LanGuard reports



Supported Microsoft Security Bulletins


More information on 2016 updates



Bulletin ID:
MS16-155
Title:
Security Update for .NET Framework (3205640)
Update Type:
Security Update
Severity:
Important
Date:
2016-12-13
Description:
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.
Vulnerabilities:
CVE-2016-7270
Included Updates:
2919355
3205402
3205403
3205404
3205406
3205407
3205410
3207296
3210142
Applies to:
Microsoft .NET Framework Updates for 4.6.2 (KB3205406)
Microsoft .NET Framework Updates for 4.6.2 (KB3205407)
Microsoft .NET Framework Updates for 4.6.2 (KB3205410)
Server Core installation option
Windows 10
Windows 2012 R2
Windows 7
Windows 8.1
Windows 8.1 RT
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-154
Title:
Security Update for Adobe Flash Player (3209498)
Update Type:
Security Update
Severity:
Critical
Date:
2016-12-13
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Vulnerabilities:
CVE-2016-7867
CVE-2016-7868
CVE-2016-7869
CVE-2016-7870
CVE-2016-7871
CVE-2016-7872
CVE-2016-7873
CVE-2016-7874
CVE-2016-7875
CVE-2016-7876
CVE-2016-7877
CVE-2016-7878
CVE-2016-7879
CVE-2016-7880
CVE-2016-7881
CVE-2016-7890
CVE-2016-7892
Included Updates:
3209498
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Bulletin ID:
MS16-153
Title:
Security Update for Common Log File System Driver (3207328)
Update Type:
Security Update
Severity:
Important
Date:
2016-12-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Information Disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.
Vulnerabilities:
CVE-2016-7295
Included Updates:
2919355
3203838
3205394
3205400
3205401
3205408
3205409
3207296
3207752
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-152
Title:
Security Update for Windows Kernel (3199709)
Update Type:
Security Update
Severity:
Important
Date:
2016-12-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.
Vulnerabilities:
CVE-2016-7258
Included Updates:
3207296
Applies to:
Server Core installation option
Windows 10
Windows Server 2016

Bulletin ID:
MS16-151
Title:
Security Update for Windows Kernel-Mode Drivers (3205651)
Update Type:
Security Update
Severity:
Important
Date:
2016-12-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Vulnerabilities:
CVE-2016-7259
CVE-2016-7260
Included Updates:
2919355
3204723
3205394
3205400
3205401
3205408
3205409
3207752
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-150
Title:
Security Update for Secure Kernel Mode (3205642)
Update Type:
Security Update
Severity:
Important
Date:
2016-12-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).
Vulnerabilities:
CVE-2016-7271
Included Updates:
3207296
Applies to:
Server Core installation option
Windows 10
Windows Server 2016

Bulletin ID:
MS16-149
Title:
Security Update for Microsoft Windows (3205655)
Update Type:
Security Update
Severity:
Important
Date:
2016-12-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.
Vulnerabilities:
CVE-2016-7219
CVE-2016-7292
Included Updates:
2919355
3196726
3204808
3205394
3205400
3205401
3205408
3205409
3207296
3207752
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-148
Title:
Security Update for Microsoft Office (3204068)
Update Type:
Security Update
Severity:
Critical
Date:
2016-12-13
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-7257
CVE-2016-7262
CVE-2016-7263
CVE-2016-7264
CVE-2016-7265
CVE-2016-7266
CVE-2016-7267
CVE-2016-7268
CVE-2016-7275
CVE-2016-7276
CVE-2016-7277
CVE-2016-7289
CVE-2016-7290
CVE-2016-7291
CVE-2016-7298
CVE-2016-7300
Included Updates:
2883033
2889841
3114395
3118380
3127892
3127968
3127986
3127995
3128008
3128016
3128019
3128020
3128022
3128023
3128024
3128025
3128026
3128029
3128032
3128034
3128035
3128037
3128043
3128044
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Other Office Software

Bulletin ID:
MS16-147
Title:
Security Update for Microsoft Uniscribe (3204063)
Update Type:
Security Update
Severity:
Critical
Date:
2016-12-13
Description:
This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-7274
Included Updates:
2919355
3196348
3205394
3205400
3205401
3205408
3205409
3207296
3207752
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-146
Title:
Security Update for Microsoft Graphics Component (3204066)
Update Type:
Security Update
Severity:
Critical
Date:
2016-12-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-7257
CVE-2016-7272
CVE-2016-7273
Included Updates:
2919355
3204724
3205394
3205400
3205401
3205408
3205409
3205638
3207296
3207752
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-144
Title:
Cumulative Security Update for Internet Explorer (3204059)
Update Type:
Security Update
Severity:
Critical
Date:
2016-12-13
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-7202
CVE-2016-7278
CVE-2016-7279
CVE-2016-7281
CVE-2016-7282
CVE-2016-7283
CVE-2016-7284
CVE-2016-7287
Included Updates:
3203621
3205383
3205386
3205394
3205400
3205401
3205408
3205409
3206632
3207296
3207752
3208481
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-142
Title:
Cumulative Security Update for Internet Explorer (3198467)
Update Type:
Security Update
Severity:
Critical
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-7195
CVE-2016-7196
CVE-2016-7198
CVE-2016-7199
CVE-2016-7227
CVE-2016-7239
CVE-2016-7241
Included Updates:
3197655
3197867
3197868
3197873
3197874
3197876
3197877
3198585
3198586
3199442
3200970
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-141
Title:
Security Update for Adobe Flash Player (3202790)
Update Type:
Security Update
Severity:
Critical
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Vulnerabilities:
CVE-2016-7857
CVE-2016-7858
CVE-2016-7859
CVE-2016-7860
CVE-2016-7861
CVE-2016-7862
CVE-2016-7863
CVE-2016-7864
CVE-2016-7865
Included Updates:
3202790
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Bulletin ID:
MS16-140
Title:
Security Update for Boot Manager (3193479)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.
Vulnerabilities:
CVE-2016-7247
Included Updates:
2919355
3197873
3197874
3197876
3197877
3198389
3198585
3198586
3199442
3200970
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Bulletin ID:
MS16-139
Title:
Security Update for Windows Kernel (3199720)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.
Vulnerabilities:
CVE-2016-7216
Included Updates:
3197867
3197868
3198483
Applies to:
Server Core installation option
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS16-138
Title:
Security Update for Microsoft Virtual Hard Disk Driver (3199647)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.
Vulnerabilities:
CVE-2016-7223
CVE-2016-7224
CVE-2016-7225
CVE-2016-7226
Included Updates:
2919355
3197873
3197874
3197876
3197877
3198585
3198586
3199442
3200970
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Bulletin ID:
MS16-137
Title:
Security Update for Windows Authentication Methods (3199173)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.
Vulnerabilities:
CVE-2016-7220
CVE-2016-7237
CVE-2016-7238
Included Updates:
2919355
3197867
3197868
3197873
3197874
3197876
3197877
3198510
3198585
3198586
3199442
3200970
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-136
Title:
Security Update for SQL Server (3199641)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.
Vulnerabilities:
CVE-2016-7249
CVE-2016-7250
CVE-2016-7251
CVE-2016-7252
CVE-2016-7253
CVE-2016-7254
Included Updates:
3194714
3194716
3194717
3194718
3194719
3194720
3194721
3194722
3194724
3194725
Applies to:
SQL Server 2012 Service Pack 2
SQL Server 2012 Service Pack 3
SQL Server 2014 Service Pack 1
SQL Server 2014 Service Pack 2
SQL Server 2016

