KB3121212
https://support.microsoft.com/en-us/kb/3121212
MS16-008: Description of the security update for Windows Kernel: January 12, 2016
Microsoft Security Bulletin MS16-008 - Important
Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Fixes/patches: Windows Mount Point Elevation of Privilege Vulnerability - CVE-2016-0006
Fixes/patches: Windows Mount Point Elevation of Privilege Vulnerability - CVE-2016-0007
=========================================
KB3123479
https://support.microsoft.com/en-us/kb/3123479
Microsoft security advisory: Deprecation of SHA-1 hashing algorithm for Microsoft root certificate program: January 12, 2016
Microsoft Security Advisory 3123479
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
Microsoft has released a SHA-1 code sign deprecation change effective January 1, 2016, focused on client activity that can only occur when a customer downloads files from the Internet. This change is specific to a new default setting for Windows and customers can override or augment the default settings in their environment.
For customers running either Internet Explorer or Microsoft Edge who download a SHA-1 signed file from the Internet that is timestamped and released on January 1, 2016, or later, SmartScreen will mark the file as not trusted. This status does not prevent customers from downloading the file or running these browsers on their computers. But customers are warned of the not trusted status of the file.
This change only affects Mark-of-the-Web (MOTW) files downloaded from the Internet. Files timestamped before January 1, 2016, will continue to be trusted. Drivers with signatures verified by Code Integrity are not affected by this change. To conform to the latest requirements for driver signing, see the Windows Hardware Certification blog.
=========================================
KB3124275
https://support.microsoft.com/en-us/kb/3124275
MS16-001: Security update for Internet Explorer: January 12, 2016
Microsoft Security Bulletin MS16-001 - Critical
Cumulative Security Update for Internet Explorer (3124903)
This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients
=========================================
KB3108664
https://support.microsoft.com/en-us/kb/3108664
Fixes/patches: MAPI DLL Loading Elevation of Privilege Vulnerability- CVE-2016-0020
KB3109560
https://support.microsoft.com/en-us/kb/3109560
Fixes/patches: DirectShow Heap Corruption Remote Code Execution Vulnerability - CVE-2016-0015
Both updates use: MS16-007: Description of the security update for Windows: January 12, 2016
Microsoft Security Bulletin MS16-007 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
=========================================
KB3110329
https://support.microsoft.com/en-us/kb/3110329
Fixes/patches: DLL Loading Remote Code Execution Vulnerability - CVE-2016-0016
KB3121918
https://support.microsoft.com/en-us/kb/3121918
Fixes/patches: DLL Loading Elevation of Privilege Vulnerability - CVE-2016-0014
Both updates use: MS16-007: Description of the security update for Windows: January 12, 2016
Microsoft Security Bulletin MS16-007 - Important
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
=========================================
KB3124000
https://support.microsoft.com/en-us/kb/3124000
Fixes/patches: Win32k Remote Code Execution Vulnerability - CVE-2016-0009
KB3124001
https://support.microsoft.com/en-us/kb/3124001
Fixes/patches: Windows GDI32.dll ASLR Bypass Vulnerability - CVE-2016-0008
Both updates use: MS16-005: Description of the security update for Windows kernel-mode drivers: January 12, 2016
Microsoft Security Bulletin MS16-005 - Critical.
Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584).
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.