Bulletin ID: MS16-155 |
Title: Security Update for .NET Framework (3205640) |
Update Type: Security Update |
Severity: Important |
Date: 2016-12-13 |
Description: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature. | ||||
Vulnerabilities: CVE-2016-7270 |
Included Updates: 2919355 3205402 3205403 3205404 3205406 3205407 3205410 3207296 3210142 |
Applies to: Microsoft .NET Framework Updates for 4.6.2 (KB3205406) Microsoft .NET Framework Updates for 4.6.2 (KB3205407) Microsoft .NET Framework Updates for 4.6.2 (KB3205410) Server Core installation option Windows 10 Windows 2012 R2 Windows 7 Windows 8.1 Windows 8.1 RT Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-154 |
Title: Security Update for Adobe Flash Player (3209498) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-12-13 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. | ||||
Vulnerabilities: CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-7878 CVE-2016-7879 CVE-2016-7880 CVE-2016-7881 CVE-2016-7890 CVE-2016-7892 |
Included Updates: 3209498 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 |
Bulletin ID: MS16-153 |
Title: Security Update for Common Log File System Driver (3207328) |
Update Type: Security Update |
Severity: Important |
Date: 2016-12-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Information Disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation. | ||||
Vulnerabilities: CVE-2016-7295 |
Included Updates: 2919355 3203838 3205394 3205400 3205401 3205408 3205409 3207296 3207752 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-152 |
Title: Security Update for Windows Kernel (3199709) |
Update Type: Security Update |
Severity: Important |
Date: 2016-12-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory. | ||||
Vulnerabilities: CVE-2016-7258 |
Included Updates: 3207296 |
Applies to: Server Core installation option Windows 10 Windows Server 2016 |
Bulletin ID: MS16-151 |
Title: Security Update for Windows Kernel-Mode Drivers (3205651) |
Update Type: Security Update |
Severity: Important |
Date: 2016-12-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. | ||||
Vulnerabilities: CVE-2016-7259 CVE-2016-7260 |
Included Updates: 2919355 3204723 3205394 3205400 3205401 3205408 3205409 3207752 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-150 |
Title: Security Update for Secure Kernel Mode (3205642) |
Update Type: Security Update |
Severity: Important |
Date: 2016-12-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). | ||||
Vulnerabilities: CVE-2016-7271 |
Included Updates: 3207296 |
Applies to: Server Core installation option Windows 10 Windows Server 2016 |
Bulletin ID: MS16-149 |
Title: Security Update for Microsoft Windows (3205655) |
Update Type: Security Update |
Severity: Important |
Date: 2016-12-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-7219 CVE-2016-7292 |
Included Updates: 2919355 3196726 3204808 3205394 3205400 3205401 3205408 3205409 3207296 3207752 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-148 |
Title: Security Update for Microsoft Office (3204068) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-12-13 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-7257 CVE-2016-7262 CVE-2016-7263 CVE-2016-7264 CVE-2016-7265 CVE-2016-7266 CVE-2016-7267 CVE-2016-7268 CVE-2016-7275 CVE-2016-7276 CVE-2016-7277 CVE-2016-7289 CVE-2016-7290 CVE-2016-7291 CVE-2016-7298 CVE-2016-7300 |
Included Updates: 2883033 2889841 3114395 3118380 3127892 3127968 3127986 3127995 3128008 3128016 3128019 3128020 3128022 3128023 3128024 3128025 3128026 3128029 3128032 3128034 3128035 3128037 3128043 3128044 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Other Office Software |
Bulletin ID: MS16-147 |
Title: Security Update for Microsoft Uniscribe (3204063) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-12-13 |
Description: This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-7274 |
Included Updates: 2919355 3196348 3205394 3205400 3205401 3205408 3205409 3207296 3207752 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-146 |
Title: Security Update for Microsoft Graphics Component (3204066) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-12-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-7257 CVE-2016-7272 CVE-2016-7273 |
Included Updates: 2919355 3204724 3205394 3205400 3205401 3205408 3205409 3205638 3207296 3207752 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-144 |
Title: Cumulative Security Update for Internet Explorer (3204059) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-12-13 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-7202 CVE-2016-7278 CVE-2016-7279 CVE-2016-7281 CVE-2016-7282 CVE-2016-7283 CVE-2016-7284 CVE-2016-7287 |
Included Updates: 3203621 3205383 3205386 3205394 3205400 3205401 3205408 3205409 3206632 3207296 3207752 3208481 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-142 |
