Acknowledgments – 2016

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID Vulnerability Title CVE ID Acknowledgment
December 2016
MS16-153 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-7295 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-151 Win32k Elevation of Privilege Vulnerability CVE-2016-7259 Behzad Najjarpour Jabbari, Secunia Research at Flexera Software
MS16-151 Win32k Elevation of Privilege Vulnerability CVE-2016-7259 Sébastien Renaud of Quarkslab
MS16-151 Win32k Elevation of Privilege Vulnerability CVE-2016-7259 Richard Le Dé of Quarkslab
MS16-151 Win32k Elevation of Privilege Vulnerability CVE-2016-7260 Jfpan of IceSword Lab, Qihoo 360
MS16-151 Win32k Elevation of Privilege Vulnerability CVE-2016-7260 Fanxiaocao of IceSword Lab, Qihoo 360
MS16-149 Windows Crypto Driver Information Disclosure Vulnerability CVE-2016-7219 Taesoo Kim of SSLab, Georgia Institue of Technology
MS16-149 Windows Crypto Driver Information Disclosure Vulnerability CVE-2016-7219 Su Yong Kim of SSLab, Georgia Institue of Technology
MS16-149 Windows Crypto Driver Information Disclosure Vulnerability CVE-2016-7219 Sangho Lee of SSLab, Georgia Institue of Technology
MS16-149 Windows Crypto Driver Information Disclosure Vulnerability CVE-2016-7219 Byoungyoung Lee of SSLab, Georgia Institue of Technology
MS16-149 Windows Installer Elevation of Privilege Vulnerability CVE-2016-7292 Thomas Vanhoutte (@SandboxEscaper)
MS16-148 Windows GDI Information Disclosure Vulnerability CVE-2016-7257 Steven Vittitoe of Google Project Zero
MS16-148 Microsoft Office Security Feature Bypass Vulnerability CVE-2016-7262 Iliyan Velikov of PwC UK
MS16-148 Microsoft Office Memory Corruption Vulnerability CVE-2016-7263 JChen of Palo Alto Networks
MS16-148 Microsoft Office Information Disclosure Vulnerability CVE-2016-7264 @j00sean
MS16-148 Microsoft Office Information Disclosure Vulnerability CVE-2016-7265 Steven Seeley of Source Incite
MS16-148 Microsoft Office Security Feature Bypass Vulnerability CVE-2016-7266 Robert Riskin
MS16-148 Microsoft Office Security Feature Bypass Vulnerability CVE-2016-7267 Haifei Li of Intel Security
MS16-148 Microsoft Office Information Disclosure Vulnerability CVE-2016-7268 @j00sean
MS16-148 Microsoft Office OLE DLL Side Loading Vulnerability CVE-2016-7275 Weibo Wang of Qihoo 360 Skyeye Labs
MS16-148 Microsoft Office Information Disclosure Vulnerability CVE-2016-7276 Steven Vittitoe of Google Project Zero
MS16-148 Microsoft Office Memory Corruption Vulnerability CVE-2016-7277 Jaanus Kääp of Clarified Security
MS16-148 Microsoft Office Memory Corruption Vulnerability CVE-2016-7289 Peixue Li of Fortinet’s FortiGuard Labs
MS16-148 Microsoft Office Information Disclosure Vulnerability CVE-2016-7290 Steven Seeley of Source Incite
MS16-148 Microsoft Office Information Disclosure Vulnerability CVE-2016-7291 Steven Seeley of Source Incite
MS16-148 Defense-in-depth ------------------- Steven Seeley of Source Incite
MS16-148 Defense-in-depth ------------------- @j00sean
MS16-147 Windows Uniscribe Remote Code Execution Vulnerability CVE-2016-7274 Hossein Lotfi, Secunia Research at Flexera Software
MS16-146 Windows GDI Information Disclosure Vulnerability CVE-2016-7257 Steven Vittitoe of Google Project Zero
MS16-146 Windows Graphics Remote Code Execution Vulnerability CVE-2016-7272 Giwan Go of STEALIEN, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-146 Defense-in-depth ------------------- Henry Li (zenhumany) of Trend Micro
MS16-145 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7181 Veit Hailperin (@fenceposterror) of scip AG
MS16-145 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7279 The UK's National Cyber Security Centre (NCSC)
MS16-145 Microsoft Browser Information Disclosure Vulnerability CVE-2016-7280 Masato Kinugawa of Cure53
MS16-145 Scripting Engine Memory Corruption Vulnerability CVE-2016-7286 Natalie Silvanovich of Google Project Zero
MS16-145 Scripting Engine Memory Corruption Vulnerability CVE-2016-7287 Natalie Silvanovich of Google Project Zero
MS16-145 Scripting Engine Memory Corruption Vulnerability CVE-2016-7288 Natalie Silvanovich of Google Project Zero
MS16-145 Scripting Engine Memory Corruption Vulnerability CVE-2016-7296 Linan Hao of Qihoo 360 Vulcan Team working with POC/PwnFest
MS16-145 Scripting Engine Memory Corruption Vulnerability CVE-2016-7297 Lokihart working with POC/PwnFest
MS16-145 Scripting Engine Memory Corruption Vulnerability CVE-2016-7297 Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-144 Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-144 Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 Scott Bell of Security-Assessment.com
MS16-144 Windows Hyperlink Object Library Information Disclosure Vulnerability CVE-2016-7278 Steven Seeley of Source Incite
MS16-144 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7279 The UK's National Cyber Security Centre (NCSC)
MS16-144 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7283 Scott Bell of Security-Assessment.com
MS16-144 Internet Explorer Information Disclosure Vulnerability CVE-2016-7284 Li Kemeng of Baidu Security Lab
MS16-144 Scripting Engine Memory Corruption Vulnerability CVE-2016-7287 Natalie Silvanovich of Google Project Zero
MS16-144 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7293 Tigonlab
November 2016
MS16-142 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7196 Kai Song of Tencent’s Xuanwu LAB
MS16-142 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7198 Liu Long of Qihoo 360
MS16-142 Microsoft Browser Information Disclosure Vulnerability CVE-2016-7227 Masato Kinugawa of Cure53
MS16-142 Microsoft Browser Information Disclosure Vulnerability CVE-2016-7239 Masato Kinugawa via Google VRP
MS16-142 Microsoft Browser Remote Code Execution Vulnerability CVE-2016-7241 Natalie Silvanovich of Google Project Zero
MS16-142 Defense-in-depth ------------------- John Page of ApparitionSec
MS16-139 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-7216 James Forshaw of Google Project Zero
MS16-139 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-7216 Mateusz Jurczyk of Google Project Zero
MS16-138 VHDFS Driver Elevation of Privilege Vulnerability CVE-2016-7223 James Forshaw of Google Project Zero
MS16-138 VHDFS Driver Elevation of Privilege Vulnerability CVE-2016-7224 James Forshaw of Google Project Zero
MS16-138 VHDFS Driver Elevation of Privilege Vulnerability CVE-2016-7225 James Forshaw of Google Project Zero
MS16-138 VHDFS Driver Elevation of Privilege Vulnerability CVE-2016-7226 James Forshaw of Google Project Zero
MS16-137 Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2016-7237 Laurent Gaffie
MS16-136 SQL RDBMS Engine Elevation of Privilege Vulnerability CVE-2016-7250 Scott Sutherland of netSPI
MS16-135 Win32k Information Disclosure Vulnerability CVE-2016-7214 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-135 Win32k Elevation of Privilege Vulnerability CVE-2016-7215 bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-135 Bowser.sys Information Disclosure Vulnerabilty CVE-2016-7218 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-135 Win32k Elevation of Privilege CVE-2016-7246 Anonymous working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-135 Win32k Elevation of Privilege Vulnerability CVE-2016-7255 Neel Mehta of Google’s Threat Analysis Group
MS16-135 Win32k Elevation of Privilege Vulnerability CVE-2016-7255 Billy Leonard of Google’s Threat Analysis Group
MS16-135 Win32k Elevation of Privilege Vulnerability CVE-2016-7255 Feike Hacquebord, of Trend Micro
MS16-135 Win32k Elevation of Privilege Vulnerability CVE-2016-7255 Peter Pi of Trend Micro
