016-3251](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3251) [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) Win32k Elevation of Privilege Vulnerability [CVE-2016-3252](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3252) [fanxiaocao](https://twitter.com/tinysecex) (@TinySec), and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) Win32k Elevation of Privilege Vulnerability [CVE-2016-3254](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3254) [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-090](http://go.microsoft.com/fwlink/?linkid=808590) Microsoft win32k Elevation of Privilege Vulnerability [CVE-2016-3286](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3286) [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3278](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3278) Xiaoning Li of [Intel Labs](http://www.intel.com/content/www/us/en/research/intel-research.html)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Security Feature Bypass Vulnerability [CVE-2016-3279](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3279) Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3280](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3280) Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3281](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3281) Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3282](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3282) Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3283](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3283) Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-088](http://go.microsoft.com/fwlink/?linkid=808151) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3284](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3284) [Alexey Belyakov](https://alwerewolf.blogspot.com/), Individual
[MS16-087](http://go.microsoft.com/fwlink/?linkid=808150) Microsoft Print Spooler Remote Code Execution Vulnerability [CVE-2016-3238](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3238) [Nicolas Beauchesne](http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack) of Vectra Networks
[MS16-087](http://go.microsoft.com/fwlink/?linkid=808150) Windows Print Spooler Elevation of Privilege [CVE-2016-3239](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3239) [Shanti Lindström](https://linkedin.com/in/shanti-lindström-399112a8), Individual
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Edge Security Feature Bypass [CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244) Zheng Huang of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Edge Security Feature Bypass [CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244) Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Edge Security Feature Bypass [CVE-2016-3244](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3244) Kai Song ([exp](http://exp-sky.org/)-sky) of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-3246](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3246) cc working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3248](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3248) Microsoft ChakraCore Team
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3259) [Jaehun Jeong](https://twitter.com/n3sk) (n3sk), Individual
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3264) [exp-sky](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://xlab.tencent.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3265](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3265) Jordan Rabet, Microsoft Offensive Security Research Team
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3269](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3269) Jordan Rabet, Microsoft Offensive Security Research Team
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3271](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3271) WanderingGlitch, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3273](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3273) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Browser Spoofing Vulnerability [CVE-2016-3274](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3274) Ferenc Lutischán of [Magyar Telekom Nyrt](http://www.telekom.hu/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Edge Spoofing Vulnerability [CVE-2016-3276](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3276) Wenxiang Qian of [Tencent QQBrowser](http://browser.qq.com/)
[MS16-085](http://go.microsoft.com/fwlink/?linkid=808148) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3277) Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3240](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3240) Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3241](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3241) 62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3242](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3242) 62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3243](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3243) Zheng Huang of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Internet Explorer Security Feature Bypass [CVE-2016-3245](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3245) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3259](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3259) [Jaehun Jeong](https://twitter.com/n3sk) (n3sk), Individual
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3260](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3260) Jordan Rabet of Microsoft Offensive Security Research Team
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Internet Explorer Information Disclosure Vulnerability [CVE-2016-3261](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3261) Li Kemeng, [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-3264](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3264) [exp-sky](http://exp-sky.org/) of [Tencent’s Xuanwu LAB](http://xlab.tencent.com/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3273](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3273) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-084](http://go.microsoft.com/fwlink/?linkid=808143) Microsoft Browser Information Disclosure Vulnerability [CVE-2016-3277](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3277) Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