Title: Cumulative Security Update for Internet Explorer (3198467) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-7195 CVE-2016-7196 CVE-2016-7198 CVE-2016-7199 CVE-2016-7227 CVE-2016-7239 CVE-2016-7241 |
Included Updates: 3197655 3197867 3197868 3197873 3197874 3197876 3197877 3198585 3198586 3199442 3200970 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-141 |
Title: Security Update for Adobe Flash Player (3202790) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. | ||||
Vulnerabilities: CVE-2016-7857 CVE-2016-7858 CVE-2016-7859 CVE-2016-7860 CVE-2016-7861 CVE-2016-7862 CVE-2016-7863 CVE-2016-7864 CVE-2016-7865 |
Included Updates: 3202790 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 |
Bulletin ID: MS16-140 |
Title: Security Update for Boot Manager (3193479) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy. | ||||
Vulnerabilities: CVE-2016-7247 |
Included Updates: 2919355 3197873 3197874 3197876 3197877 3198389 3198585 3198586 3199442 3200970 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 |
Bulletin ID: MS16-139 |
Title: Security Update for Windows Kernel (3199720) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method. | ||||
Vulnerabilities: CVE-2016-7216 |
Included Updates: 3197867 3197868 3198483 |
Applies to: Server Core installation option Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
Bulletin ID: MS16-138 |
Title: Security Update for Microsoft Virtual Hard Disk Driver (3199647) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability. | ||||
Vulnerabilities: CVE-2016-7223 CVE-2016-7224 CVE-2016-7225 CVE-2016-7226 |
Included Updates: 2919355 3197873 3197874 3197876 3197877 3198585 3198586 3199442 3200970 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 |
Bulletin ID: MS16-137 |
Title: Security Update for Windows Authentication Methods (3199173) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests. | ||||
Vulnerabilities: CVE-2016-7220 CVE-2016-7237 CVE-2016-7238 |
Included Updates: 2919355 3197867 3197868 3197873 3197874 3197876 3197877 3198510 3198585 3198586 3199442 3200970 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-136 |
Title: Security Update for SQL Server (3199641) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting. | ||||
Vulnerabilities: CVE-2016-7249 CVE-2016-7250 CVE-2016-7251 CVE-2016-7252 CVE-2016-7253 CVE-2016-7254 |
Included Updates: 3194714 3194716 3194717 3194718 3194719 3194720 3194721 3194722 3194724 3194725 |
Applies to: SQL Server 2012 Service Pack 2 SQL Server 2012 Service Pack 3 SQL Server 2014 Service Pack 1 SQL Server 2014 Service Pack 2 SQL Server 2016 |
Bulletin ID: MS16-135 |
Title: Security Update for Windows Kernel-Mode Drivers (3199135) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. | ||||
Vulnerabilities: CVE-2016-7214 CVE-2016-7215 CVE-2016-7218 CVE-2016-7246 CVE-2016-7255 |
Included Updates: 2919355 3194371 3197867 3197868 3197873 3197874 3197876 3197877 3198218 3198234 3198585 3198586 3200970 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-134 |
Title: Security Update for Common Log File System Driver (3193706) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context. | ||||
Vulnerabilities: CVE-2016-0026 CVE-2016-3332 CVE-2016-3333 CVE-2016-3334 CVE-2016-3335 CVE-2016-3338 CVE-2016-3340 CVE-2016-3342 CVE-2016-3343 CVE-2016-7184 |
Included Updates: 2919355 3181707 3197867 3197868 3197873 3197874 3197876 3197877 3198585 3198586 3199442 3200970 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-133 |
Title: Security Update for Microsoft Office (3199168) |
Update Type: Security Update |
Severity: Important |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-7213 CVE-2016-7228 CVE-2016-7229 CVE-2016-7230 CVE-2016-7231 CVE-2016-7232 CVE-2016-7233 CVE-2016-7234 CVE-2016-7235 CVE-2016-7236 CVE-2016-7244 CVE-2016-7245 |
Included Updates: 2986253 3115120 3115135 3115153 3118378 3118381 3118382 3118390 3118395 3118396 3127889 3127893 3127904 3127921 3127927 3127929 3127932 3127948 3127949 3127950 3127951 3127953 3127954 3127962 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-132 |
Title: Security Update for Microsoft Graphics Component (3199120) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow a remote code execution. The vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-7205 CVE-2016-7210 CVE-2016-7217 CVE-2016-7256 |
Included Updates: 2919355 3197867 3197868 3197873 3197874 3197876 3197877 3198585 3198586 3199442 3200970 3203859 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-131 |
Title: Security Update for Microsoft Video Control (3199151) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-11-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message. | ||||
Vulnerabilities: CVE-2016-7248 |
Included Updates: 2919355 3197867 3197868 3197873 3197874 3198218 3198585 3198586 3199442 3200970 |
Applies to: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Vista |
Bulletin ID: MS16-130 |