MS16-135 Win32k Elevation of Privilege Vulnerability CVE-2016-7255 Brooks Li of Trend Micro
MS16-134 Windows CLFS Elevation of Privilege CVE-2016-0026 Daniel King, KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3332 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3333 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3334 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3334 Daniel King, KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3335 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3338 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3340 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3342 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2016-3343 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-134 Windows CLFS Elevation of Privilege CVE-2016-7184 Daniel King, KeenLab, Tencent
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7213 JChen of Palo Alto Networks
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7228 JChen of Palo Alto Networks
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7229 JChen of Palo Alto Networks
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7230 Steven Vittitoe of Google Project Zero
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7231 JChen of Palo Alto Networks
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7232 Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7232 Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Information Disclosure Vulnerability CVE-2016-7233 Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Information Disclosure Vulnerability CVE-2016-7233 Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7234 Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7234 Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7235 Rocco Calvi of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7235 Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7236 Steven Seeley of Source Incite working with VeriSign iDefense Labs
MS16-133 Microsoft Office Denial of Service Vulnerability CVE-2016-7244 Dmitri Kaslov, Independent Security Researcher
MS16-133 Microsoft Office Memory Corruption Vulnerability CVE-2016-7245 Haifei Li of Intel Security
MS16-132 Windows Animation Manager Memory Corruption Vulnerability CVE-2016-7205 Scott Bell of Security-Assessment.com
MS16-132 Windows Animation Manager Memory Corruption Vulnerability CVE-2016-7205 Kai Song of Tencent’s Xuanwu LAB
MS16-132 Windows Animation Manager Memory Corruption Vulnerability CVE-2016-7205 SkyLined working with VeriSign iDefense Labs
MS16-132 Open Type Font Information Disclosure Vulnerability CVE-2016-7210 Hossein Lotfi, Secunia Research at Flexera Software
MS16-132 Media Foundation Memory Corruption Vulnerability CVE-2016-7217 Liu Long of Qihoo 360
MS16-132 Open Type Font Elevation of Privilege Vulnerability CVE-2016-7256 Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA)
MS16-132 Defense-in-Depth ------------------- Bing Sun of Intel Security Group
MS16-130 Windows Remote Code Execution Vulnerability CVE-2016-7212 Aral Yaman of Noser Engineering AG
MS16-130 Windows IME Elevation of Privilege Vulnerability CVE-2016-7221 Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc.
MS16-130 Task Scheduler Elevation of Privilege Vulnerability CVE-2016-7222 Shanti Lindström Individual
MS16-129 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7195 Kai Song of Tencent’s Xuanwu LAB
MS16-129 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7196 Kai Song of Tencent’s Xuanwu LAB
MS16-129 Microsoft Browser Memory Corruption Vulnerability CVE-2016-7198 Liu Long of Qihoo 360
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7200 Natalie Silvanovich of Google Project Zero
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7200 Qixun Zhao of Qihoo 360 Skyeye Labs
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7201 Natalie Silvanovich of Google Project Zero
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 Li Kemeng of Baidu Security Lab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 Natalie Silvanovich of Google Project Zero
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7202 Scott Bell of Security-Assessment.com
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7203 Natalie Silvanovich of Google Project Zero
MS16-129 Microsoft Edge Information Disclosure Vulnerability CVE-2016-7204 Abdulrahman Alqabandi (@qab)
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7208 Microsoft ChakraCore Team
MS16-129 Microsoft Browser Information Disclosure Vulnerability CVE-2016-7227 Masato Kinugawa of Cure53
MS16-129 Microsoft Browser Information Disclosure Vulnerability CVE-2016-7239 Masato Kinugawa via Google VRP
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7240 Natalie Silvanovich of Google Project Zero
MS16-129 Microsoft Browser Remote Code Execution Vulnerability CVE-2016-7241 Natalie Silvanovich of Google Project Zero
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7242 Qixun Zhao of Qihoo 360 Skyeye Labs
MS16-129 Scripting Engine Memory Corruption Vulnerability CVE-2016-7243 Nicolas Joly of MSRCE UK
October 2016
MS16-126 Internet Explorer Information Disclosure Vulnerability CVE-2016-3298 Will Metcalf and Kafeine of Proofpoint
MS16-125 Windows Diagnostics Hub Elevation of Privilege CVE-2016-7188 James Forshaw of Google Project Zero
MS16-124 Windows Kernel Local Elevation of Privilege CVE-2016-0070 Fortinet’s FortiGuard Labs
MS16-124 Windows Kernel Local Elevation of Privilege CVE-2016-0070 James Forshaw of Google Project Zero
MS16-124 Windows Kernel Local Elevation of Privilege CVE-2016-0070 Mateusz Jurczyk of Google Project Zero
MS16-124 Windows Kernel Local Elevation of Privilege CVE-2016-0073 James Forshaw of Google Project Zero
MS16-124 Windows Kernel Local Elevation of Privilege CVE-2016-0075 James Forshaw of Google Project Zero
MS16-124 Windows Kernel Local Elevation of Privilege CVE-2016-0079 James Forshaw of Google Project Zero
MS16-123 Win32k Elevation of Privilege Vulnerability CVE-2016-3266 pgboy, zhong_sf of Qihoo 360 Vulcan Team
MS16-123 Windows Transaction Manager Elevation of Privilege Vulnerability CVE-2016-3341 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS16-123 Windows Kernel Elevation of Privilege vulnerability CVE-2016-3376 Mateusz Jurczyk of Google Project Zero
MS16-123 Windows Kernel Elevation of Privilege vulnerability CVE-2016-3376 James Forshaw of Google Project Zero
MS16-123 Windows Kernel Driver Local Elevation of Privilege CVE-2016-7185 James Forshaw of Google Project Zero
MS16-123 Win32k Elevation of Privilege Vulnerability CVE-2016-7211 fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360
MS16-121 Microsoft Office Memory Corruption Vulnerability CVE-2016-7193 Austrian MilCERT
MS16-120 True Type Font Parsing Information Disclosure Vulnerability CVE-2016-3209 Mateusz Jurczyk of Google Project Zero
MS16-120 GDI+ Information Disclosure Vulnerability CVE-2016-3262 Mateusz Jurczyk of Google Project Zero
MS16-120 GDI+ Information Disclosure Vulnerability CVE-2016-3263 Mateusz Jurczyk of Google Project Zero
MS16-120 Win32k Elevation of Privilege Vulnerability CVE-2016-3270 pgboy, zhong_sf of Qihoo 360 Vulcan Team
MS16-120 Windows Graphics Component RCE Vulnerability CVE-2016-3393 Anton Ivanov of Kaspersky Lab
MS16-120 True Type Font Parsing Elevation of Privilege Vulnerability CVE-2016-7182 Mateusz Jurczyk of Google Project Zero
MS16-119 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3267 Wenxiang Qian of Tencent QQBrowser
MS16-119 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3331 Zheng Huang of the Baidu Security Lab