------------------- Defense-in-depth ------------------- Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
**June 2016**
[MS16-081](http://go.microsoft.com/fwlink/?linkid=798515) Active Directory Denial of Service Vulnerability [CVE-2016-3226](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3226) Ondrej Sevecek of [GOPAS](https://www.sevecek.com/englishpages/lists/posts/post.aspx?id=81)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) Windows PDF Information Disclosure Vulnerability [CVE-2016-3201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3201) Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) Windows PDF Remote Code Execution Vulnerability [CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203) Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) Windows PDF Remote Code Execution Vulnerability [CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203) kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) Windows PDF Information Disclosure Vulnerability [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-080](http://go.microsoft.com/fwlink/?linkid=798620) Windows PDF Information Disclosure Vulnerability [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-079](http://go.microsoft.com/fwlink/?linkid=787067) Microsoft Exchange Information Disclosure Vulnerability [CVE-2016-0028](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0028) Louis-Paul Dareau of [ProcessOut](https://www.processout.com/)
[MS16-078](http://go.microsoft.com/fwlink/?linkid=799136) Windows Diagnostics Hub Elevation of Privilege [CVE-2016-3231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3231) lokihardt, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-078](http://go.microsoft.com/fwlink/?linkid=799136) Windows Diagnostics Hub Elevation of Privilege [CVE-2016-3231](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3231) [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-077](http://go.microsoft.com/fwlink/?linkid=798850) WPAD Elevation of Privilege Vulnerability [CVE-2016-3213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3213) [Moritz Jodeit](https://twitter.com/moritzj) of [Blue Frost Security GmbH](https://www.bluefrostsecurity.de/)
[MS16-077](http://go.microsoft.com/fwlink/?linkid=798850) WPAD Elevation of Privilege Vulnerability [CVE-2016-3213](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3213) Yu Yang (@tombkeeper) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-074](http://go.microsoft.com/fwlink/?linkid=798504) Windows Graphics Component Information Disclosure Vulnerability [CVE-2016-3216](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3216) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-074](http://go.microsoft.com/fwlink/?linkid=798504) Win32k Elevation of Privilege Vulnerability [CVE-2016-3219](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3219) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-074](http://go.microsoft.com/fwlink/?linkid=798504) ATMFD.DLL Elevation of Privilege Vulnerability [CVE-2016-3220](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3220) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-073](http://go.microsoft.com/fwlink/?linkid=798502) Win32k Elevation of Privilege Vulnerability [CVE-2016-3218](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3218) [zhong\_sf](http://weibo.com/2641521260) and [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-073](http://go.microsoft.com/fwlink/?linkid=798502) Win32k Elevation of Privilege Vulnerability [CVE-2016-3221](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3221) RanchoIce of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-072](http://go.microsoft.com/fwlink/?linkid=798378) Group Policy Elevation of Privilege Vulnerability [CVE-2016-3223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3223) [NabeelAhmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-072](http://go.microsoft.com/fwlink/?linkid=798378) Group Policy Elevation of Privilege Vulnerability [CVE-2016-3223](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3223) [Tom Gilis](https://twitter.com/tgilis) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0025) YangKang of [360 QEX Team](http://www.360.cn/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) Microsoft Office Memory Corruption Vulnerability [CVE-2016-3233](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3233) David D. Rude II working with iDefense
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0025) LiYaDong of [360 QEX Team](http://www.360.cn/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) Microsoft Office Information Disclosure Vulnerability [CVE-2016-3234](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3234) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) Microsoft Office OLE DLL Side Loading Vulnerability [CVE-2016-3235](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3235) Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-070](http://go.microsoft.com/fwlink/?linkid=798377) Defense-in-depth ----------------- [Danny Wei Wei](https://twitter.com/danny_wei) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-069](http://go.microsoft.com/fwlink/?linkid=798411) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3205) Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-069](http://go.microsoft.com/fwlink/?linkid=798411) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3206](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3206) Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-069](http://go.microsoft.com/fwlink/?linkid=798411) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3207](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3207) Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Microsoft Edge Security Feature Bypass [CVE-2016-3198](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3198) Mario Heiderich of [Cure53](https://cure53.de/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3199](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3199) lokihardt working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Windows PDF Information Disclosure Vulnerability [CVE-2016-3201](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3201) Jaanus Kääp of Clarified Security