Title: Security Update for Microsoft Windows (3199172) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-7212 CVE-2016-7221 CVE-2016-7222 |
Included Updates: 2919355 3193418 3196718 3197867 3197868 3197873 3197874 3197876 3197877 3198585 3198586 3199442 3200970 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Vista |
Bulletin ID: MS16-129 |
Title: Cumulative Security Update for Microsoft Edge (3199057) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-11-08 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-7195 CVE-2016-7196 CVE-2016-7198 CVE-2016-7199 CVE-2016-7200 CVE-2016-7201 CVE-2016-7202 CVE-2016-7203 CVE-2016-7204 CVE-2016-7208 CVE-2016-7209 CVE-2016-7227 CVE-2016-7239 CVE-2016-7240 CVE-2016-7241 CVE-2016-7242 CVE-2016-7243 |
Included Updates: 3198585 3198586 3200970 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-128 |
Title: Security Update for Adobe Flash Player (3201860) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-10-28 |
Description: This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-7855 |
Included Updates: 3201860 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-127 |
Title: Security Update for Adobe Flash Player (3194343) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-10-11 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6991 CVE-2016-6992 |
Included Updates: 3194343 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-126 |
Title: Security Update for Microsoft Internet Messaging API (3196067) |
Update Type: Security Update |
Severity: Moderate |
Date: 2016-10-11 |
Description: This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. | ||||
Vulnerabilities: CVE-2016-3298 |
Included Updates: 3185330 3192391 3193515 3196067 |
Applies to: Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
Bulletin ID: MS16-125 |
Title: Security Update for Diagnostics Hub (3193229) |
Update Type: Security Update |
Severity: Important |
Date: 2016-10-11 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-7188 |
Included Updates: 3192440 3192441 3194798 3195038 |
Applies to: Windows 10 |
Bulletin ID: MS16-124 |
Title: Security Update for Windows Registry (3193227) |
Update Type: Security Update |
Severity: Important |
Date: 2016-10-11 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information. | ||||
Vulnerabilities: CVE-2016-0070 CVE-2016-0073 CVE-2016-0075 CVE-2016-0079 |
Included Updates: 3185330 3185331 3185332 3191256 3192391 3192392 3192393 3192440 3192441 3193227 3194798 3195038 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-123 |
Title: Security Update for Windows Kernel-Mode Drivers (3192892) |
Update Type: Security Update |
Severity: Important |
Date: 2016-10-11 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. | ||||
Vulnerabilities: CVE-2016-3266 CVE-2016-3341 CVE-2016-3376 CVE-2016-7185 CVE-2016-7191 |
Included Updates: 3183431 3185330 3185331 3185332 3192391 3192392 3192393 3192440 3192441 3192892 3194798 3195038 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-122 |
Title: Security Update for Microsoft Video Control (3195360) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-10-11 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message. | ||||
Vulnerabilities: CVE-2016-0142 |
Included Updates: 3185330 3185331 3190847 3192391 3192392 3192440 3192441 3194798 3195038 3195360 |
Applies to: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Vista |
Bulletin ID: MS16-121 |
Title: Security Update for Microsoft Office (3194063) |
Update Type: Security Update |
Severity: Important |
Date: 2016-10-11 |
Description: This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. | ||||
Vulnerabilities: CVE-2016-7193 |
Included Updates: 3118307 3118308 3118311 3118312 3118331 3118345 3118352 3118360 3118377 3118384 3127897 3127898 3194063 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-120 |
Title: Security Update for Microsoft Graphics Component (3192884) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-10-11 |
Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3209 CVE-2016-3262 CVE-2016-3263 CVE-2016-3270 CVE-2016-3393 CVE-2016-3396 CVE-2016-7182 |
Included Updates: 2919355 3118301 3118317 3118327 3118348 3118394 3185330 3185331 3185332 3188397 3188400 3188730 3188731 3188732 3188734 3188736 3188740 3188741 3188743 3188744 3189017 3189598 3191203 3192391 3192392 3192393 3192440 3192441 3193713 3194798 3195038 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-119 |
Title: Cumulative Security Update for Microsoft Edge (3192890) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-10-11 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3267 CVE-2016-3331 CVE-2016-3382 CVE-2016-3386 CVE-2016-3387 CVE-2016-3388 CVE-2016-3389 CVE-2016-3390 CVE-2016-3391 CVE-2016-3392 CVE-2016-7189 CVE-2016-7190 CVE-2016-7194 |
Included Updates: 3192440 3192441 3194798 3195038 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-118 |