Bulletin ID:
MS16-135
Title:
Security Update for Windows Kernel-Mode Drivers (3199135)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Vulnerabilities:
CVE-2016-7214
CVE-2016-7215
CVE-2016-7218
CVE-2016-7246
CVE-2016-7255
Included Updates:
2919355
3194371
3197867
3197868
3197873
3197874
3197876
3197877
3198218
3198234
3198585
3198586
3200970
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-134
Title:
Security Update for Common Log File System Driver (3193706)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.
Vulnerabilities:
CVE-2016-0026
CVE-2016-3332
CVE-2016-3333
CVE-2016-3334
CVE-2016-3335
CVE-2016-3338
CVE-2016-3340
CVE-2016-3342
CVE-2016-3343
CVE-2016-7184
Included Updates:
2919355
3181707
3197867
3197868
3197873
3197874
3197876
3197877
3198585
3198586
3199442
3200970
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-133
Title:
Security Update for Microsoft Office (3199168)
Update Type:
Security Update
Severity:
Important
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-7213
CVE-2016-7228
CVE-2016-7229
CVE-2016-7230
CVE-2016-7231
CVE-2016-7232
CVE-2016-7233
CVE-2016-7234
CVE-2016-7235
CVE-2016-7236
CVE-2016-7244
CVE-2016-7245
Included Updates:
2986253
3115120
3115135
3115153
3118378
3118381
3118382
3118390
3118395
3118396
3127889
3127893
3127904
3127921
3127927
3127929
3127932
3127948
3127949
3127950
3127951
3127953
3127954
3127962
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-132
Title:
Security Update for Microsoft Graphics Component (3199120)
Update Type:
Security Update
Severity:
Critical
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow a remote code execution. The vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-7205
CVE-2016-7210
CVE-2016-7217
CVE-2016-7256
Included Updates:
2919355
3197867
3197868
3197873
3197874
3197876
3197877
3198585
3198586
3199442
3200970
3203859
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-131
Title:
Security Update for Microsoft Video Control (3199151)
Update Type:
Security Update
Severity:
Critical
Date:
2016-11-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
Vulnerabilities:
CVE-2016-7248
Included Updates:
2919355
3197867
3197868
3197873
3197874
3198218
3198585
3198586
3199442
3200970
Applies to:
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Vista

Bulletin ID:
MS16-130
Title:
Security Update for Microsoft Windows (3199172)
Update Type:
Security Update
Severity:
Critical
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.
Vulnerabilities:
CVE-2016-7212
CVE-2016-7221
CVE-2016-7222
Included Updates:
2919355
3193418
3196718
3197867
3197868
3197873
3197874
3197876
3197877
3198585
3198586
3199442
3200970
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Vista

Bulletin ID:
MS16-129
Title:
Cumulative Security Update for Microsoft Edge (3199057)
Update Type:
Security Update
Severity:
Critical
Date:
2016-11-08
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-7195
CVE-2016-7196
CVE-2016-7198
CVE-2016-7199
CVE-2016-7200
CVE-2016-7201
CVE-2016-7202
CVE-2016-7203
CVE-2016-7204
CVE-2016-7208
CVE-2016-7209
CVE-2016-7227
CVE-2016-7239
CVE-2016-7240
CVE-2016-7241
CVE-2016-7242
CVE-2016-7243
Included Updates:
3198585
3198586
3200970
Applies to:
Microsoft Edge

Bulletin ID:
MS16-128
Title:
Security Update for Adobe Flash Player (3201860)
Update Type:
Security Update
Severity:
Critical
Date:
2016-10-28
Description:
This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-7855
Included Updates:
3201860
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-127
Title:
Security Update for Adobe Flash Player (3194343)
Update Type:
Security Update
Severity:
Critical
Date:
2016-10-11
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-4273
CVE-2016-4286
CVE-2016-6981
CVE-2016-6982
CVE-2016-6983
CVE-2016-6984
CVE-2016-6985
CVE-2016-6986
CVE-2016-6987
CVE-2016-6989
CVE-2016-6990
CVE-2016-6991
CVE-2016-6992
Included Updates:
3194343
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-126
Title:
Security Update for Microsoft Internet Messaging API (3196067)
Update Type:
Security Update
Severity:
Moderate
Date:
2016-10-11
Description:
This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.
Vulnerabilities:
CVE-2016-3298
Included Updates:
3185330
3192391
3193515
3196067
Applies to:
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS16-125
Title:
Security Update for Diagnostics Hub (3193229)
Update Type:
Security Update
Severity:
Important
Date:
2016-10-11
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-7188
Included Updates:
3192440
3192441
3194798
3195038
Applies to:
Windows 10

Bulletin ID:
MS16-124
Title:
Security Update for Windows Registry (3193227)
Update Type:
Security Update
Severity:
Important
Date:
2016-10-11
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.
Vulnerabilities:
CVE-2016-0070
CVE-2016-0073
CVE-2016-0075
CVE-2016-0079
Included Updates:
3185330
3185331
3185332
3191256
3192391
3192392
3192393
3192440
3192441
3193227
3194798
3195038
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-123
Title:
Security Update for Windows Kernel-Mode Drivers (3192892)
Update Type:
Security Update
Severity:
Important
Date:
2016-10-11
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Vulnerabilities:
CVE-2016-3266
CVE-2016-3341
CVE-2016-3376
CVE-2016-7185
CVE-2016-7191
Included Updates:
3183431
3185330
3185331
3185332
3192391
3192392
3192393
3192440
3192441
3192892
3194798
3195038
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-122
Title:
Security Update for Microsoft Video Control (3195360)
Update Type:
Security Update
Severity:
Critical
Date:
2016-10-11
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
Vulnerabilities:
CVE-2016-0142
Included Updates:
3185330
3185331
3190847
3192391
3192392
3192440
3192441
3194798
3195038
3195360
Applies to:
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Vista