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Windows PDF Remote Code Execution Vulnerability [CVE-2016-3203](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3203) kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3214](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3214) Jordan Rabet of Microsoft Offensive Security Research Team
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Windows PDF Information Disclosure Vulnerability [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) Ke Liu of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Windows PDF Information Disclosure Vulnerability [CVE-2016-3215](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3215) kdot working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-3222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3222) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-068](http://go.microsoft.com/fwlink/?linkid=798511) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-3222](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3222) Kai Song (exp-sky) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0199](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0199) SkyLined working with iDefense
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0200](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0200) 62600BCA031B9EB5CB4A74ADDDD6771E working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3205](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3205) Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3206](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3206) Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3207](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3207) Tao Yan (@Ga1ois) of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Scripting Engine Memory Corruption Vulnerability [CVE-2016-3210](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3210) [Moritz Jodeit](https://twitter.com/moritzj) of [Blue Frost Security](https://www.bluefrostsecurity.de/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Internet Explorer Memory Corruption Vulnerability [CVE-2016-3211](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3211) [Ashutosh Mehra](https://twitter.com/ashutoshmehra) working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) Internet Explorer XSS Filter Vulnerability [CVE-2016-3212](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3212) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-063](http://go.microsoft.com/fwlink/?linkid=798510) WPAD Elevation of Privilege Vulnerability [CVE-2016-3299](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3299) Yu Yang (@tombkeeper) of [Tencent’s Xuanwu Lab](http://xlab.tencent.com/)
**May 2016**
[MS16-067](http://go.microsoft.com/fwlink/?linkid=786475) Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability [CVE-2016-0190](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0190) Sandeep Kumar of [Citrix Systems Inc.](http://www.citrix.com/)
[MS16-066](http://go.microsoft.com/fwlink/?linkid=785792) Hypervisor Code Integrity Security Feature Bypass [CVE-2016-0181](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0181) Rafal Wojtczuk of [Bromium](http://www.bromium.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Elevation of Privilege Vulnerability [CVE-2016-0171](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0171) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Elevation of Privilege Vulnerability [CVE-2016-0173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0173) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Elevation of Privilege Vulnerability [CVE-2016-0173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0173) [Qihoo 360 Vulcan Team](http://www.360.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Elevation of Privilege Vulnerability [CVE-2016-0174](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0174) Liang Yin of Tencent PC Manager working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Information Disclosure Vulnerability [CVE-2016-0175](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0175) Liang Yin of Tencent PC Manager working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability [CVE-2016-0176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0176) Peter Hlavaty of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability [CVE-2016-0176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0176) Daniel King of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Elevation of Privilege Vulnerability [CVE-2016-0196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0196) Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Win32k Elevation of Privilege Vulnerability [CVE-2016-0196](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0196) [Qihoo 360 Vulcan Team](http://www.360.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-062](http://go.microsoft.com/fwlink/?linkid=786923) Defense-in-depth ----------------- Fermin J. Serna
[MS16-061](http://go.microsoft.com/fwlink/?linkid=785871) RPC Network Data Representation Engine Elevation of Privilege Vulnerability [CVE-2016-0178](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0178) Evgeny Kotkov of [VisualSVN](https://www.visualsvn.com/)
[MS16-061](http://go.microsoft.com/fwlink/?linkid=785871) RPC Network Data Representation Engine Elevation of Privilege Vulnerability [CVE-2016-0178](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0178) Ivan Zhakov of [VisualSVN](https://www.visualsvn.com/)
[MS16-060](http://go.microsoft.com/fwlink/?linkid=785239) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-0180](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0180) Loren Robinson of [CrowdStrike, Inc.](http://www.crowdstrike.com/)
[MS16-060](http://go.microsoft.com/fwlink/?linkid=785239) Windows Kernel Elevation of Privilege Vulnerability [CVE-2016-0180](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0180) Alex Ionescu of [CrowdStrike, Inc.](http://www.crowdstrike.com/)
