Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Patch Tuesday Summary for May 2016 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday Summary for May 2016

https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10

-- 
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center
/in/alexstanford

Alex Stanford

136 Posts
Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)
Anonymous
Hi,

on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?

KH
K

5 Posts
Quoting Anonymous:Does anyone have details for the known exploits against MS16-053? The same two CVE's are listed for the cumulative IE update (MS16-051). But, the patch is rated as having no known exploits. Is there an error? (Greatly appreciate all of the help this site provides, btw.)

The exploit for MS16-053 is not publicly disclosed. The exploited CVE in MS16-053 is CVE-2016-0189. The fact that the same CVEs are seen in both MS16-051 and MS16-053 is not a typo.

Quoting K:Hi,

on the Microsoft Security Bulletin Summary for May 2016, CVE 2016-0189 (from MS16-051) is listed with "0 - Exploitation Detected".
Maybe a typo on the ISC page?

KH


CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.
Alex Stanford

136 Posts
Quoting Alex Stanford:

CVE-2016-0189 is a "0 - Exploitation Detected" for MS16-053, not MS16-051. A bit confusing I know, but it is not a typo.


I Guess the note of NO for exploits detected on MS16-051 is what is confusing me. Shouldn't that be YES?

Alternatively, have there only been reported exploits of the JScript and VBScript vuls on Vista/Server2008 and that's why the note for exploits on MS16-051 say No?
TexISO

19 Posts
isn't there something fishy with MS16-64 (Flash Player) ?

Adobe released an advisory APSA16-02 https://helpx.adobe.com/security/products/flash-player/apsa16-02.html with no patch available at this time of writing (associated APSB coming up next on May 12th)

But Microsoft released updates for Flash.

April https://support.microsoft.com/en-us/kb/3154132 --> Flash 21.0.0.213
May https://support.microsoft.com/en-us/kb/3157993 --> Flash 21.0.0.241

The latter is not referenced by Adobe though http://www.adobe.com/software/flash/about/

So obviously MS updated their code prior to Adobe themselves
TexISO
1 Posts

Sign Up for Free or Log In to start participating in the conversation!