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-3382 Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-3386 Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-3386 Natalie Silvanovich of Google Project Zero
MS16-119 Microsoft Browser Elevation of Privilege Vulnerability CVE-2016-3387 James Forshaw of Google Project Zero
MS16-119 Microsoft Browser Elevation of Privilege Vulnerability CVE-2016-3388 James Forshaw of Google Project Zero
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-3389 Microsoft ChakraCore Team
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-3390 Microsoft ChakraCore Team
MS16-119 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Stefaan Truijen, working with NVISO
MS16-119 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Adrian Toma, working with NVISO (internship)
MS16-119 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Daan Raman, working with NVISO
MS16-119 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Arne Swinnen working with NVISO
MS16-119 Microsoft Browser Security Feature Bypass CVE-2016-3392 Xiaoyin Liu
MS16-119 Scripting Engine Information Disclosure Vulnerability CVE-2016-7189 Natalie Silvanovich of Google Project Zero
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-7190 Natalie Silvanovich of Google Project Zero
MS16-119 Scripting Engine Memory Corruption Vulnerability CVE-2016-7194 Natalie Silvanovich of Google Project Zero
MS16-119 ------------------- ------------------- Andrew Wesie (awesie) from Theori
MS16-118 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3267 Wenxiang Qian of Tencent QQBrowser
MS16-118 Internet Explorer Information Disclosure Vulnerability CVE-2016-3298 Will Metcalf and Kafeine of Proofpoint
MS16-118 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3331 Zheng Huang of the Baidu Security Lab
MS16-118 Scripting Engine Memory Corruption Vulnerability CVE-2016-3382 Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-118 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3383 0011, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-118 Internet Explorer Memory Corruption Vulnerability CVE-2016-3384 62600BCA031B9EB5CB4A74ADDDD6771E, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-118 Scripting Engine Memory Corruption Vulnerability CVE-2016-3385 Jaehun Jeong (n3sk), of WINS, WSEC Analysis Team, working with VeriSign iDefense Labs
MS16-118 Microsoft Browser Elevation of Privilege Vulnerability CVE-2016-3387 James Forshaw of Google Project Zero
MS16-118 Microsoft Browser Elevation of Privilege Vulnerability CVE-2016-3388 James Forshaw of Google Project Zero
MS16-118 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Stefaan Truijen, working with NVISO
MS16-118 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Adrian Toma, working with NVISO (internship)
MS16-118 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Daan Raman, working with NVISO
MS16-118 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3391 Arne Swinnen working with NVISO
------------------- Defense-in-depth ------------------- James Forshaw of Google Project Zero
September 2016
MS16-116 Scripting Engine Memory Corruption Vulnerability CVE-2016-3376 An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-116 Scripting Engine Memory Corruption Vulnerability CVE-2016-3375 Yuki Chen of Qihoo 360 Vulcan Team
MS16-115 PDF Library Information Disclosure Vulnerability CVE-2016-3370 Ke Liu of Tencent’s Xuanwu Lab
MS16-115 PDF Library Information Disclosure Vulnerability CVE-2016-3374 Roberto Suggi Liverani (@malerisch) of malerisch.net
MS16-115 PDF Library Information Disclosure Vulnerability CVE-2016-3374 Steven Seeley of Source Incite
MS16-114 Windows SMB Authenticated Remote Code Execution Vulnerability CVE-2016-3345 Alexander Ovchinnikov of Tuxera Inc
MS16-114 Windows SMB Authenticated Remote Code Execution Vulnerability CVE-2016-3345 Oleg Kravtsov of Tuxera Inc
MS16-112 Windows Lock Screen Elevation of Privilege Vulnerability CVE-2016-3302 Auri A. Rahimzadeh of Auri’s Ideas
MS16-111 Windows Session Object Elevation of Privilege Vulnerability CVE-2016-3305 The Citrix Product Security Team
MS16-111 Windows Session Object Elevation of Privilege Vulnerability CVE-2016-3306 The Citrix Product Security Team
MS16-111 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-3371 James Forshaw of Google Project Zero
MS16-111 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-3372 Marcin Wiazowski, individual
MS16-111 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-3373 James Forshaw of Google Project Zero
MS16-110 Windows Denial of Service Vulnerability CVE-2016-3369 Piotr Bania of Cisco Talos
MS16-110 Windows Remote Code Execution Vulnerability CVE-2016-3368 Jonathan Brown of VMware, Inc
MS16-108 Defense-in-depth ------------------- John Page of ApparitionSec
MS16-108 Microsoft Exchange Information Disclosure Vulnerability CVE-2016-0138 Bassel Rachid of DH Corporation
MS16-108 Microsoft Exchange Information Disclosure Vulnerability CVE-2016-0138 Lucie Brochu of DH Corporation
MS16-108 Microsoft Exchange Open Redirect Vulnerability CVE-2016-3378 John Page of ApparitionSec
MS16-108 Microsoft Exchange Elevation of Privilege Vulnerability CVE-2016-3379 Adrian Ivascu
MS16-107 Microsoft APP-V ASLR Bypass CVE-2016-0137 Udi Yavo of enSilo
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3357 Steven Vittitoe of Google Project Zero
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3358 Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3359 Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3361 Steven Seeley of Source Incite
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3362 Steven Seeley of Source Incite
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3363 Steven Seeley of Source Incite
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3364 Eduardo Braun Prado
MS16-107 Microsoft Office Memory Corruption Vulnerability CVE-2016-3365 Steven Seeley of Source Incite, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-107 Microsoft Office Spoofing Vulnerability CVE-2016-3366 Incident Response Team of Certego
MS16-106 Win32k Elevation of Privilege Vulnerability CVE-2016-3348 RanchoIce of the Baidu Security Lab
MS16-106 GDI Information Disclosure Vulnerability CVE-2016-3354 WanderingGlitch of Trend Micro’s Zero Day Initiative (ZDI)
MS16-106 GDI Information Disclosure Vulnerability CVE-2016-3355 Liang Yin of Tencent PC Manager via GeekPwn
MS16-105 Defense-in-depth ------------------- Henry Li (zenhumany) of Trend Micro
MS16-105 Defense-in-depth ------------------- Jun Kokatsu
MS16-105 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3247 SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-105 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3291 Nathaniel Theis (XMPPwocky)
MS16-105 Microsoft Edge Memory Corruption Vulnerability CVE-2016-3294 Shi Ji (@Puzzor) of VARAS@IIE, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-105 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3295 Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-105 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3297 Liu Long of Qihoo 360
MS16-105 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3325 SkyLined
MS16-105 Microsoft Edge Memory Corruption Vulnerability CVE-2016-3330 F4B3CD of STARLAB
MS16-105 Microsoft Edge Memory Corruption Vulnerability CVE-2016-3350 Microsoft ChakraCore Team
MS16-105 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3351 Kafeine, Brooks Li of Trend Micro
MS16-105 Scripting Engine Memory Corruption Vulnerability CVE-2016-3377 Richard Zhu (fluorescence), working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Defense-in-depth ------------------- Jun Kokatsu