[MS16-059](http://go.microsoft.com/fwlink/?linkid=786468) Windows Media Center Remote Code Execution Vulnerability [CVE-2016-0185](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0185) Eduardo Braun Prado, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-057](http://go.microsoft.com/fwlink/?linkid=786534) Windows Shell Remote Code Execution Vulnerability [CVE-2016-0179](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0179) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-056](http://go.microsoft.com/fwlink/?linkid=786477) Journal Memory Corruption Vulnerability [CVE-2016-0182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0182) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-056](http://go.microsoft.com/fwlink/?linkid=786477) Journal Memory Corruption Vulnerability [CVE-2016-0182](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0182) Bingchang Liu of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) Windows Graphics Component Information Disclosure Vulnerability [CVE-2016-0168](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0168) Mateusz Jurczyk of Google Project Zero
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) Windows Graphics Component Information Disclosure Vulnerability [CVE-2016-0169](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0169) Mateusz Jurczyk of Google Project Zero
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) WIndows Graphics Component RCE vulnerability [CVE-2016-0170](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0170) Mateusz Jurczyk of Google Project Zero
[MS16-055](http://go.microsoft.com/fwlink/?linkid=786471) Direct3D Use After Free RCE Vulnerability [CVE-2016-0184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0184) Henry Li(zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0126) An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0126) Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.com/)
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0140) Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-054](http://go.microsoft.com/fwlink/?linkid=785875) Office Graphics RCE Vulnerability [CVE-2016-0183](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0183) Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-053](http://go.microsoft.com/fwlink/?linkid=786478) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0187](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0187) Kai Kang
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0186](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0186) Brian Pak (cai) from Theori, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0186](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0186) Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0191](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0191) Lokihart working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0192](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0192) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0193](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0193) Zhen Feng, Wen Xu of Tencent KeenLab working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-052](http://go.microsoft.com/fwlink/?linkid=785874) Defense-in-depth ----------------- [Bing Sun](https://www.linkedin.com/in/bing-sun-064a3372) Intel Security Group
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0187](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0187) Kai Kang
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0192](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0192) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) Internet Explorer Information Disclosure Vulnerability [CVE-2016-0194](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0194) Thomas Vanhoutte, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-051](http://go.microsoft.com/fwlink/?linkid=785873) Defense-in-depth ----------------- Zhang Yunhai of [NSFOCUS](http://www.nsfocus.com/)
**April 2016**
[MS16-049](http://go.microsoft.com/fwlink/?linkid=746932) HTTP.sys Denial of Service Vulnerability [CVE-2016-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0150) Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-049](http://go.microsoft.com/fwlink/?linkid=746932) HTTP.sys Denial of Service Vulnerability [CVE-2016-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0150) Noam Mazor of [Imperva](http://www.imperva.com/)
[MS16-048](http://go.microsoft.com/fwlink/?linkid=746886) Windows CSRSS Security Feature Bypass Vulnerability [CVE-2016-0151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0151) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-047](http://go.microsoft.com/fwlink/?linkid=746885) Windows RPC Downgrade Vulnerability [CVE-2016-0128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0128) This vulnerability was discovered and researched by Stefan Metzmacher of [SAMBA+](https://samba.plus/) and the [Samba Team](https://www.samba.org/), which also helped design a fix for the problem. For more information about the vulnerability named “BADLOCK,” see [Badlock Bug](http://badlock.org/).
[MS16-046](http://go.microsoft.com/fwlink/?linkid=746896) Secondary Logon Elevation of Privilege Vulnerability [CVE-2016-0135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0135) Tenable Network Security
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) Hyper-V Remote Code Execution Vulnerability [CVE-2016-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0088) Kostya Kortchinsky of the Google Security Team
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) Hyper-V Remote Code Execution Vulnerability [CVE-2016-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0088) Thomas Garnier
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) Hyper-V Information Disclosure vulnerability [CVE-2016-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0089) Kostya Kortchinsky of the Google Security Team
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) Hyper-V Information Disclosure vulnerability [CVE-2016-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0089) Thomas Garnier
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) Hyper-V Information Disclosure vulnerability [CVE-2016-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0090) Kostya Kortchinsky of the Google Security Team
[MS16-045](http://go.microsoft.com/fwlink/?linkid=733440) Hyper-V Information Disclosure vulnerability [CVE-2016-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0090) Thomas Garnier