Title: Cumulative Security Update for Internet Explorer (3192887) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-10-11 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3267 CVE-2016-3298 CVE-2016-3331 CVE-2016-3382 CVE-2016-3383 CVE-2016-3384 CVE-2016-3385 CVE-2016-3387 CVE-2016-3388 CVE-2016-3390 CVE-2016-3391 |
Included Updates: 3185330 3185331 3185332 3191492 3192391 3192392 3192393 3192440 3192441 3192887 3194798 3195038 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-117 |
Title: Security Update for Adobe Flash Player (3188128) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-4271 CVE-2016-4272 CVE-2016-4274 CVE-2016-4275 CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279 CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283 CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921 CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925 CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930 CVE-2016-6931 CVE-2016-6932 |
Included Updates: 3188128 3188966 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-116 |
Title: Security Update in OLE Automation for VBScript Scripting Engine (3188724) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104. | ||||
Vulnerabilities: CVE-2016-3375 |
Included Updates: 3184122 3185614 3188724 3188966 3193494 3193821 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-115 |
Title: Security Update for Microsoft Windows PDF Library (3188733) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document. | ||||
Vulnerabilities: CVE-2016-3370 CVE-2016-3374 |
Included Updates: 3184943 3185614 3188733 3188966 3193494 3193821 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-114 |
Title: Security Update for Windows SMBv1 Server (3185879) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service. | ||||
Vulnerabilities: CVE-2016-3345 |
Included Updates: 3177186 3185614 3185879 3188966 3193494 3193821 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-113 |
Title: Security Update for Windows Secure Kernel Mode (3185876) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory. | ||||
Vulnerabilities: CVE-2016-3344 |
Included Updates: 3185614 3188966 3193821 |
Applies to: Windows 10 |
Bulletin ID: MS16-112 |
Title: Security Update for Windows Lock Screen (3178469) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen. | ||||
Vulnerabilities: CVE-2016-3302 |
Included Updates: 3178469 3178539 3185614 3188966 3193494 3193821 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Bulletin ID: MS16-111 |
Title: Security Update for Windows Kernel (3186973) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system. | ||||
Vulnerabilities: CVE-2016-3305 CVE-2016-3306 CVE-2016-3371 CVE-2016-3372 CVE-2016-3373 |
Included Updates: 3175024 3185614 3186973 3188966 3193494 3193821 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-110 |
Title: Security Update for Microsoft Windows (3178467) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system. | ||||
Vulnerabilities: CVE-2016-3346 CVE-2016-3352 CVE-2016-3368 CVE-2016-3369 |
Included Updates: 3178467 3184471 3185614 3187754 3188966 3193494 3193821 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-109 |
Title: Security Update for Silverlight (3182373) |
Update Type: Security Update |
Severity: Important |
Date: 2016-09-13 |
Description: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website. | ||||
Vulnerabilities: CVE-2016-3367 |
Included Updates: 3182373 |
Applies to: Software |
Bulletin ID: MS16-108 |
Title: Security Update for Microsoft Exchange Server (3185883) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server. | ||||
Vulnerabilities: CVE-2016-0138 CVE-2016-3378 CVE-2016-3379 |
Included Updates: 3184711 3184728 3184736 3185883 |
Applies to: Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Bulletin ID: MS16-107 |
Title: Security Update for Microsoft Office (3185852) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0137 CVE-2016-0141 CVE-2016-3357 CVE-2016-3358 CVE-2016-3359 CVE-2016-3360 CVE-2016-3361 CVE-2016-3362 CVE-2016-3363 CVE-2016-3364 CVE-2016-3365 CVE-2016-3366 CVE-2016-3381 |
Included Updates: 2553432 2597974 3054862 3054969 3114744 3115112 3115119 3115169 3115443 3115459 3115462 3115463 3115466 3115467 3115472 3115487 3118268 3118270 3118280 3118284 3118290 3118292 3118293 3118297 3118299 3118300 3118303 3118309 3118313 3118316 3185852 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-106 |
Title: Security Update for Microsoft Graphics Component (3185848) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3348 CVE-2016-3349 CVE-2016-3354 CVE-2016-3355 CVE-2016-3356 |
Included Updates: 3185614 3185848 3185911 3188966 3193494 3193821 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-105 |
Title: Cumulative Security Update for Microsoft Edge (3183043) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3247 CVE-2016-3291 CVE-2016-3294 CVE-2016-3295 CVE-2016-3297 CVE-2016-3325 CVE-2016-3330 CVE-2016-3350 CVE-2016-3351 CVE-2016-3370 CVE-2016-3374 CVE-2016-3377 |