MS16-104 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3247 SkyLined, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3291 Nathaniel Theis (XMPPwocky)
MS16-104 Microsoft Browser Elevation of Privilege Vulnerability CVE-2016-3292 Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3295 Garage4Hackers, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3297 Liu Long of Qihoo 360
MS16-104 Internet Explorer Memory Corruption Vulnerability CVE-2016-3324 SkyLined
MS16-104 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3325 SkyLined
MS16-104 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3351 Kafeine, Brooks Li of Trend Micro
MS16-104 Internet Explorer Security Feature Bypass CVE-2016-3353 Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Scripting Engine Memory Corruption Vulnerability CVE-2016-3375 Yuki Chen of Qihoo 360 Vulcan Team
MS16-104 Scripting Engine Memory Corruption Vulnerability CVE-2016-3376 An anonymous researcher, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Scripting Engine Memory Corruption Vulnerability CVE-2016-3375 Simon Zuckerbraun working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-104 Scripting Engine Memory Corruption Vulnerability CVE-2016-3375 Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
------------------- Defense-in-depth ------------------- Fortinet’s FortiGuard Labs
------------------- Defense-in-depth ------------------- Steven Seeley of Source Incite working with iDefense
------------------- Defense-in-depth ------------------- Reno Robert
August 2016
MS16-102 Microsoft PDF Remote Code Execution Vulnerability CVE-2016-3319 Aleksandar Nikolic of Cisco Talos
MS16-101 Kerberos Elevation of Privilege Vulnerability CVE-2016-3237 Nabeel Ahmed of Dimension Data
MS16-099 Microsoft Office Memory Corruption Vulnerability CVE-2016-3313 Jaanus Kaap
MS16-099 Microsoft Office Memory Corruption Vulnerability CVE-2016-3313 Sébastien Morin of COSIG
MS16-099 Microsoft OneNote Information Disclosure Vulnerability CVE-2016-3315 dannywei of Tencent’s Xuanwu Lab
MS16-099 Microsoft Office Memory Corruption Vulnerability CVE-2016-3316 Francis Provencher of COSIG
MS16-099 Microsoft Office Memory Corruption Vulnerability CVE-2016-3317 Dhanesh Kizhakkinan of FireEye Inc
MS16-099 Graphics Component Memory Corruption Vulnerability CVE-2016-3318 Arun Kumar Sharma, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-099 Defense-in-depth ----------------- Jerry Decime of Hewlett Packard Enterprise
MS16-098 Win32k Elevation of Privilege Vulnerability CVE-2016-3308 Peter (Keen) working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-098 Win32k Elevation of Privilege Vulnerability CVE-2016-3308 ZeguangZhao (team509), working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-098 Win32k Elevation of Privilege Vulnerability CVE-2016-3309 bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-098 Win32k Elevation of Privilege Vulnerability CVE-2016-3310 Wayne Low of Fortinet’s Fortiguard Labs
MS16-098 Win32k Elevation of Privilege Vulnerability CVE-2016-3311 pgboy, zhong_sf of Qihoo 360 Vulcan Team
MS16-098 Defense-in-depth ----------------- Martin Lenord
MS16-097 Windows Graphics Component RCE Vulnerability CVE-2016-3301 Mateusz Jurczyk of Google Project Zero
MS16-097 Windows Graphics Component RCE Vulnerability CVE-2016-3303 Mateusz Jurczyk of Google Project Zero
MS16-097 Windows Graphics Component RCE Vulnerability CVE-2016-3304 Mateusz Jurczyk of Google Project Zero
MS16-096 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3289 Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-096 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3293 Kai Song (exp-sky) of Tencent’s Xuanwu LAB
MS16-096 Scripting Engine Memory Corruption Vulnerability CVE-2016-3296 Microsoft ChakraCore Team
MS16-096 Microsoft PDF Remote Code Execution Vulnerability CVE-2016-3319 Aleksandar Nikolic of Cisco Talos
MS16-096 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3322 Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-096 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3326 Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-096 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3327 Soroush Dalili of NCC Group
MS16-096 Microsoft Browser Information Disclosure CVE-2016-3329 Masato Kinugawa of Cure53
MS16-095 Internet Explorer Memory Corruption Vulnerability CVE-2016-3288 Ivan Fratric and Martin Barbella, working with Google Project Zero
MS16-095 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3289 Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-095 Internet Explorer Memory Corruption Vulnerability CVE-2016-3290 Liu Long of Qihoo 360
MS16-095 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3293 Kai Song (exp-sky) of Tencent’s Xuanwu LAB
MS16-095 Internet Explorer Information Disclosure Vulnerability CVE-2016-3321 Yorick Koster of Securify B.V.
MS16-095 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3322 Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-095 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3326 Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-095 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3327 Soroush Dalili of NCC Group
MS16-095 Microsoft Browser Information Disclosure CVE-2016-3329 Masato Kinugawa of Cure53
July 2016
MS16-092 Windows File System Security Feature Bypass Vulnerability CVE-2016-3258 James Forshaw of Google Project Zero
MS16-092 Windows Kernel Information Disclosure Vulnerability CVE-2016-3272 Herbert Bos of Vrije Universiteit Amsterdam
MS16-091 .NET Information Disclosure Vulnerability CVE-2016-3255 Michael Weber, Henrique Arcoverde
NCC Group
MS16-090 Win32k Elevation of Privilege Vulnerability CVE-2016-3249 bee13oy of CloverSec Labs
MS16-090 Win32k Elevation of Privilege Vulnerability CVE-2016-3250 zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-090 GDI Component Information Disclosure Vulnerability CVE-2016-3251 zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-090 Win32k Elevation of Privilege Vulnerability CVE-2016-3252 fanxiaocao (@TinySec), and pjf of IceSword Lab, Qihoo 360
MS16-090 Win32k Elevation of Privilege Vulnerability CVE-2016-3254 zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-090 Microsoft win32k Elevation of Privilege Vulnerability CVE-2016-3286 zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-088 Microsoft Office Memory Corruption Vulnerability CVE-2016-3278 Xiaoning Li of Intel Labs
MS16-088 Microsoft Security Feature Bypass Vulnerability CVE-2016-3279 Haifei Li of Intel Security
MS16-088 Microsoft Office Memory Corruption Vulnerability CVE-2016-3280 Lucas Leong of Trend Micro
MS16-088 Microsoft Office Memory Corruption Vulnerability CVE-2016-3281 Jaanus Kääp of Clarified Security
MS16-088 Microsoft Office Memory Corruption Vulnerability CVE-2016-3282 Jaanus Kääp of Clarified Security
MS16-088 Microsoft Office Memory Corruption Vulnerability CVE-2016-3283 Jaanus Kääp of Clarified Security
MS16-088 Microsoft Office Memory Corruption Vulnerability CVE-2016-3284 Alexey Belyakov, Individual
MS16-087 Microsoft Print Spooler Remote Code Execution Vulnerability CVE-2016-3238 Nicolas Beauchesne of Vectra Networks
MS16-087 Windows Print Spooler Elevation of Privilege CVE-2016-3239 Shanti Lindström, Individual
MS16-085 Microsoft Edge Security Feature Bypass CVE-2016-3244 Zheng Huang of the Baidu Security Lab
MS16-085 Microsoft Edge Security Feature Bypass CVE-2016-3244 Henry Li (zenhumany) of Trend Micro
MS16-085 Microsoft Edge Security Feature Bypass CVE-2016-3244 Kai Song (exp-sky) of Tencent’s Xuanwu LAB
