This post is authored by Holger Unterbrink.

Patch Tuesday for May 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 33 vulnerabilities. Fourteen bulletins are rated critical, addressing vulnerabilities in Edge, Internet Explorer, Office, Graphic Components, VBScript, Windows Shell, and Adobe Flash Player. The remaining bulletins are rated important and address vulnerabilities in Internet Explorer, Office, Windows Kernel, Exchange, IIS, Media Center, Hyper-V, .NET, and several other Windows components.

Bulletins Rated Critical

Vulnerabilities in Microsoft bulletins MS16-051 through MS16-057 and MS16-064 are rated as critical in this month’s release.

MS16-051 and MS16-052 are this month’s Internet Explorer and Edge security bulletins respectively. One vulnerability is shared between IE and Edge, meaning that both Edge and IE are affected. The IE security bulletin addresses three memory corruption vulnerabilities marked as critical, one information disclosure vulnerability and one security feature bypass marked as important. The Edge one has four memory corruption vulnerabilities all marked as critical. For both Edge and IE, some vulnerabilities are potential remote code execution vulnerabilities. For Internet Explorer these critical vulnerabilities are: CVE-2016-0187, CVE-2016-0189 and CVE-2016-0192. For Microsoft Edge: CVE-2016-0186 , CVE-2016-0191 to 0193. IE CVEs flagged as important are CVE-2016-0188 and CVE-2016-0194.


Talos Group

Talos Security Intelligence & Research Group