Bulletin ID:
MS16-121
Title:
Security Update for Microsoft Office (3194063)
Update Type:
Security Update
Severity:
Important
Date:
2016-10-11
Description:
This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
Vulnerabilities:
CVE-2016-7193
Included Updates:
3118307
3118308
3118311
3118312
3118331
3118345
3118352
3118360
3118377
3118384
3127897
3127898
3194063
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-120
Title:
Security Update for Microsoft Graphics Component (3192884)
Update Type:
Security Update
Severity:
Critical
Date:
2016-10-11
Description:
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-3209
CVE-2016-3262
CVE-2016-3263
CVE-2016-3270
CVE-2016-3393
CVE-2016-3396
CVE-2016-7182
Included Updates:
2919355
3118301
3118317
3118327
3118348
3118394
3185330
3185331
3185332
3188397
3188400
3188730
3188731
3188732
3188734
3188736
3188740
3188741
3188743
3188744
3189017
3189598
3191203
3192391
3192392
3192393
3192440
3192441
3193713
3194798
3195038
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-119
Title:
Cumulative Security Update for Microsoft Edge (3192890)
Update Type:
Security Update
Severity:
Critical
Date:
2016-10-11
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-3267
CVE-2016-3331
CVE-2016-3382
CVE-2016-3386
CVE-2016-3387
CVE-2016-3388
CVE-2016-3389
CVE-2016-3390
CVE-2016-3391
CVE-2016-3392
CVE-2016-7189
CVE-2016-7190
CVE-2016-7194
Included Updates:
3192440
3192441
3194798
3195038
Applies to:
Microsoft Edge

Bulletin ID:
MS16-118
Title:
Cumulative Security Update for Internet Explorer (3192887)
Update Type:
Security Update
Severity:
Critical
Date:
2016-10-11
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3267
CVE-2016-3298
CVE-2016-3331
CVE-2016-3382
CVE-2016-3383
CVE-2016-3384
CVE-2016-3385
CVE-2016-3387
CVE-2016-3388
CVE-2016-3390
CVE-2016-3391
Included Updates:
3185330
3185331
3185332
3191492
3192391
3192392
3192393
3192440
3192441
3192887
3194798
3195038
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-117
Title:
Security Update for Adobe Flash Player (3188128)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-4271
CVE-2016-4272
CVE-2016-4274
CVE-2016-4275
CVE-2016-4276
CVE-2016-4277
CVE-2016-4278
CVE-2016-4279
CVE-2016-4280
CVE-2016-4281
CVE-2016-4282
CVE-2016-4283
CVE-2016-4284
CVE-2016-4285
CVE-2016-4287
CVE-2016-6921
CVE-2016-6922
CVE-2016-6923
CVE-2016-6924
CVE-2016-6925
CVE-2016-6926
CVE-2016-6927
CVE-2016-6929
CVE-2016-6930
CVE-2016-6931
CVE-2016-6932
Included Updates:
3188128
3188966
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-116
Title:
Security Update in OLE Automation for VBScript Scripting Engine (3188724)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.
Vulnerabilities:
CVE-2016-3375
Included Updates:
3184122
3185614
3188724
3188966
3193494
3193821
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-115
Title:
Security Update for Microsoft Windows PDF Library (3188733)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.
Vulnerabilities:
CVE-2016-3370
CVE-2016-3374
Included Updates:
3184943
3185614
3188733
3188966
3193494
3193821
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-114
Title:
Security Update for Windows SMBv1 Server (3185879)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.
Vulnerabilities:
CVE-2016-3345
Included Updates:
3177186
3185614
3185879
3188966
3193494
3193821
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-113
Title:
Security Update for Windows Secure Kernel Mode (3185876)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Vulnerabilities:
CVE-2016-3344
Included Updates:
3185614
3188966
3193821
Applies to:
Windows 10

Bulletin ID:
MS16-112
Title:
Security Update for Windows Lock Screen (3178469)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.
Vulnerabilities:
CVE-2016-3302
Included Updates:
3178469
3178539
3185614
3188966
3193494
3193821
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2

Bulletin ID:
MS16-111
Title:
Security Update for Windows Kernel (3186973)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.
Vulnerabilities:
CVE-2016-3305
CVE-2016-3306
CVE-2016-3371
CVE-2016-3372
CVE-2016-3373
Included Updates:
3175024
3185614
3186973
3188966
3193494
3193821
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-110
Title:
Security Update for Microsoft Windows (3178467)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.
Vulnerabilities:
CVE-2016-3346
CVE-2016-3352
CVE-2016-3368
CVE-2016-3369
Included Updates:
3178467
3184471
3185614
3187754
3188966
3193494
3193821
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-109
Title:
Security Update for Silverlight (3182373)
Update Type:
Security Update
Severity:
Important
Date:
2016-09-13
Description:
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website.
Vulnerabilities:
CVE-2016-3367
Included Updates:
3182373
Applies to:
Software

Bulletin ID:
MS16-108
Title:
Security Update for Microsoft Exchange Server (3185883)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.
Vulnerabilities:
CVE-2016-0138
CVE-2016-3378
CVE-2016-3379
Included Updates:
3184711
3184728
3184736
3185883
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016

Bulletin ID:
MS16-107
Title:
Security Update for Microsoft Office (3185852)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0137
CVE-2016-0141
CVE-2016-3357
CVE-2016-3358
CVE-2016-3359
CVE-2016-3360
CVE-2016-3361
CVE-2016-3362
CVE-2016-3363
CVE-2016-3364
CVE-2016-3365
CVE-2016-3366
CVE-2016-3381
Included Updates:
2553432
2597974
3054862
3054969
3114744
3115112
3115119
3115169
3115443
3115459
3115462
3115463
3115466
3115467
3115472
3115487
3118268
3118270
3118280
3118284
3118290
3118292
3118293
3118297
3118299
3118300
3118303
3118309
3118313
3118316
3185852
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-106
Title:
Security Update for Microsoft Graphics Component (3185848)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-3348
CVE-2016-3349
CVE-2016-3354
CVE-2016-3355
CVE-2016-3356
Included Updates:
3185614
3185848
3185911
3188966
3193494
3193821
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-105
Title:
Cumulative Security Update for Microsoft Edge (3183043)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-3247
CVE-2016-3291
CVE-2016-3294
CVE-2016-3295
CVE-2016-3297
CVE-2016-3325
CVE-2016-3330
CVE-2016-3350
CVE-2016-3351
CVE-2016-3370
CVE-2016-3374
CVE-2016-3377
Included Updates:
3185614
3188966
3193494
3193821
Applies to:
Microsoft Edge