MS16-085 Microsoft Edge Memory Corruption Vulnerability CVE-2016-3246 cc working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-085 Scripting Engine Memory Corruption Vulnerability CVE-2016-3248 Microsoft ChakraCore Team
MS16-085 Scripting Engine Memory Corruption Vulnerability CVE-2016-3259 Jaehun Jeong (n3sk), Individual
MS16-085 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3264 exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-085 Scripting Engine Memory Corruption Vulnerability CVE-2016-3265 Jordan Rabet, Microsoft Offensive Security Research Team
MS16-085 Scripting Engine Memory Corruption Vulnerability CVE-2016-3269 Jordan Rabet, Microsoft Offensive Security Research Team
MS16-085 Scripting Engine Memory Corruption Vulnerability CVE-2016-3271 WanderingGlitch, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-085 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3273 Masato Kinugawa of Cure53
MS16-085 Microsoft Browser Spoofing Vulnerability CVE-2016-3274 Ferenc Lutischán of Magyar Telekom Nyrt
MS16-085 Microsoft Edge Spoofing Vulnerability CVE-2016-3276 Wenxiang Qian of Tencent QQBrowser
MS16-085 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3277 Henry Li (zenhumany) of Trend Micro
MS16-084 Internet Explorer Memory Corruption Vulnerability CVE-2016-3240 Hui Gao of Palo Alto Networks
MS16-084 Internet Explorer Memory Corruption Vulnerability CVE-2016-3241 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-084 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3242 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-084 Internet Explorer Memory Corruption Vulnerability CVE-2016-3243 Zheng Huang of the Baidu Security Lab
MS16-084 Internet Explorer Security Feature Bypass CVE-2016-3245 Masato Kinugawa of Cure53
MS16-084 Scripting Engine Memory Corruption Vulnerability CVE-2016-3259 Jaehun Jeong (n3sk), Individual
MS16-084 Scripting Engine Memory Corruption Vulnerability CVE-2016-3260 Jordan Rabet of Microsoft Offensive Security Research Team
MS16-084 Internet Explorer Information Disclosure Vulnerability CVE-2016-3261 Li Kemeng, Baidu Security Lab
MS16-084 Microsoft Browser Memory Corruption Vulnerability CVE-2016-3264 exp-sky of Tencent’s Xuanwu LAB working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-084 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3273 Masato Kinugawa of Cure53
MS16-084 Microsoft Browser Information Disclosure Vulnerability CVE-2016-3277 Henry Li (zenhumany) of Trend Micro
------------------- Defense-in-depth ------------------- Tao Yan (@Ga1ois) of Palo Alto Networks
June 2016
MS16-081 Active Directory Denial of Service Vulnerability CVE-2016-3226 Ondrej Sevecek of GOPAS
MS16-080 Windows PDF Information Disclosure Vulnerability CVE-2016-3201 Jaanus Kääp of Clarified Security
MS16-080 Windows PDF Remote Code Execution Vulnerability CVE-2016-3203 Ke Liu of Tencent’s Xuanwu Lab
MS16-080 Windows PDF Remote Code Execution Vulnerability CVE-2016-3203 kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-080 Windows PDF Information Disclosure Vulnerability CVE-2016-3215 Ke Liu of Tencent’s Xuanwu Lab
MS16-080 Windows PDF Information Disclosure Vulnerability CVE-2016-3215 kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-079 Microsoft Exchange Information Disclosure Vulnerability CVE-2016-0028 Louis-Paul Dareau of ProcessOut
MS16-078 Windows Diagnostics Hub Elevation of Privilege CVE-2016-3231 lokihardt, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-078 Windows Diagnostics Hub Elevation of Privilege CVE-2016-3231 Qihoo 360 Vulcan Team
MS16-077 WPAD Elevation of Privilege Vulnerability CVE-2016-3213 Moritz Jodeit of Blue Frost Security GmbH
MS16-077 WPAD Elevation of Privilege Vulnerability CVE-2016-3213 Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab
MS16-074 Windows Graphics Component Information Disclosure Vulnerability CVE-2016-3216 Mateusz Jurczyk of Google Project Zero
MS16-074 Win32k Elevation of Privilege Vulnerability CVE-2016-3219 James Forshaw of Google Project Zero
MS16-074 ATMFD.DLL Elevation of Privilege Vulnerability CVE-2016-3220 Mateusz Jurczyk of Google Project Zero
MS16-073 Win32k Elevation of Privilege Vulnerability CVE-2016-3218 zhong_sf and pgboy of Qihoo 360 Vulcan Team
MS16-073 Win32k Elevation of Privilege Vulnerability CVE-2016-3221 RanchoIce of the Baidu Security Lab
MS16-072 Group Policy Elevation of Privilege Vulnerability CVE-2016-3223 NabeelAhmed of Dimension Data
MS16-072 Group Policy Elevation of Privilege Vulnerability CVE-2016-3223 Tom Gilis of Dimension Data
MS16-070 Microsoft Office Memory Corruption Vulnerability CVE-2016-0025 YangKang of 360 QEX Team
MS16-070 Microsoft Office Memory Corruption Vulnerability CVE-2016-3233 David D. Rude II working with iDefense
MS16-070 Microsoft Office Memory Corruption Vulnerability CVE-2016-0025 LiYaDong of 360 QEX Team
MS16-070 Microsoft Office Information Disclosure Vulnerability CVE-2016-3234 Dhanesh Kizhakkinan of FireEye Inc
MS16-070 Microsoft Office OLE DLL Side Loading Vulnerability CVE-2016-3235 Yorick Koster of Securify B.V.
MS16-070 Defense-in-depth ----------------- Danny Wei Wei of Tencent’s Xuanwu Lab
MS16-069 Scripting Engine Memory Corruption Vulnerability CVE-2016-3205 Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-069 Scripting Engine Memory Corruption Vulnerability CVE-2016-3206 Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-069 Scripting Engine Memory Corruption Vulnerability CVE-2016-3207 Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-068 Microsoft Edge Security Feature Bypass CVE-2016-3198 Mario Heiderich of Cure53
MS16-068 Scripting Engine Memory Corruption Vulnerability CVE-2016-3199 lokihardt working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068 Windows PDF Information Disclosure Vulnerability CVE-2016-3201 Jaanus Kääp of Clarified Security
MS16-068 Windows PDF Remote Code Execution Vulnerability CVE-2016-3203 kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068 Scripting Engine Memory Corruption Vulnerability CVE-2016-3214 Jordan Rabet of Microsoft Offensive Security Research Team
MS16-068 Windows PDF Information Disclosure Vulnerability CVE-2016-3215 Ke Liu of Tencent’s Xuanwu Lab
MS16-068 Windows PDF Information Disclosure Vulnerability CVE-2016-3215 kdot working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068 Microsoft Edge Memory Corruption Vulnerability CVE-2016-3222 Shi Ji (@Puzzor) of VARAS@IIE working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-068 Microsoft Edge Memory Corruption Vulnerability CVE-2016-3222 Kai Song (exp-sky) of Tencent’s Xuanwu Lab
MS16-063 Internet Explorer Memory Corruption Vulnerability CVE-2016-0199 SkyLined working with iDefense
MS16-063 Internet Explorer Memory Corruption Vulnerability CVE-2016-0200 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-063 Scripting Engine Memory Corruption Vulnerability CVE-2016-3205 Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-063 Scripting Engine Memory Corruption Vulnerability CVE-2016-3206 Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-063 Scripting Engine Memory Corruption Vulnerability CVE-2016-3207 Tao Yan (@Ga1ois) of Palo Alto Networks
MS16-063 Scripting Engine Memory Corruption Vulnerability CVE-2016-3210 Moritz Jodeit of Blue Frost Security
MS16-063 Internet Explorer Memory Corruption Vulnerability CVE-2016-3211 Ashutosh Mehra working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-063 Internet Explorer XSS Filter Vulnerability CVE-2016-3212 Masato Kinugawa of Cure53
MS16-063 WPAD Elevation of Privilege Vulnerability CVE-2016-3299 Yu Yang (@tombkeeper) of Tencent’s Xuanwu Lab
May 2016
MS16-067 Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability CVE-2016-0190 Sandeep Kumar of Citrix Systems Inc.
