Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 30 vulnerabilities included in the November 2016 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.

MS16-129 – Cumulative Security Update for Microsoft Edge

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Severity: Critical
Affected Software

Microsoft Edge

CVE-2016-7200 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7201 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7202 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7203 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7204 – Microsoft Edge Information Disclosure Vulnerability
CVE-2016-7240 – Scripting Engine Memory Corruption Vulnerability
CVE-2016-7242 – Scripting Engine Memory Corruption Vulnerability

MS16-130 – Security Update for Microsoft Windows

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

Severity: Critical
Affected Software

Windows Vista SP2
Windows Server 2008 SP2 and Windows Server 2008 R2 SP1
Windows 7 SP1
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

CVE-2016-7212 – Windows File Manager Remote Code Execution Vulnerability
CVE-2016-7221 – Windows IME Elevation of Privilege Vulnerability

MS16-132 – Security Update for Microsoft Graphics Component

This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Severity: Critical
Affected Software

Windows Vista SP2
Windows Server 2008 SP2 and Windows Server 2008 R2 SP1
Windows 7 SP1
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

CVE-2016-7205 – Windows Animation Manager Memory Corruption Vulnerability
CVE-2016-7217 – Microsoft Edge Memory Corruption Vulnerability

MS16-133 – Security Update for Microsoft Office

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Severity: Important
Affected Software

Microsoft Word 2007 SP3
Microsoft Office 2010 SP2
Microsoft Office 2013 SP1
Microsoft Office 2013 SP1 RT
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office for Mac 2016
Microsoft Office Compatibility Pack SP3

CVE-2016-7228 – Microsoft Office Memory Corruption Vulnerability
CVE-2016-7245 – Microsoft Office Memory Corruption Vulnerability

MS16-134 – Security Update for Common Log File System Driver

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.

Severity: Important
Affected Software

Windows Vista SP2
Windows Server 2008 R2 SP1
Windows 7 SP1
Windows 8.1 and Windows 8.1 RT
Windows Server 2012 and Windows Server 2012 RT
Windows 10
Windows Server 2016

CVE-2016-0026 – Windows CLFS Elevation of Privilege
CVE-2016-3333 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3334 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3335 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3338 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2016-3342 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

MS16-135 – Security Update for Kernel-Mode Drivers

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Severity: Important
Affected Software

Windows Vista SP2
Windows Server 2008 SP2 and Windows Server 2008 R2 SP1
Windows 7 SP1
Windows 8.1 and Windows RT 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows 10
Windows Server 2016

CVE-2016-7214 – Win32k Information Disclosure Vulnerability
CVE-2016-7215 – Win32k Elevation of Privilege Vulnerability
CVE-2016-7218 – Bowser.sys Information Disclosure Vulnerability
CVE-2016-7246 – Win32k Elevation of Privilege Vulnerability
CVE-2016-7255 – Win32k Elevation of Privilege Vulnerability

MS16-136 – Security Update for SQL Server

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

Severity: Important
Affected Software

SQL Server 2012 SP2 and SP3
SQL Server 2014 SP1 and SP2
SQL Server 2016

CVE-2016-7250 – SQL RDBMS Engine Elevation of Privilege Vulnerability

MS16-138 – Security Update to Microsoft Virtual Hard Drive

This security update resolves vulnerabilities in Microsoft Windows. The Windows VHDMP kernel driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

Severity: Important
Affected Software

Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

CVE-2016-7224 – VHDFS Driver Elevation of Privilege Vulnerability
CVE-2016-7226 – VHDFS Driver Elevation of Privilege Vulnerability

MS16-142 – Cumulative Security Update for Internet Explorer

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Severity: Critical
Affected Software

Internet Explorer 9-11

CVE-2016-7196 – Microsoft Browser Memory Corruption Vulnerability
CVE-2016-7198 – Microsoft Browser Memory Corruption Vulnerability
CVE-2016-7241 – Microsoft Browser Remote Code Execution Vulnerability