Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Patch Tuesday Summary for May 2016 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday Summary for May 2016

https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10

-- 
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center
/in/alexstanford

 Alex Stanford

136 Posts
May 10th 2016
Thread locked Subscribe May 10th 2016
6 years ago
Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)
 Anonymous
Quote May 10th 2016
6 years ago
Hi,

on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?

KH
 K

6 Posts
Quote May 11th 2016
6 years ago
Quoting Anonymous:Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)

The exploit for MS16-053 is not publicly disclosed. The exploited CVE in MS16-053 is CVE-2016-0189. The fact that the same CVEs are seen in both MS16-051 and MS16-053 is not a typo.

Quoting K:Hi,

on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?

KH


CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.
 Alex Stanford

136 Posts
Quote May 11th 2016
6 years ago
Quoting Alex Stanford:

CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.


I Guess the note of NO for exploits detected on MS16-051 is what is confusing me. Shouldn't that be YES?

Alternatively, have there only been reported exploits of the JScript and VBScript vuls on Vista/Server2008 and that's why the note for exploits on MS16-051 say No?
 TexISO

19 Posts
Quote May 11th 2016
6 years ago
isn't there something fishy with MS16-64 (Flash Player) ?

Adobe released an advisory APSA16-02 https://helpx.adobe.com/security/products/flash-player/apsa16-02.html with no patch available at this time of writing (associated APSB coming up next on May 12th)

But Microsoft released updates for Flash.

April https://support.microsoft.com/en-us/kb/3154132 --> Flash 21.0.0.213
May https://support.microsoft.com/en-us/kb/3157993 --> Flash 21.0.0.241

The latter is not referenced by Adobe though http://www.adobe.com/software/flash/about/

So obviously MS updated their code prior to Adobe themselves
 TexISO
1 Posts
Quote May 11th 2016
6 years ago

Sign Up for Free or Log In to start participating in the conversation!