MS16-066 Hypervisor Code Integrity Security Feature Bypass CVE-2016-0181 Rafal Wojtczuk of Bromium
MS16-062 Win32k Elevation of Privilege Vulnerability CVE-2016-0171 Nils Sommer of bytegeist, working with Google Project Zero
MS16-062 Win32k Elevation of Privilege Vulnerability CVE-2016-0173 Nils Sommer of bytegeist, working with Google Project Zero
MS16-062 Win32k Elevation of Privilege Vulnerability CVE-2016-0173 Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062 Win32k Elevation of Privilege Vulnerability CVE-2016-0174 Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062 Win32k Information Disclosure Vulnerability CVE-2016-0175 Liang Yin of Tencent PC Manager working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability CVE-2016-0176 Peter Hlavaty of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability CVE-2016-0176 Daniel King of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062 Win32k Elevation of Privilege Vulnerability CVE-2016-0196 Dhanesh Kizhakkinan of FireEye, Inc.
MS16-062 Win32k Elevation of Privilege Vulnerability CVE-2016-0196 Qihoo 360 Vulcan Team, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-062 Defense-in-depth ----------------- Fermin J. Serna
MS16-061 RPC Network Data Representation Engine Elevation of Privilege Vulnerability CVE-2016-0178 Evgeny Kotkov of VisualSVN
MS16-061 RPC Network Data Representation Engine Elevation of Privilege Vulnerability CVE-2016-0178 Ivan Zhakov of VisualSVN
MS16-060 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-0180 Loren Robinson of CrowdStrike, Inc.
MS16-060 Windows Kernel Elevation of Privilege Vulnerability CVE-2016-0180 Alex Ionescu of CrowdStrike, Inc.
MS16-059 Windows Media Center Remote Code Execution Vulnerability CVE-2016-0185 Eduardo Braun Prado, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-057 Windows Shell Remote Code Execution Vulnerability CVE-2016-0179 Shi Ji (@Puzzor) of VARAS@IIE
MS16-056 Journal Memory Corruption Vulnerability CVE-2016-0182 Jason Kratzer, working with VeriSign iDefense Labs
MS16-056 Journal Memory Corruption Vulnerability CVE-2016-0182 Bingchang Liu of VARAS@IIE
MS16-055 Windows Graphics Component Information Disclosure Vulnerability CVE-2016-0168 Mateusz Jurczyk of Google Project Zero
MS16-055 Windows Graphics Component Information Disclosure Vulnerability CVE-2016-0169 Mateusz Jurczyk of Google Project Zero
MS16-055 WIndows Graphics Component RCE vulnerability CVE-2016-0170 Mateusz Jurczyk of Google Project Zero
MS16-055 Direct3D Use After Free RCE Vulnerability CVE-2016-0184 Henry Li(zenhumany) of Trend Micro
MS16-054 Microsoft Office Memory Corruption Vulnerability CVE-2016-0126 An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team
MS16-054 Microsoft Office Memory Corruption Vulnerability CVE-2016-0126 Hao Linan of Qihoo 360 Vulcan Team
MS16-054 Microsoft Office Memory Corruption Vulnerability CVE-2016-0140 Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-054 Office Graphics RCE Vulnerability CVE-2016-0183 Lucas Leong of Trend Micro
MS16-053 Scripting Engine Memory Corruption Vulnerability CVE-2016-0187 Kai Kang
MS16-052 Scripting Engine Memory Corruption Vulnerability CVE-2016-0186 Brian Pak (cai) from Theori, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052 Scripting Engine Memory Corruption Vulnerability CVE-2016-0186 Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0191 Lokihart working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0192 Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052 Scripting Engine Memory Corruption Vulnerability CVE-2016-0193 Zhen Feng, Wen Xu of Tencent KeenLab working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-052 Defense-in-depth ----------------- Bing Sun Intel Security Group
MS16-051 Scripting Engine Memory Corruption Vulnerability CVE-2016-0187 Kai Kang
MS16-051 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0192 Zheng Huang of the Baidu Security Lab, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-051 Internet Explorer Information Disclosure Vulnerability CVE-2016-0194 Thomas Vanhoutte, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-051 Defense-in-depth ----------------- Zhang Yunhai of NSFOCUS
April 2016
MS16-049 HTTP.sys Denial of Service Vulnerability CVE-2016-0150 Dhanesh Kizhakkinan of FireEye, Inc.
MS16-049 HTTP.sys Denial of Service Vulnerability CVE-2016-0150 Noam Mazor of Imperva
MS16-048 Windows CSRSS Security Feature Bypass Vulnerability CVE-2016-0151 James Forshaw of Google Project Zero
MS16-047 Windows RPC Downgrade Vulnerability CVE-2016-0128 This vulnerability was discovered and researched by Stefan Metzmacher of SAMBA+ and the Samba Team, which also helped design a fix for the problem.
For more information about the vulnerability named “BADLOCK,” see Badlock Bug.
MS16-046 Secondary Logon Elevation of Privilege Vulnerability CVE-2016-0135 Tenable Network Security
MS16-045 Hyper-V Remote Code Execution Vulnerability CVE-2016-0088 Kostya Kortchinsky of the Google Security Team
MS16-045 Hyper-V Remote Code Execution Vulnerability CVE-2016-0088 Thomas Garnier
MS16-045 Hyper-V Information Disclosure vulnerability CVE-2016-0089 Kostya Kortchinsky of the Google Security Team
MS16-045 Hyper-V Information Disclosure vulnerability CVE-2016-0089 Thomas Garnier
MS16-045 Hyper-V Information Disclosure vulnerability CVE-2016-0090 Kostya Kortchinsky of the Google Security Team
MS16-045 Hyper-V Information Disclosure vulnerability CVE-2016-0090 Thomas Garnier
MS16-044 Windows OLE Remote Code Execution Vulnerability CVE-2016-0153 Debasish Mandal of the Intel Security IPS Vulnerability Research Team
MS16-042 Microsoft Office Memory Corruption Vulnerability CVE-2016-0122 Sébastien Morin of COSIG
MS16-042 Microsoft Office Memory Corruption Vulnerability CVE-2016-0127 Lucas Leong of Trend Micro
MS16-042 Microsoft Office Memory Corruption Vulnerability CVE-2016-0136 Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-042 Microsoft Office Memory Corruption Vulnerability CVE-2016-0139 Steven Seeley of Source Incite
MS16-041 .NET Framework Remote Code Execution Vulnerability CVE-2016-0148 Yorick Koster of Securify B.V.
MS16-041 .NET Framework Remote Code Execution Vulnerability CVE-2016-0148 rgod, working with Trend Micro’s Zero Day Initiative (ZDI)
MS16-040 MSXML 3.0 Remote Code Execution Vulnerability CVE-2016-0147 Nicolas Grégoire of Agarri
MS16-039 Win32k Elevation of Privilege Vulnerability CVE-2016-0143 Nils Sommer of bytegeist, working with Google Project Zero
MS16-039 Graphics Memory Corruption Vulnerability CVE-2016-0145 Mateusz Jurczyk of Google Project Zero
MS16-039 Win32k Elevation of Privilege Vulnerability CVE-2016-0165 Kaspersky Lab
MS16-039 Win32k Elevation of Privilege Vulnerability CVE-2016-0167 Dhanesh Kizhakkinan of FireEye, Inc.