[MS16-044](http://go.microsoft.com/fwlink/?linkid=747040) Windows OLE Remote Code Execution Vulnerability [CVE-2016-0153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0153) [Debasish Mandal](https://twitter.com/debasishm89) of the [Intel Security](http://www.intelsecurity.com/) IPS Vulnerability Research Team
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0122) Sébastien Morin of [COSIG](https://smsecurity.net/)
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0127) Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0136) Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-042](http://go.microsoft.com/fwlink/?linkid=746928) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0139) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-041](http://go.microsoft.com/fwlink/?linkid=746929) .NET Framework Remote Code Execution Vulnerability [CVE-2016-0148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0148) Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-041](http://go.microsoft.com/fwlink/?linkid=746929) .NET Framework Remote Code Execution Vulnerability [CVE-2016-0148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0148) rgod, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS16-040](http://go.microsoft.com/fwlink/?linkid=746897) MSXML 3.0 Remote Code Execution Vulnerability [CVE-2016-0147](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0147) Nicolas Grégoire of [Agarri](http://www.agarri.fr/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) Win32k Elevation of Privilege Vulnerability [CVE-2016-0143](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0143) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) Graphics Memory Corruption Vulnerability [CVE-2016-0145](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0145) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) Win32k Elevation of Privilege Vulnerability [CVE-2016-0165](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0165) [Kaspersky Lab](http://www.kaspersky.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) Win32k Elevation of Privilege Vulnerability [CVE-2016-0167](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0167) Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-039](http://go.microsoft.com/fwlink/?linkid=746883) Defense-in-depth ----------------- [Richard Shupak](https://www.linkedin.com/in/rshupak)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0154) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0155) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0156) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0156) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0157](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0157) d81b2a7b317c035a8da11d63122964c2, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Edge Elevation of Privilege Vulnerability [CVE-2016-0158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0158) lokihardt, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-038](http://go.microsoft.com/fwlink/?linkid=746894) Microsoft Edge Information Disclosure Vulnerability [CVE-2016-0161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0161) QianWen Xiang of Tencent QQBrowser
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0154) Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0159) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) DLL Loading Remote Code Execution Vulnerability [CVE-2016-0160](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0160) [Sandro Poppi](https://spoppi.wordpress.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) Internet Explorer Information Disclosure Vulnerability [CVE-2016-0162](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0162) Ladislav Janko, working with [ESET](http://www.eset.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0164](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0164) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-037](http://go.microsoft.com/fwlink/?linkid=746891) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0166](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0166) Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[3152550](https://technet.microsoft.com/library/security/3152550.aspx) N/A N/A Marc Newlin of the Bastille Threat Research Team
**March 2016**
[MS16-035](http://go.microsoft.com/fwlink/?linkid=730728) .NET XML Validation Security Feature Bypass [CVE-2016-0132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0132) [Anders Abel](https://coding.abel.nu/) of [Kentor](http://www.kentor.se/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) Win32k Elevation of Privilege Vulnerability [CVE-2016-0093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0093) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) Win32k Elevation of Privilege Vulnerability [CVE-2016-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0094) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) Win32k Elevation of Privilege Vulnerability [CVE-2016-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0095) Jueming of [Security Threat Information Center](http://security.alibaba.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) Win32k Elevation of Privilege Vulnerability [CVE-2016-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0095) bee13oy of CloverSec Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-034](http://go.microsoft.com/fwlink/?linkid=733469) Win32k Elevation of Privilege Vulnerability [CVE-2016-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0096) [fanxiaocao](http://weibo.com/cdutboy) and [pjf](http://weibo.com/jfpan) of IceSword Lab, [Qihoo 360](http://www.360.cn/)
[MS16-033](http://go.microsoft.com/fwlink/?linkid=733468) USB Mass Storage Elevation of Privilege Vulnerability [CVE-2016-0133](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0133) Andy Davis, [NCC Group](https://www.nccgroup.trust/us/)
[MS16-032](http://go.microsoft.com/fwlink/?linkid=733467) Secondary Logon Elevation of Privilege Vulnerability [CVE-2016-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0099) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-031](http://go.microsoft.com/fwlink/?linkid=733466) Windows Elevation of Privilege Vulnerability [CVE-2016-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0087) Meysam Firozi @[R00tkitSmm](https://twitter.com/r00tkitsmm)
