https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10 -- |
Alex Stanford 136 Posts May 10th 2016 |
Thread locked Subscribe |
May 10th 2016 6 years ago |
Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)
|
Anonymous |
Quote |
May 10th 2016 6 years ago |
Hi,
on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected". Maybe a typo on the ISC page? KH |
K 6 Posts |
Quote |
May 11th 2016 6 years ago |
Quoting Anonymous:Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.) The exploit for MS16-053 is not publicly disclosed. The exploited CVE in MS16-053 is CVE-2016-0189. The fact that the same CVEs are seen in both MS16-051 and MS16-053 is not a typo. Quoting K:Hi, CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo. |
Alex Stanford 136 Posts |
Quote |
May 11th 2016 6 years ago |
Quoting Alex Stanford: I Guess the note of NO for exploits detected on MS16-051 is what is confusing me. Shouldn't that be YES? Alternatively, have there only been reported exploits of the JScript and VBScript vuls on Vista/Server2008 and that's why the note for exploits on MS16-051 say No? |
TexISO 19 Posts |
Quote |
May 11th 2016 6 years ago |
isn't there something fishy with MS16-64 (Flash Player) ?
Adobe released an advisory APSA16-02 https://helpx.adobe.com/security/products/flash-player/apsa16-02.html with no patch available at this time of writing (associated APSB coming up next on May 12th) But Microsoft released updates for Flash. April https://support.microsoft.com/en-us/kb/3154132 --> Flash 21.0.0.213 May https://support.microsoft.com/en-us/kb/3157993 --> Flash 21.0.0.241 The latter is not referenced by Adobe though http://www.adobe.com/software/flash/about/ So obviously MS updated their code prior to Adobe themselves |
TexISO 1 Posts |
Quote |
May 11th 2016 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!