MS16-039 Defense-in-depth ----------------- Richard Shupak
MS16-038 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0154 Liu Long of Qihoo 360
MS16-038 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0155 Liu Long of Qihoo 360
MS16-038 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0156 Shi Ji (@Puzzor) of VARAS@IIE
MS16-038 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0156 Liu Long of Qihoo 360
MS16-038 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0157 d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative
MS16-038 Microsoft Edge Elevation of Privilege Vulnerability CVE-2016-0158 lokihardt, working with HP’s Zero Day Initiative
MS16-038 Microsoft Edge Information Disclosure Vulnerability CVE-2016-0161 QianWen Xiang of Tencent QQBrowser
MS16-037 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0154 Liu Long of the Qihoo 360 Vulcan Team
MS16-037 Internet Explorer Memory Corruption Vulnerability CVE-2016-0159 B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
MS16-037 DLL Loading Remote Code Execution Vulnerability CVE-2016-0160 Sandro Poppi
MS16-037 Internet Explorer Information Disclosure Vulnerability CVE-2016-0162 Ladislav Janko, working with ESET
MS16-037 Internet Explorer Memory Corruption Vulnerability CVE-2016-0164 Zheng Huang of the Baidu Security Lab
MS16-037 Internet Explorer Memory Corruption Vulnerability CVE-2016-0166 Henry Li (zenhumany) of Trend Micro, working with HP’s Zero Day Initiative
3152550 N/A N/A Marc Newlin of the Bastille Threat Research Team
March 2016
MS16-035 .NET XML Validation Security Feature Bypass CVE-2016-0132 Anders Abel of Kentor
MS16-034 Win32k Elevation of Privilege Vulnerability CVE-2016-0093 Nils Sommer of bytegeist, working with Google Project Zero
MS16-034 Win32k Elevation of Privilege Vulnerability CVE-2016-0094 Nils Sommer of bytegeist, working with Google Project Zero
MS16-034 Win32k Elevation of Privilege Vulnerability CVE-2016-0095 Jueming of Security Threat Information Center
MS16-034 Win32k Elevation of Privilege Vulnerability CVE-2016-0095 bee13oy of CloverSec Labs, working with HP’s Zero Day Initiative
MS16-034 Win32k Elevation of Privilege Vulnerability CVE-2016-0096 fanxiaocao and pjf of IceSword Lab, Qihoo 360
MS16-033 USB Mass Storage Elevation of Privilege Vulnerability CVE-2016-0133 Andy Davis, NCC Group
MS16-032 Secondary Logon Elevation of Privilege Vulnerability CVE-2016-0099 James Forshaw of Google Project Zero
MS16-031 Windows Elevation of Privilege Vulnerability CVE-2016-0087 Meysam Firozi @R00tkitSmm
MS16-030 Windows OLE Memory Remote Code Execution Vulnerability CVE-2016-0091 Anonymous, working with HP’s Zero Day Initiative
MS16-030 Windows OLE Memory Remote Code Execution Vulnerability CVE-2016-0092 Anonymous, working with HP’s Zero Day Initiative
MS16-029 Microsoft Office Memory Corruption Vulnerability CVE-2016-0021 Richard Warren of NCC Group
MS16-029 Microsoft Security Feature Bypass Vulnerability CVE-2016-0057 Eric Clausing of AV-TEST GmbH
MS16-029 Microsoft Security Feature Bypass Vulnerability CVE-2016-0057 Ulf Loesche of AV-TEST GmbH
MS16-029 Microsoft Security Feature Bypass Vulnerability CVE-2016-0057 Maik Morgenstern of AV-TEST GmbH
MS16-029 Microsoft Security Feature Bypass Vulnerability CVE-2016-0057 Andreas Marx of AV-TEST GmbH
MS16-029 Microsoft Office Memory Corruption Vulnerability CVE-2016-0134 Jack Tang of Trend Micro
MS16-023 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0102 Liu Long of Qihoo 360
MS16-028 Windows Remote Code Execution Vulnerability CVE-2016-0117 Mark Yason, IBM X-Force
MS16-028 Windows Remote Code Execution Vulnerability CVE-2016-0118 Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative
MS16-027 Windows Media Parsing Remote Code Execution Vulnerability CVE-2016-0101 Bruno Martinez
MS16-026 OpenType Font Parsing Vulnerability CVE-2016-0120 Mateusz Jurczyk of Google Project Zero
MS16-026 OpenType Font Parsing Vulnerability CVE-2016-0121 Mateusz Jurczyk of Google Project Zero
MS16-025 Library Loading Input Validation Remote Code Execution Vulnerability CVE-2016-0100 Yorick Koster of Securify B.V.
MS16-024 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0102 Liu Long of Qihoo 360
MS16-024 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0105 Zheng Huang of the Baidu Security Lab
MS16-024 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0109 Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-024 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0110 Zheng Huang of the Baidu Security Lab
MS16-024 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0111 Zheng Huang of the Baidu Security Lab
MS16-024 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0116 The Microsoft ChakraCore Team
MS16-024 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0123 d81b2a7b317c035a8da11d63122964c2, working with HP’s Zero Day Initiative
MS16-024 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0124 003, working with HP’s Zero Day Initiative
MS16-024 Microsoft Edge Information Disclosure Vulnerability CVE-2016-0125 Richard Shupak
MS16-024 Microsoft Edge Information Disclosure Vulnerability CVE-2016-0125 Hariram Balasundaram
MS16-024 Microsoft Edge Information Disclosure Vulnerability CVE-2016-0125 Yashvier Kosaraju
MS16-024 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0129 The Microsoft ChakraCore Team
MS16-024 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0130 The Microsoft ChakraCore Team
MS16-024 Defense-in-depth ----------------- 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative
MS16-024 Defense-in-depth ----------------- Simon Zuckerbraun, working with HP’s Zero Day Initiative
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0103 Zheng Huang of the Baidu Security Lab
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0104 Li Kemeng of the Baidu Security Lab
MS16-023 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0105 Zheng Huang of the Baidu Security Lab
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0106 sky, working with HP’s Zero Day Initiative
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0107 Hui Gao of Palo Alto Networks
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0107 B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0107 Tigonlab
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0108 Abhishek Arya and Martin Barbella, working with Google Project Zero
MS16-023 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0109 Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-023 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0110 Zheng Huang of the Baidu Security Lab
MS16-023 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0111 Abhishek Arya working with Google Project Zero
MS16-023 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0111 Martin Barbella, working with Google Project Zero
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0112 sky, working with HP’s Zero Day Initiative
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0112 0011, working with HP’s Zero Day Initiative
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0113 Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-023 Internet Explorer Memory Corruption Vulnerability CVE-2016-0114 Simon Zuckerbraun, working with HP’s Zero Day Initiative
MS16-023 Defense-in-depth ----------------- Simon Zuckerbraun working with HP’sZero Day Initiative
February 2016
MS16-018 Win32k Elevation of Privilege Vulnerability CVE-2016-0048 fanxiaocao and pjf of Qihoo 360
MS16-016 WebDAV Elevation of Privilege Vulnerability CVE-2016-0051 Tamás Koczka of Tresorit
MS16-015 Microsoft Office Memory Corruption Vulnerability CVE-2016-0022 Lucas Leong of Trend Micro
MS16-015 Microsoft Office Memory Corruption Vulnerability CVE-2016-0052 Lucas Leong of Trend Micro
MS16-015 Microsoft Office Memory Corruption Vulnerability CVE-2016-0053 Lucas Leong of Trend Micro
MS16-015 Microsoft Office Memory Corruption Vulnerability CVE-2016-0055 Kai Lu of Fortinet’s FortiGuard Labs
MS16-015 Microsoft Office Memory Corruption Vulnerability CVE-2016-0056 An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team
MS16-015 Microsoft SharePoint XSS Vulnerability CVE-2016-0039 Hadji Samir of Evolution Security GmbH (Vulnerability Lab)
MS16-014 Windows Elevation of Privilege Vulnerability CVE-2016-0040 Meysam Firozi @R00tkitSmm
MS16-014 Windows Elevation of Privilege Vulnerability CVE-2016-0040 Su Yong Kim of SSLab, Georgia Institute of Technology
MS16-014 Windows Elevation of Privilege Vulnerability CVE-2016-0040 Taesoo Kim of SSLab, Georgia Institute of Technology
MS16-014 Windows Elevation of Privilege Vulnerability CVE-2016-0040 Byoungyoung Lee of SSLab, Georgia Institute of Technology
MS16-014 DLL Loading Remote Code Execution Vulnerability CVE-2016-0041 Greg Linares, working with CyberPoint SRT
MS16-014 DLL Loading Remote Code Execution Vulnerability CVE-2016-0041 Yorick Koster of Securify B.V.