Bulletin ID:
MS16-104
Title:
Cumulative Security Update for Internet Explorer (3183038)
Update Type:
Security Update
Severity:
Critical
Date:
2016-09-13
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3247
CVE-2016-3291
CVE-2016-3292
CVE-2016-3295
CVE-2016-3297
CVE-2016-3324
CVE-2016-3325
CVE-2016-3351
CVE-2016-3353
CVE-2016-3375
Included Updates:
3183038
3185319
3185614
3188966
3193494
3193821
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-103
Title:
Security Update for ActiveSyncProvider (3182332)
Update Type:
Security Update
Severity:
Important
Date:
2016-08-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection.
Vulnerabilities:
CVE-2016-3312
Included Updates:
3176492
3176493
3176494
Applies to:
Windows 10

Bulletin ID:
MS16-102
Title:
Security Update for Microsoft Windows PDF Library (3182248)
Update Type:
Security Update
Severity:
Critical
Date:
2016-08-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3319
Included Updates:
3175887
3176492
3176493
3176494
3176495
3182248
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-101
Title:
Security Update for Windows Authentication Methods (3178465)
Update Type:
Security Update
Severity:
Important
Date:
2016-08-09
Description:
This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.
Vulnerabilities:
CVE-2016-3237
CVE-2016-3300
Included Updates:
3167679
3176492
3176493
3176494
3176495
3177108
3178465
3185330
3185331
3185332
3192391
3192392
3192393
3192440
3192441
3194798
3195038
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-100
Title:
Security Update for Secure Boot (3179577)
Update Type:
Security Update
Severity:
Important
Date:
2016-08-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot manager and bypasses Windows security features.
Vulnerabilities:
CVE-2016-3320
Included Updates:
3172729
3179577
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-099
Title:
Security Update for Microsoft Office (3177451)
Update Type:
Security Update
Severity:
Critical
Date:
2016-08-09
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-3313
CVE-2016-3315
CVE-2016-3316
CVE-2016-3317
CVE-2016-3318
Included Updates:
3114340
3114400
3114442
3114456
3114869
3114885
3114981
3115256
3115415
3115419
3115427
3115439
3115440
3115449
3115452
3115468
3115471
3115474
3177451
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-098
Title:
Security Update for Windows Kernel-Mode Drivers (3178466)
Update Type:
Security Update
Severity:
Important
Date:
2016-08-09
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Vulnerabilities:
CVE-2016-3308
CVE-2016-3309
CVE-2016-3310
CVE-2016-3311
Included Updates:
3176492
3176493
3176494
3176495
3177725
3178466
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-097
Title:
Security Update for Microsoft Graphics Component (3177393)
Update Type:
Security Update
Severity:
Critical
Date:
2016-08-09
Description:
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-3301
CVE-2016-3303
CVE-2016-3304
Included Updates:
3115109
3115131
3115408
3115431
3115481
3174301
3174304
3176492
3176493
3176494
3176495
3177393
3178034
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-096
Title:
Cumulative Security Update for Microsoft Edge (3177358)
Update Type:
Security Update
Severity:
Critical
Date:
2016-08-09
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-3289
CVE-2016-3293
CVE-2016-3296
CVE-2016-3319
CVE-2016-3322
CVE-2016-3326
CVE-2016-3327
CVE-2016-3329
Included Updates:
3176492
3176493
3176494
3176495
Applies to:
Microsoft Edge

Bulletin ID:
MS16-095
Title:
Cumulative Security Update for Internet Explorer (3177356)
Update Type:
Security Update
Severity:
Critical
Date:
2016-08-09
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3288
CVE-2016-3289
CVE-2016-3290
CVE-2016-3293
CVE-2016-3321
CVE-2016-3322
CVE-2016-3326
CVE-2016-3327
CVE-2016-3329
Included Updates:
3175443
3176492
3176493
3176494
3176495
3177356
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-094
Title:
Security Update for Secure Boot (3177404)
Update Type:
Security Update
Severity:
Important
Date:
2016-07-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.
Vulnerabilities:
CVE-2016-3287
Included Updates:
2919355
3163912
3172727
3172985
3172989
3177404
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-093
Title:
Security Update for Adobe Flash Player (3174060)
Update Type:
Security Update
Severity:
Critical
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-4173
CVE-2016-4174
CVE-2016-4175
CVE-2016-4176
CVE-2016-4177
CVE-2016-4178
CVE-2016-4179
CVE-2016-4182
CVE-2016-4185
CVE-2016-4188
CVE-2016-4222
CVE-2016-4223
CVE-2016-4224
CVE-2016-4225
CVE-2016-4226
CVE-2016-4227
CVE-2016-4228
CVE-2016-4229
CVE-2016-4230
CVE-2016-4231
CVE-2016-4232
CVE-2016-4247
CVE-2016-4248
CVE-2016-4249
Included Updates:
3163912
3172989
3174060
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-092
Title:
Security Update for Windows Kernel (3171910)
Update Type:
Security Update
Severity:
Important
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.
Vulnerabilities:
CVE-2016-3258
CVE-2016-3272
Included Updates:
2919355
3163912
3169704
3170377
3171910
3172985
3172989
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-091
Title:
Security Update for .NET Framework (3170048)
Update Type:
Security Update
Severity:
Important
Date:
2016-07-12
Description:
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.
Vulnerabilities:
CVE-2016-3255
Included Updates:
2919355
3163244
3163245
3163246
3163247
3163248
3163249
3163250
3163251
3163291
3163912
3164023
3164024
3164025
3170048
3172985
3172989
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-090
Title:
Security Update for Windows Kernel-Mode Drivers (3171481)
Update Type:
Security Update
Severity:
Important
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Vulnerabilities:
CVE-2016-3249
CVE-2016-3250
CVE-2016-3251
CVE-2016-3252
CVE-2016-3254
CVE-2016-3286
Included Updates:
2919355
3163912
3168965
3171481
3172985
3172989
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-089
Title:
Security Update for Windows Secure Kernel Mode (3170050)
Update Type:
Security Update
Severity:
Important
Date:
2016-07-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Vulnerabilities:
CVE-2016-3256
Included Updates:
3163912
3172985
3172989
Applies to:
Windows 10