[MS16-030](http://go.microsoft.com/fwlink/?linkid=733465) Windows OLE Memory Remote Code Execution Vulnerability [CVE-2016-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0091) Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-030](http://go.microsoft.com/fwlink/?linkid=733465) Windows OLE Memory Remote Code Execution Vulnerability [CVE-2016-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0092) Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0021) Richard Warren of [NCC Group](https://www.nccgroup.trust/us/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) Microsoft Security Feature Bypass Vulnerability [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) Eric Clausing of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) Microsoft Security Feature Bypass Vulnerability [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) Ulf Loesche of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) Microsoft Security Feature Bypass Vulnerability [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) Maik Morgenstern of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) Microsoft Security Feature Bypass Vulnerability [CVE-2016-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0057) Andreas Marx of [AV-TEST GmbH](https://www.av-test.org/)
[MS16-029](http://go.microsoft.com/fwlink/?linkid=733083) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0134) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0102) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-028](http://go.microsoft.com/fwlink/?linkid=733419) Windows Remote Code Execution Vulnerability [CVE-2016-0117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0117) Mark Yason, IBM X-Force
[MS16-028](http://go.microsoft.com/fwlink/?linkid=733419) Windows Remote Code Execution Vulnerability [CVE-2016-0118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0118) Jaanus Kp Clarified Security, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-027](http://go.microsoft.com/fwlink/?linkid=733470) Windows Media Parsing Remote Code Execution Vulnerability [CVE-2016-0101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0101) [Bruno Martinez](mailto:bruno.uy@gmail.com)
[MS16-026](http://go.microsoft.com/fwlink/?linkid=733471) OpenType Font Parsing Vulnerability [CVE-2016-0120](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0120) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-026](http://go.microsoft.com/fwlink/?linkid=733471) OpenType Font Parsing Vulnerability [CVE-2016-0121](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0121) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS16-025](http://go.microsoft.com/fwlink/?linkid=733940) Library Loading Input Validation Remote Code Execution Vulnerability [CVE-2016-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0100) Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0102) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0105) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0109) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0110) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0116](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0116) The Microsoft ChakraCore Team
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0123) d81b2a7b317c035a8da11d63122964c2, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0124](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0124) 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Information Disclosure Vulnerability [CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125) Richard Shupak
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Information Disclosure Vulnerability [CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125) [Hariram Balasundaram](https://www.linkedin.com/in/hariramb)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Information Disclosure Vulnerability [CVE-2016-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0125) [Yashvier Kosaraju](https://www.linkedin.com/in/yashvier)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0129](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0129) The Microsoft ChakraCore Team
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0130) The Microsoft ChakraCore Team
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Defense-in-depth ----------------- 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-024](http://go.microsoft.com/fwlink/?linkid=733246) Defense-in-depth ----------------- Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0103) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0104) Li Kemeng of the [Baidu Security Lab](http://xlab.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0105) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0106](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0106) sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107) Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0107) [Tigonlab](http://www.tigonlab.org/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0108](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0108) Abhishek Arya and Martin Barbella, working with [Google Project Zero](http://www.google.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0109) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0110) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111) Abhishek Arya working with [Google Project Zero](http://www.google.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0111) Martin Barbella, working with [Google Project Zero](http://www.google.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0112) sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0112) 0011, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0113) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0114](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0114) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-023](http://go.microsoft.com/fwlink/?linkid=733245) Defense-in-depth ----------------- Simon Zuckerbraun working with [HP’s](http://www.hpenterprisesecurity.com/products)[Zero Day Initiative](http://www.zerodayinitiative.com/)
**February 2016**
[MS16-018](http://go.microsoft.com/fwlink/?linkid=722617) Win32k Elevation of Privilege Vulnerability [CVE-2016-0048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0048) [fanxiaocao](http://weibo.com/cdutboy) and [pjf](http://weibo.com/jfpan) of [Qihoo 360](http://www.360.cn/)