MS16-014 Windows DLL Loading Remote Code Execution Vulnerability CVE-2016-0042 Richard Warren of NCC Group
MS16-014 Windows Kerberos Security Feature Bypass CVE-2016-0049 Vulnerability discovered by Nabeel Ahmed of Dimension Data
MS16-014 Windows Kerberos Security Feature Bypass CVE-2016-0049 Vulnerability discovered by Tom Gilis of Dimension Data
MS16-013 Windows Journal Memory Corruption Vulnerability CVE-2016-0038 Rohit Mothe of VeriSign iDefense Labs
MS16-012 Microsoft Windows Reader Vulnerability CVE-2016-0046 Jaanus Kp Clarified Security, working with HP’s Zero Day Initiative
MS16-012 Microsoft PDF Library Buffer Overflow Vulnerability CVE-2016-0058 Atte Kettunen of OUSPG
MS16-011 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0060 003, working with HP’s Zero Day Initiative
MS16-011 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0061 SkyLined, working with HP’s Zero Day Initiative
MS16-011 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0062 Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-011 Microsoft Edge ASLR Bypass CVE-2016-0080 Zhang Yunhai of NSFOCUS
MS16-009 Internet Explorer Information Disclosure Vulnerability CVE-2016-0059 Kai Lu of Fortinet’s FortiGuard Labs
MS16-009 Internet Explorer Information Disclosure Vulnerability CVE-2016-0059 Steven Seeley of Source Incite
MS16-009 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0060 003, working with HP’s Zero Day Initiative
MS16-009 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0061 SkyLined, working with HP’s Zero Day Initiative
MS16-009 Microsoft Browser Memory Corruption Vulnerability CVE-2016-0062 Zheng Huang of the Baidu Security Lab, working with HP’s Zero Day Initiative
MS16-009 Internet Explorer Memory Corruption Vulnerability CVE-2016-0063 SkyLined, working with HP’s Zero Day Initiative
MS16-009 Internet Explorer Memory Corruption Vulnerability CVE-2016-0064 Jack Tang of Trend Micro
MS16-009 Internet Explorer Elevation of Privilege Vulnerability CVE-2016-0068 Masato Kinugawa of Cure53
MS16-009 Internet Explorer Elevation of Privilege Vulnerability CVE-2016-0069 Yosuke HASEGAWA of Secure Sky Technology Inc.
MS16-009 Internet Explorer Memory Corruption Vulnerability CVE-2016-0071 Dhanesh Kizhakkinan of FireEye, Inc.
MS16-009 Internet Explorer Memory Corruption Vulnerability CVE-2016-0072 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative
MS16-009 Microsoft Browser Spoofing Vulnerability CVE-2016-0077 Kacper Rybczyński
3137909 N/A N/A Michael Reizelman
January 2016
MS16-010 Microsoft Exchange Spoofing Vulnerability CVE-2016-0029 Abdulrahman Alqabandi
MS16-010 Microsoft Exchange Spoofing Vulnerability CVE-2016-0030 Alexandru Coltuneac
MS16-010 Microsoft Exchange Spoofing Vulnerability CVE-2016-0031 Nirmal Kirubakaran, Individual
MS16-010 Microsoft Exchange Spoofing Vulnerability CVE-2016-0032 Ysrael Gurt of BugSec
MS16-008 Windows Mount Point Elevation of Privilege Vulnerability CVE-2016-0006 James Forshaw of Google Project Zero
MS16-008 Windows Mount Point Elevation of Privilege Vulnerability CVE-2016-0007 James Forshaw of Google Project Zero
MS16-007 DLL Loading Elevation of Privilege Vulnerability CVE-2016-0014 Stefan Kanthak of Me, myself & IT
MS16-007 Windows DirectShow Heap Corruption RCE vulnerability CVE-2016-0015 Steven Vittitoe of Google Project Zero
MS16-007 Windows Library Loading Remote Code Execution Vulnerability CVE-2016-0016 Steven Vittitoe of Google Project Zero
MS16-007 Windows Library Loading Remote Code Execution Vulnerability CVE-2016-0018 parvez@greyhathacker.net
MS16-007 Windows Library Loading Remote Code Execution Vulnerability CVE-2016-0018 Debasish Mandal of the Intel Security IPS Vulnerability Research Team
MS16-007 Windows Remote Desktop Protocol Security Bypass Vulnerability CVE-2016-0019 Gal Goldshtein of Citadel
MS16-007 Windows Remote Desktop Protocol Security Bypass Vulnerability CVE-2016-0019 Viktor Minin of Citadel
MS16-007 MAPI LoadLibrary EoP Vulnerability CVE-2016-0020 Ashutosh Mehra, working with HP’s Zero Day Initiative
MS16-006 Silverlight Runtime Remote Code Execution Vulnerability CVE-2016-0034 Anton Ivanov and Costin Raiu of Kaspersky Lab
MS16-005 Windows GDI32.dll ASLR Bypass Vulnerability CVE-2016-0008 Steven Seeley of Source Incite, working with VeriSign iDefense Labs
MS16-005 Win32k Remote Code Execution Vulnerability CVE-2016-0009 Kerem Gümrükcü
MS16-004 Microsoft Office Memory Corruption Vulnerability CVE-2016-0010 Kai Lu of Fortinet’s FortiGuard Labs
MS16-004 ASLR bypass vulnerability CVE-2016-0012 IBM X-Forcer researcher Tom Kahana
MS16-004 ASLR bypass vulnerability CVE-2016-0012 IBM X-Forcer researcher Elad Menahem
MS16-004 Microsoft SharePoint Security Feature Bypass Vulnerability CVE-2015-6117 Jonas Nilsson of Disruptive Innovations AB
MS16-004 Microsoft Office Memory Corruption Vulnerability CVE-2016-0035 Steven Seeley of Source Incite, working with HP’s Zero Day Initiative
MS16-003 Scripting Engine Memory Corruption Vulnerability CVE-2016-0002 Anonymous contributor, working with VeriSign iDefense Labs
MS16-002 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0003 003, working with HP’s Zero Day Initiative
MS16-002 Microsoft Edge Memory Corruption Vulnerability CVE-2016-0003 Shi Ji (@Puzzor) of VARAS@IIE
MS16-002 Scripting Engine Memory Corruption Vulnerability CVE-2016-0024 CESG
MS16-001 Scripting Engine Memory Corruption Vulnerability CVE-2016-0002 Anonymous contributor, working with VeriSign iDefense Labs
MS16-004 Defense-in-depth ----------------- Jack Tang of Trend Micro
MS16-002 Defense-in-depth ----------------- Wenbin Zheng of Qihoo 360 Vulcan Team
MS16-001 Defense-in-depth ----------------- Heige (a.k.a. SuperHei) from Knownsec 404 Security Team
3109853 Defense-in-depth ----------------- Thanks to Patrick Donahue, CloudFlare, for assistance in identifying the issue.
3109853 Defense-in-depth ----------------- Thanks to Jeremiah Cohick, Fitbit, for assistance in identifying the issue.
3109853 Defense-in-depth ----------------- Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.