Bulletin ID:
MS16-088
Title:
Security Update for Microsoft Office (3170008)
Update Type:
Security Update
Severity:
Critical
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-3278
CVE-2016-3279
CVE-2016-3280
CVE-2016-3281
CVE-2016-3282
CVE-2016-3283
CVE-2016-3284
Included Updates:
3114890
3115114
3115118
3115246
3115254
3115259
3115262
3115272
3115279
3115285
3115289
3115292
3115294
3115299
3115301
3115306
3115308
3115309
3115311
3115312
3115315
3115317
3115318
3115322
3115386
3115393
3115395
3170008
3170460
3170463
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-087
Title:
Security Update for Windows Print Spooler Components (3170005)
Update Type:
Security Update
Severity:
Critical
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.
Vulnerabilities:
CVE-2016-3238
CVE-2016-3239
Included Updates:
2919355
3163912
3170005
3170455
3172985
3172989
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-086
Title:
Cumulative Security Update for JScript and VBScript (3169996)
Update Type:
Security Update
Severity:
Critical
Date:
2016-07-12
Description:
This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3204
Included Updates:
3169658
3169659
3169996
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS16-085
Title:
Cumulative Security Update for Microsoft Edge (3169999)
Update Type:
Security Update
Severity:
Critical
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-3244
CVE-2016-3246
CVE-2016-3248
CVE-2016-3259
CVE-2016-3260
CVE-2016-3264
CVE-2016-3265
CVE-2016-3269
CVE-2016-3271
CVE-2016-3273
CVE-2016-3274
CVE-2016-3276
CVE-2016-3277
Included Updates:
3163912
3172985
3172989
Applies to:
Microsoft Edge

Bulletin ID:
MS16-084
Title:
Cumulative Security Update for Internet Explorer (3169991)
Update Type:
Security Update
Severity:
Critical
Date:
2016-07-12
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3204
CVE-2016-3240
CVE-2016-3241
CVE-2016-3242
CVE-2016-3243
CVE-2016-3245
CVE-2016-3248
CVE-2016-3259
CVE-2016-3260
CVE-2016-3261
CVE-2016-3264
CVE-2016-3273
CVE-2016-3274
CVE-2016-3276
CVE-2016-3277
Included Updates:
3163912
3169991
3170106
3172985
3172989
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-083
Title:
Security Update for Adobe Flash Player (3167685)
Update Type:
Security Update
Severity:
Critical
Date:
2016-06-16
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-4121
CVE-2016-4122
CVE-2016-4123
CVE-2016-4124
CVE-2016-4125
CVE-2016-4126
CVE-2016-4127
CVE-2016-4128
CVE-2016-4129
CVE-2016-4130
CVE-2016-4131
CVE-2016-4132
CVE-2016-4133
CVE-2016-4134
CVE-2016-4135
CVE-2016-4136
CVE-2016-4137
CVE-2016-4138
CVE-2016-4139
CVE-2016-4140
CVE-2016-4141
CVE-2016-4142
CVE-2016-4143
CVE-2016-4144
CVE-2016-4145
CVE-2016-4146
CVE-2016-4147
CVE-2016-4148
CVE-2016-4149
CVE-2016-4150
CVE-2016-4151
CVE-2016-4152
CVE-2016-4153
CVE-2016-4154
CVE-2016-4155
CVE-2016-4156
CVE-2016-4166
CVE-2016-4171
Included Updates:
3167685
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-082
Title:
Security Update for Microsoft Windows Search Component (3165270)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-3230
Included Updates:
2919355
3161958
3163017
3163018
3165270
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-081
Title:
Security Update for Active Directory (3160352)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.
Vulnerabilities:
CVE-2016-3226
Included Updates:
3160352
Applies to:
Server Core installation option
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-080
Title:
Security Update for Microsoft Windows PDF (3164302)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.
Vulnerabilities:
CVE-2016-3201
CVE-2016-3203
CVE-2016-3215
Included Updates:
2919355
3157569
3163017
3163018
3164302
Applies to:
Windows 10
Windows 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-079
Title:
Security Update for Microsoft Exchange Server (3160339)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves vulnerabilites in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.
Vulnerabilities:
CVE-2015-6013
CVE-2015-6014
CVE-2015-6015
CVE-2016-0028
Included Updates:
3150501
3151086
3151097
3160339
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016

Bulletin ID:
MS16-078
Title:
Security Update for Windows Diagnostic Hub (3165479)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-3231
Included Updates:
3163017
3163018
Applies to:


Bulletin ID:
MS16-077
Title:
Security Update for WPAD (3165191)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.
Vulnerabilities:
CVE-2016-3213
CVE-2016-3236
CVE-2016-3299
Included Updates:
2919355
3161949
3163017
3163018
3165191
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-076
Title:
Security Update for Netlogon (3167691)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.
Vulnerabilities:
CVE-2016-3228
Included Updates:
2919355
3161561
3162343
3167691
Applies to:
Server Core installation option
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-075
Title:
Security Update for Windows SMB Server (3164038)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-3225
Included Updates:
2919355
3161561
3163017
3163018
3164038
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-074
Title:
Security Update for Microsoft Graphics Component (3164036)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.
Vulnerabilities:
CVE-2016-3216
CVE-2016-3219
CVE-2016-3220
Included Updates:
2919355
3163017
3163018
3164033
3164035
3164036
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-073
Title:
Security Update for Windows Kernel-Mode Drivers (3164028)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-3218
CVE-2016-3221
CVE-2016-3232
Included Updates:
2919355
3161664
3163017
3163018
3164028
3164294
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-072
Title:
Security Update for Group Policy (3163622)
Update Type:
Security Update
Severity:
Important
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.
Vulnerabilities:
CVE-2016-3223
Included Updates:
2919355
3163016
3163017
3163018
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-071
Title:
Security Update for Microsoft Windows DNS Server (3164065)
Update Type:
Security Update
Severity:
Critical
Date:
2016-06-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
Vulnerabilities:
CVE-2016-3227
Included Updates:
2919355
3161951
3164065
Applies to:
Server Core installation option
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-070
Title:
Security Update for Microsoft Office (3163610)
Update Type:
Security Update
Severity:
Critical
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0025
CVE-2016-3233
CVE-2016-3234
CVE-2016-3235
Included Updates:
2596915
2999465
3114740
3114862
3114872
3115014
3115020
3115041
3115107
3115111
3115130
3115134
3115144
3115170
3115173
3115182
3115187
3115194
3115195
3115196
3115198
3115243
3115244
3163610
3165796
3165798
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-069
Title:
Cumulative Security Update for JScript and VBScript (3163640)
Update Type:
Security Update
Severity:
Critical
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-3205
CVE-2016-3206
CVE-2016-3207
Included Updates:
3158363
3158364
3163640
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS16-068
Title:
Cumulative Security Update for Microsoft Edge (3163656)
Update Type:
Security Update
Severity:
Critical
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-3198
CVE-2016-3199
CVE-2016-3201
CVE-2016-3202
CVE-2016-3203
CVE-2016-3214
CVE-2016-3215
CVE-2016-3222
Included Updates:
3163017
3163018
Applies to:
Microsoft Edge