[MS16-016](http://go.microsoft.com/fwlink/?linkid=722536) WebDAV Elevation of Privilege Vulnerability [CVE-2016-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0051) [Tamás Koczka](https://twitter.com/koczkatamas) of [Tresorit](http://www.tresorit.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0022) Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0052) Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0053) Lucas Leong of [Trend Micro](http://www.trendmicro.com/)
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0055) Kai Lu of Fortinet’s FortiGuard Labs
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0056) An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team
[MS16-015](http://go.microsoft.com/fwlink/?linkid=722214) Microsoft SharePoint XSS Vulnerability [CVE-2016-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0039) Hadji Samir of [Evolution Security GmbH](http://www.evolution-sec.com/) (Vulnerability Lab)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows Elevation of Privilege Vulnerability [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) Meysam Firozi [@R00tkitSmm](https://twitter.com/r00tkitsmm)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows Elevation of Privilege Vulnerability [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) Su Yong Kim of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows Elevation of Privilege Vulnerability [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) Taesoo Kim of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows Elevation of Privilege Vulnerability [CVE-2016-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0040) Byoungyoung Lee of SSLab, [Georgia Institute of Technology](https://sslab.gtisc.gatech.edu/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) DLL Loading Remote Code Execution Vulnerability [CVE-2016-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0041) Greg Linares, working with [CyberPoint SRT](http://cyberpointllc.com/srt)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) DLL Loading Remote Code Execution Vulnerability [CVE-2016-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0041) Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows DLL Loading Remote Code Execution Vulnerability [CVE-2016-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0042) Richard Warren of [NCC Group](https://www.nccgroup.trust/us/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows Kerberos Security Feature Bypass [CVE-2016-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0049) Vulnerability discovered by [Nabeel Ahmed](https://twitter.com/nabeelahmedbe) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-014](http://go.microsoft.com/fwlink/?linkid=722215) Windows Kerberos Security Feature Bypass [CVE-2016-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0049) Vulnerability discovered by [Tom Gilis](https://twitter.com/tgilis) of [Dimension Data](http://www.dimensiondata.com/)
[MS16-013](http://go.microsoft.com/fwlink/?linkid=722340) Windows Journal Memory Corruption Vulnerability [CVE-2016-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0038) Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-012](http://go.microsoft.com/fwlink/?linkid=623622) Microsoft Windows Reader Vulnerability [CVE-2016-0046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0046) Jaanus Kp Clarified Security, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-012](http://go.microsoft.com/fwlink/?linkid=623622) Microsoft PDF Library Buffer Overflow Vulnerability [CVE-2016-0058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0058) Atte Kettunen of [OUSPG](https://www.ee.oulu.fi/research/ouspg/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0060) 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0061) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0062) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-011](http://go.microsoft.com/fwlink/?linkid=722213) Microsoft Edge ASLR Bypass [CVE-2016-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0080) Zhang Yunhai of [NSFOCUS](http://www.nsfocus.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Information Disclosure Vulnerability [CVE-2016-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0059) Kai Lu of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Information Disclosure Vulnerability [CVE-2016-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0059) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0060) 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0061) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Microsoft Browser Memory Corruption Vulnerability [CVE-2016-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0062) Zheng Huang of the [Baidu Security Lab](http://xteam.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0063) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0064) Jack Tang of [Trend Micro](http://trendmicro.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Elevation of Privilege Vulnerability [CVE-2016-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0068) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Elevation of Privilege Vulnerability [CVE-2016-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0069) Yosuke HASEGAWA of Secure Sky Technology Inc.
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0071) Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Internet Explorer Memory Corruption Vulnerability [CVE-2016-0072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0072) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-009](http://go.microsoft.com/fwlink/?linkid=722212) Microsoft Browser Spoofing Vulnerability [CVE-2016-0077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0077) [Kacper Rybczyński](https://twitter.com/kacperybczynski)
[3137909](https://technet.microsoft.com/library/security/3137909.aspx) N/A N/A [Michael Reizelman](https://www.facebook.com/michael.reizelman)
**January 2016**
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) Microsoft Exchange Spoofing Vulnerability [CVE-2016-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0029) Abdulrahman Alqabandi