Bulletin ID:
MS16-063
Title:
Cumulative Security Update for Internet Explorer (3163649)
Update Type:
Security Update
Severity:
Critical
Date:
2016-06-14
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0199
CVE-2016-0200
CVE-2016-3202
CVE-2016-3205
CVE-2016-3206
CVE-2016-3207
CVE-2016-3210
CVE-2016-3211
CVE-2016-3212
CVE-2016-3213
Included Updates:
3160005
3163016
3163017
3163018
3163649
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-067
Title:
Security Update for Volume Manager Driver (3155784)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.
Vulnerabilities:
CVE-2016-0190
Included Updates:
3155784
Applies to:
Server Core installation option
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-066
Title:
Security Update for Virtual Secure Mode (3155451)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.
Vulnerabilities:
CVE-2016-0181
Included Updates:
3156387
3156421
Applies to:


Bulletin ID:
MS16-065
Title:
Security Update for .NET Framework (3156757)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.
Vulnerabilities:
CVE-2016-0149
Included Updates:
3142023
3142024
3142025
3142026
3142027
3142029
3142030
3142032
3142033
3142035
3142036
3142037
3156387
3156421
3156757
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-064
Title:
Security Update for Adobe Flash Player (3157993)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-1096
CVE-2016-1097
CVE-2016-1098
CVE-2016-1099
CVE-2016-1100
CVE-2016-1101
CVE-2016-1102
CVE-2016-1103
CVE-2016-1104
CVE-2016-1105
CVE-2016-1106
CVE-2016-1107
CVE-2016-1108
CVE-2016-1109
CVE-2016-1110
CVE-2016-4108
CVE-2016-4109
CVE-2016-4110
CVE-2016-4111
CVE-2016-4112
CVE-2016-4113
CVE-2016-4114
CVE-2016-4115
CVE-2016-4116
CVE-2016-4117
Included Updates:
3156387
3156421
3157993
3163207
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-062
Title:
Security Update for Windows Kernel-Mode Drivers (3158222)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-0171
CVE-2016-0173
CVE-2016-0174
CVE-2016-0175
CVE-2016-0176
CVE-2016-0196
CVE-2016-0197
Included Updates:
2919355
3153199
3156017
3156387
3156421
3158222
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-061
Title:
Security Update for Microsoft RPC (3155520)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.
Vulnerabilities:
CVE-2016-0178
Included Updates:
2919355
3153171
3153704
3155520
3156387
3156421
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-060
Title:
Security Update for Windows Kernel (3154846)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-0180
Included Updates:
2919355
3153171
3154846
3156387
3156421
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-059
Title:
Security Update for Windows Media Center (3150220)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0185
Included Updates:
3150220
Applies to:
Windows 7
Windows 8.1
Windows Vista

Bulletin ID:
MS16-058
Title:
Security Update for Windows IIS (3141083)
Update Type:
Security Update
Severity:
Important
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0152
Included Updates:
3141083
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS16-057
Title:
Security Update for Windows Shell (3156987)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0179
Included Updates:
2919355
3156059
3156387
3156421
3156987
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2

Bulletin ID:
MS16-056
Title:
Security Update for Windows Journal (3156761)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0182
Included Updates:
3155178
3156387
3156421
3156761
Applies to:
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Vista

Bulletin ID:
MS16-055
Title:
Security Update for Microsoft Graphics Component (3156754)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0168
CVE-2016-0169
CVE-2016-0170
CVE-2016-0184
CVE-2016-0195
Included Updates:
2919355
3156013
3156016
3156019
3156387
3156421
3156754
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-054
Title:
Security Update for Microsoft Office (3155544)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0126
CVE-2016-0140
CVE-2016-0183
CVE-2016-0198
Included Updates:
2984938
2984943
3054984
3101520
3114893
3115016
3115025
3115094
3115103
3115115
3115116
3115117
3115121
3115123
3115124
3115132
3115464
3115465
3115479
3115480
3155544
3155776
3155777
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-053
Title:
Cumulative Security Update for JScript and VBScript (3156764)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0187
CVE-2016-0189
Included Updates:
3155413
3155533
3156764
3158991
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS16-052
Title:
Cumulative Security Update for Microsoft Edge (3155538)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-0186
CVE-2016-0191
CVE-2016-0192
CVE-2016-0193
Included Updates:
3156387
3156421
Applies to:
Microsoft Edge

Bulletin ID:
MS16-051
Title:
Cumulative Security Update for Internet Explorer (3155533)
Update Type:
Security Update
Severity:
Critical
Date:
2016-05-10
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0187
CVE-2016-0188
CVE-2016-0189
CVE-2016-0192
CVE-2016-0194
Included Updates:
3154070
3155533
3156387
3156421
3158987
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-050
Title:
Security Update for Adobe Flash Player (3154132)
Update Type:
Security Update
Severity:
Critical
Date:
2016-04-12
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2016-1006
CVE-2016-1011
CVE-2016-1012
CVE-2016-1013
CVE-2016-1014
CVE-2016-1015
CVE-2016-1016
CVE-2016-1017
CVE-2016-1018
CVE-2016-1019
Included Updates:
3154132
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-049
Title:
Security Update for HTTP.sys (3148795)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.
Vulnerabilities:
CVE-2016-0150
Included Updates:
3147458
Applies to:


Bulletin ID:
MS16-048
Title:
Security Update for CSRSS (3148528)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-0151
Included Updates:
2919355
3146723
3147458
3147461
3148528
3157663
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-047
Title:
Security Update for SAM and LSAD Remote Protocols (3148527)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.
Vulnerabilities:
CVE-2016-0128
Included Updates:
2919355
3147458
3147461
3148527
3149090
3157663
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-046
Title:
Security Update for Secondary Logon (3148538)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
Vulnerabilities:
CVE-2016-0135
Included Updates:
3147458
3157663
Applies to:
Windows 10

Bulletin ID:
MS16-045
Title:
Security Update for Windows Hyper-V (3143118)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.
Vulnerabilities:
CVE-2016-0088
CVE-2016-0089
CVE-2016-0090
Included Updates:
2919355
3135456
3143118
3147461
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-044
Title:
Security Update for Windows OLE (3146706)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
Vulnerabilities:
CVE-2016-0153
Included Updates:
3146706
Applies to:
Server Core installation option
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-042
Title:
Security Update for Microsoft Office (3148775)
Update Type:
Security Update
Severity:
Critical
Date:
2016-04-12
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0122
CVE-2016-0127
CVE-2016-0136
CVE-2016-0139
Included Updates:
3072630
3114871
3114888
3114892
3114895
3114897
3114898
3114927
3114934
3114937
3114947
3114964
3114982
3114983
3114987
3114988
3114990
3114993
3114994
3139923
3142577
3148775
3154208
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-041
Title:
Security Update for .NET Framework (3148789)
Update Type:
Security Update
Severity:
Important
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.
Vulnerabilities:
CVE-2016-0148
Included Updates:
3143693
3148789
Applies to:
Server Core installation option
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS16-040
Title:
Security Update for Microsoft XML Core Services (3148541)
Update Type:
Security Update
Severity:
Critical
Date:
2016-04-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.
Vulnerabilities:
CVE-2016-0147
Included Updates:
2919355
3146963
3147458
3147461
3148541
3157663
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-039
Title:
Security Update for Microsoft Graphics Component (3148522)
Update Type:
Security Update
Severity:
Critical
Date:
2016-04-12
Description:
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
Vulnerabilities:
CVE-2016-0143
CVE-2016-0145
CVE-2016-0165
CVE-2016-0167
Included Updates:
2919355
3072630
3114542
3114566
3114944
3114960
3114985
3139923
3142041
3142042
3142043
3142045
3142046
3144427
3144428
3144429
3144431
3144432
3145739
3147458
3147461
3148522
3157663
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-038
Title:
Cumulative Security Update for Microsoft Edge (3148532)
Update Type:
Security Update
Severity:
Critical
Date:
2016-04-12
Description:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities:
CVE-2016-0154
CVE-2016-0155
CVE-2016-0156
CVE-2016-0157
CVE-2016-0158
CVE-2016-0161
Included Updates:
3147458
3157663
Applies to:
Microsoft Edge

Bulletin ID:
MS16-037
Title:
Cumulative Security Update for Internet Explorer (3148531)
Update Type:
Security Update
Severity:
Critical
Date:
2016-04-12
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0154
CVE-2016-0159
CVE-2016-0160
CVE-2016-0162
CVE-2016-0164
CVE-2016-0166
Included Updates:
3147458
3147461
3148198
3148531
3157663
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-036
Title:
Security Update for Adobe Flash Player (3144756)
Update Type:
Security Update
Severity:
Critical
Date:
2016-03-10
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Vulnerabilities:
CVE-2015-8652
CVE-2015-8655
CVE-2015-8658
CVE-2016-0960
CVE-2016-0961
CVE-2016-0962
CVE-2016-0963
CVE-2016-0986
CVE-2016-0987
CVE-2016-0988
CVE-2016-0989
CVE-2016-0990
CVE-2016-0991
CVE-2016-0993
CVE-2016-0994
CVE-2016-0995
CVE-2016-0996
CVE-2016-1001
CVE-2016-1005
CVE-2016-1010
Included Updates:
3144756
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-035
Title:
Security Update for .NET Framework to Address Security Feature Bypass (3141780)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
Vulnerabilities:
CVE-2016-0132
Included Updates:
2919355
3135982
3135983
3135984
3135985
3135986
3135987
3135988
3135989
3135991
3135993
3135994
3135995
3135996
3135997
3135998
3136000
3141780
3148821
3149737
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-034
Title:
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-0093
CVE-2016-0094
CVE-2016-0095
CVE-2016-0096
Included Updates:
2919355
3139852
3140745
3140768
3143145
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-033
Title:
Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.
Vulnerabilities:
CVE-2016-0133
Included Updates:
2919355
3139398
3140745
3140768
3143142
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-032
Title:
Security Update for Secondary Logon to Address Elevation of Privilege (3143141)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory.
Vulnerabilities:
CVE-2016-0099
Included Updates:
2919355
3139914
3140745
3140768
3143141
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-031
Title:
Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker is able to log on to a target system and run a specially crafted application.
Vulnerabilities:
CVE-2016-0087
Included Updates:
3140410
Applies to:
Server Core installation option
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS16-030
Title:
Security Update for Windows OLE to Address Remote Code Execution (3143136)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
Vulnerabilities:
CVE-2016-0091
CVE-2016-0092
Included Updates:
2919355
3139940
3140745
3140768
3143136
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-029
Title:
Security Update for Microsoft Office to Address Remote Code Execution (3141806)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0021
CVE-2016-0057
CVE-2016-0134
Included Updates:
2880510
2956063
2956110
3039746
3114414
3114426
3114690
3114812
3114814
3114821
3114824
3114829
3114833
3114855
3114861
3114866
3114873
3114878
3114880
3114883
3114900
3114901
3138327
3138328
3141806
3143576
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-028
Title:
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)
Update Type:
Security Update
Severity:
Critical
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file.
Vulnerabilities:
CVE-2016-0117
CVE-2016-0118
Included Updates:
2919355
3137513
3140745
3140768
3143081
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-027
Title:
Security Update for Windows Media to Address Remote Code Execution (3143146)
Update Type:
Security Update
Severity:
Critical
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website.
Vulnerabilities:
CVE-2016-0098
CVE-2016-0101
Included Updates:
2919355
3138910
3138962
3140745
3140768
3143146
Applies to:
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-026
Title:
Security Update for Graphic Fonts to Address Remote Code Execution (3143148)
Update Type:
Security Update
Severity:
Critical
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts.
Vulnerabilities:
CVE-2016-0120
CVE-2016-0121
Included Updates:
2919355
3140735
3140745
3140768
3143148
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-025
Title:
Security Update for Windows Library Loading to Address Remote Code Execution (3140709)
Update Type:
Security Update
Severity:
Important
Date:
2016-03-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local system with the ability to execute a malicious application.
Vulnerabilities:
CVE-2016-0100
Included Updates:
3140709
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS16-023
Title:
Cumulative Security Update for Internet Explorer (3142015)
Update Type:
Security Update
Severity:
Critical
Date:
2016-03-08
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0102
CVE-2016-0103
CVE-2016-0104
CVE-2016-0105
CVE-2016-0106
CVE-2016-0107
CVE-2016-0108
CVE-2016-0109
CVE-2016-0110
CVE-2016-0111
CVE-2016-0112
CVE-2016-0113
CVE-2016-0114
Included Updates:
3139929
3140745
3140768
3142015
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-022
Title:
Security Update for Adobe Flash Player (3135782)
Update Type:
Security Update
Severity:
Critical
Date:
2016-02-09
Description:
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511. For more information, see the Affected Software section. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.
Vulnerabilities:
CVE-2016-0964
CVE-2016-0965
CVE-2016-0966
CVE-2016-0967
CVE-2016-0968
CVE-2016-0969
CVE-2016-0970
CVE-2016-0971
CVE-2016-0972
CVE-2016-0973
CVE-2016-0974
CVE-2016-0975
CVE-2016-0976
CVE-2016-0977
CVE-2016-0978
CVE-2016-0979
CVE-2016-0980
CVE-2016-0981
CVE-2016-0982
CVE-2016-0983
CVE-2016-0984
CVE-2016-0985
Included Updates:
3135782
Applies to:
Windows 10
Windows 8.1
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-021
Title:
Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.
Vulnerabilities:
CVE-2016-0050
Included Updates:
3133043
Applies to:
Server Core installation option
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-020
Title:
Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.
Vulnerabilities:
CVE-2016-0037
Included Updates:
3134222
Applies to:
Server Core installation option
Windows Server 2012 R2