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) Microsoft Exchange Spoofing Vulnerability [CVE-2016-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0030) Alexandru Coltuneac
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) Microsoft Exchange Spoofing Vulnerability [CVE-2016-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0031) [Nirmal Kirubakaran](https://www.linkedin.com/in/nirmalkirubakaran), Individual
[MS16-010](http://go.microsoft.com/fwlink/?linkid=717997) Microsoft Exchange Spoofing Vulnerability [CVE-2016-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0032) Ysrael Gurt of [BugSec](http://bughunting.gurt.co.il/)
[MS16-008](http://go.microsoft.com/fwlink/?linkid=718007) Windows Mount Point Elevation of Privilege Vulnerability [CVE-2016-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0006) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-008](http://go.microsoft.com/fwlink/?linkid=718007) Windows Mount Point Elevation of Privilege Vulnerability [CVE-2016-0007](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0007) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) DLL Loading Elevation of Privilege Vulnerability [CVE-2016-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0014) Stefan Kanthak of [Me, myself & IT](http://home.arcor.de/skanthak/safer.html)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) Windows DirectShow Heap Corruption RCE vulnerability [CVE-2016-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0015) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) Windows Library Loading Remote Code Execution Vulnerability [CVE-2016-0016](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0016) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) Windows Library Loading Remote Code Execution Vulnerability [CVE-2016-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0018) [parvez@greyhathacker.net](https://technet.microsoft.com/en-us/mailto:parvez@greyhathacker.net)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) Windows Library Loading Remote Code Execution Vulnerability [CVE-2016-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0018) [Debasish Mandal](https://twitter.com/debasishm89) of the [Intel Security](http://www.intelsecurity.com/) IPS Vulnerability Research Team
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) Windows Remote Desktop Protocol Security Bypass Vulnerability [CVE-2016-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0019) Gal Goldshtein of [Citadel](http://citadel.co.il/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) Windows Remote Desktop Protocol Security Bypass Vulnerability [CVE-2016-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0019) Viktor Minin of [Citadel](http://citadel.co.il/)
[MS16-007](http://go.microsoft.com/fwlink/?linkid=718006) MAPI LoadLibrary EoP Vulnerability [CVE-2016-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0020) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-006](http://go.microsoft.com/fwlink/?linkid=717994) Silverlight Runtime Remote Code Execution Vulnerability [CVE-2016-0034](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0034) Anton Ivanov and Costin Raiu of [Kaspersky Lab](http://www.kaspersky.com/)
[MS16-005](http://go.microsoft.com/fwlink/?linkid=718001) Windows GDI32.dll ASLR Bypass Vulnerability [CVE-2016-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0008) Steven Seeley of [Source Incite](http://srcincite.io/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-005](http://go.microsoft.com/fwlink/?linkid=718001) Win32k Remote Code Execution Vulnerability [CVE-2016-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0009) Kerem Gümrükcü
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0010) Kai Lu of Fortinet’s FortiGuard Labs
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) ASLR bypass vulnerability [CVE-2016-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0012) IBM X-Forcer researcher Tom Kahana
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) ASLR bypass vulnerability [CVE-2016-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0012) IBM X-Forcer researcher Elad Menahem
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) Microsoft SharePoint Security Feature Bypass Vulnerability [CVE-2015-6117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6117) Jonas Nilsson of [Disruptive Innovations AB](http://www.disruptivei.com/)
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) Microsoft Office Memory Corruption Vulnerability [CVE-2016-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0035) Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-003](http://go.microsoft.com/fwlink/?linkid=718004) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0002](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0002) Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003) 003, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) Microsoft Edge Memory Corruption Vulnerability [CVE-2016-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0024) CESG
[MS16-001](http://go.microsoft.com/fwlink/?linkid=717999) Scripting Engine Memory Corruption Vulnerability [CVE-2016-0002](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0002) Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS16-004](http://go.microsoft.com/fwlink/?linkid=717998) Defense-in-depth ----------------- Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS16-002](http://go.microsoft.com/fwlink/?linkid=718002) Defense-in-depth ----------------- Wenbin Zheng of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS16-001](http://go.microsoft.com/fwlink/?linkid=717999) Defense-in-depth ----------------- Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/)
[3109853](https://technet.microsoft.com/library/security/3109853.aspx) Defense-in-depth ----------------- Thanks to Patrick Donahue, [CloudFlare](https://www.cloudflare.com/), for assistance in identifying the issue.
[3109853](https://technet.microsoft.com/library/security/3109853.aspx) Defense-in-depth ----------------- Thanks to Jeremiah Cohick, [Fitbit](https://www.fitbit.com/), for assistance in identifying the issue.
[3109853](https://technet.microsoft.com/library/security/3109853.aspx) Defense-in-depth ----------------- Thanks to Aaron Coleman, [Fitabase](https://www.fitabase.com/), for assistance in identifying the issue.