Bulletin ID:
MS16-019
Title:
Security Update for .NET Framework to Address Denial of Service (3137893)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.
Vulnerabilities:
CVE-2016-0033
CVE-2016-0047
Included Updates:
2919355
3122646
3122648
3122649
3122651
3122653
3122654
3122655
3122656
3122658
3122660
3122661
3123055
3127219
3127220
3127221
3127222
3127223
3127225
3127226
3127227
3127229
3127230
3127231
3127233
3137893
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-018
Title:
Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-0048
Included Updates:
2919355
3134214
3135173
3135174
3136082
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-017
Title:
Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
Vulnerabilities:
CVE-2016-0036
Included Updates:
2919355
3126446
3134700
3135174
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-016
Title:
Security Update for WebDAV to Address Elevation of Privilege (3136041)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.
Vulnerabilities:
CVE-2016-0051
Included Updates:
2919355
3124280
3134146
3135173
3135174
3136041
Applies to:
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-015
Title:
Security Update for Microsoft Office to Address Remote Code Execution (3134226)
Update Type:
Security Update
Severity:
Critical
Date:
2016-02-09
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0022
CVE-2016-0039
CVE-2016-0052
CVE-2016-0053
CVE-2016-0054
CVE-2016-0055
CVE-2016-0056
Included Updates:
3039768
3114335
3114338
3114401
3114407
3114432
3114481
3114548
3114698
3114702
3114724
3114733
3114734
3114741
3114742
3114745
3114747
3114748
3114752
3114755
3114759
3114773
3134226
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software

Bulletin ID:
MS16-014
Title:
Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
Update Type:
Security Update
Severity:
Important
Date:
2016-02-09
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
Vulnerabilities:
CVE-2016-0040
CVE-2016-0041
CVE-2016-0042
CVE-2016-0044
CVE-2016-0049
Included Updates:
2919355
3126041
3126434
3126587
3126593
3134228
3135173
3135174
3155039
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-013
Title:
Security Update for Windows Journal to Address Remote Code Execution (3134811)
Update Type:
Security Update
Severity:
Critical
Date:
2016-02-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2016-0038
Included Updates:
2919355
3115858
3134811
3135173
3135174
Applies to:
Windows 10
Windows 7
Windows 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-012
Title:
Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
Update Type:
Security Update
Severity:
Critical
Date:
2016-02-09
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.
Vulnerabilities:
CVE-2016-0046
CVE-2016-0058
Included Updates:
2919355
3123294
3135174
3138938
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS16-009
Title:
Cumulative Security Update for Internet Explorer (3134220)
Update Type:
Security Update
Severity:
Critical
Date:
2016-02-09
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0041
CVE-2016-0059
CVE-2016-0060
CVE-2016-0061
CVE-2016-0062
CVE-2016-0063
CVE-2016-0064
CVE-2016-0067
CVE-2016-0068
CVE-2016-0069
CVE-2016-0071
CVE-2016-0072
CVE-2016-0077
Included Updates:
3134220
3134814
3135173
3135174
3141092
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9

Bulletin ID:
MS16-010
Title:
Security Update in Microsoft Exchange Server to Address Spoofing (3124557)
Update Type:
Security Update
Severity:
Important
Date:
2016-01-12
Description:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Vulnerabilities:
CVE-2016-0029
CVE-2016-0030
CVE-2016-0031
CVE-2016-0032
Included Updates:
3124557
Applies to:
Microsoft Server Software

Bulletin ID:
MS16-008
Title:
Security Update for Windows Kernel to Address Elevation of Privilege (3124605)
Update Type:
Security Update
Severity:
Important
Date:
2016-01-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2016-0006
CVE-2016-0007
Included Updates:
2919355
3121212
3124263
3124266
3124605
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-007
Title:
Security Update for Microsoft Windows to Address Remote Code Execution (3124901)
Update Type:
Security Update
Severity:
Important
Date:
2016-01-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
Vulnerabilities:
CVE-2016-0014
CVE-2016-0015
CVE-2016-0016
CVE-2016-0018
CVE-2016-0019
CVE-2016-0020
Included Updates:
2919355
3108664
3109560
3110329
3121461
3121918
3124263
3124266
3124901
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-006
Title:
Security Update for Silverlight to Address Remote Code Execution (3126036)
Update Type:
Security Update
Severity:
Critical
Date:
2016-01-12
Description:
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the attacker's website.
Vulnerabilities:
CVE-2016-0034
Included Updates:
3126036
Applies to:
Software

Bulletin ID:
MS16-005
Title:
Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584)
Update Type:
Security Update
Severity:
Critical
Date:
2016-01-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.
Vulnerabilities:
CVE-2016-0008
CVE-2016-0009
Included Updates:
2919355
3124000
3124001
3124263
3124266
3124584
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS16-004
Title:
Security Update for Microsoft Office to Address Remote Code Execution (3124585)
Update Type:
Security Update
Severity:
Critical
Date:
2016-01-12
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-6117
CVE-2016-0010
CVE-2016-0011
CVE-2016-0012
CVE-2016-0035
Included Updates:
2881029
2881067
2920727
3039794
3096896
3114396
3114402
3114421
3114429
3114482
3114486
3114489
3114494
3114503
3114504
3114511
3114518
3114520
3114526
3114527
3114540
3114541
3114546
3114547
3114549
3114553
3114554
3114557
3114564
3114569
3124585
3133699
3133711
Applies to:
Maximum Security Impact by Affected Software
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software
Vulnerability Severity Rating

Bulletin ID:
MS16-003
Title:
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
Update Type:
Security Update
Severity:
Critical
Date:
2016-01-12
Description:
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0002
Included Updates:
3124624
3124625
3125540
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS16-001
Title:
Cumulative Security Update for Internet Explorer (3124903)
Update Type:
Security Update
Severity:
Critical
Date:
2016-01-12
Description:
This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2016-0002
CVE-2016-0005
Included Updates:
3124263
3124266
3124275
3124903
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9