Included Updates: 3185614 3188966 3193494 3193821 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-104 |
Title: Cumulative Security Update for Internet Explorer (3183038) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-09-13 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3247 CVE-2016-3291 CVE-2016-3292 CVE-2016-3295 CVE-2016-3297 CVE-2016-3324 CVE-2016-3325 CVE-2016-3351 CVE-2016-3353 CVE-2016-3375 |
Included Updates: 3183038 3185319 3185614 3188966 3193494 3193821 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-103 |
Title: Security Update for ActiveSyncProvider (3182332) |
Update Type: Security Update |
Severity: Important |
Date: 2016-08-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection. | ||||
Vulnerabilities: CVE-2016-3312 |
Included Updates: 3176492 3176493 3176494 |
Applies to: Windows 10 |
Bulletin ID: MS16-102 |
Title: Security Update for Microsoft Windows PDF Library (3182248) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-08-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3319 |
Included Updates: 3175887 3176492 3176493 3176494 3176495 3182248 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-101 |
Title: Security Update for Windows Authentication Methods (3178465) |
Update Type: Security Update |
Severity: Important |
Date: 2016-08-09 |
Description: This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system. | ||||
Vulnerabilities: CVE-2016-3237 CVE-2016-3300 |
Included Updates: 3167679 3176492 3176493 3176494 3176495 3177108 3178465 3185330 3185331 3185332 3192391 3192392 3192393 3192440 3192441 3194798 3195038 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-100 |
Title: Security Update for Secure Boot (3179577) |
Update Type: Security Update |
Severity: Important |
Date: 2016-08-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot manager and bypasses Windows security features. | ||||
Vulnerabilities: CVE-2016-3320 |
Included Updates: 3172729 3179577 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-099 |
Title: Security Update for Microsoft Office (3177451) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-08-09 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3313 CVE-2016-3315 CVE-2016-3316 CVE-2016-3317 CVE-2016-3318 |
Included Updates: 3114340 3114400 3114442 3114456 3114869 3114885 3114981 3115256 3115415 3115419 3115427 3115439 3115440 3115449 3115452 3115468 3115471 3115474 3177451 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-098 |
Title: Security Update for Windows Kernel-Mode Drivers (3178466) |
Update Type: Security Update |
Severity: Important |
Date: 2016-08-09 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. | ||||
Vulnerabilities: CVE-2016-3308 CVE-2016-3309 CVE-2016-3310 CVE-2016-3311 |
Included Updates: 3176492 3176493 3176494 3176495 3177725 3178466 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-097 |
Title: Security Update for Microsoft Graphics Component (3177393) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-08-09 |
Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3301 CVE-2016-3303 CVE-2016-3304 |
Included Updates: 3115109 3115131 3115408 3115431 3115481 3174301 3174304 3176492 3176493 3176494 3176495 3177393 3178034 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-096 |
Title: Cumulative Security Update for Microsoft Edge (3177358) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-08-09 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3289 CVE-2016-3293 CVE-2016-3296 CVE-2016-3319 CVE-2016-3322 CVE-2016-3326 CVE-2016-3327 CVE-2016-3329 |
Included Updates: 3176492 3176493 3176494 3176495 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-095 |
Title: Cumulative Security Update for Internet Explorer (3177356) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-08-09 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3288 CVE-2016-3289 CVE-2016-3290 CVE-2016-3293 CVE-2016-3321 CVE-2016-3322 CVE-2016-3326 CVE-2016-3327 CVE-2016-3329 |
Included Updates: 3175443 3176492 3176493 3176494 3176495 3177356 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-094 |
Title: Security Update for Secure Boot (3177404) |
Update Type: Security Update |
Severity: Important |
Date: 2016-07-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot. | ||||
Vulnerabilities: CVE-2016-3287 |
Included Updates: 2919355 3163912 3172727 3172985 3172989 3177404 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-093 |
Title: Security Update for Adobe Flash Player (3174060) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4182 CVE-2016-4185 CVE-2016-4188 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 |
Included Updates: 3163912 3172989 3174060 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-092 |
Title: Security Update for Windows Kernel (3171910) |
Update Type: Security Update |
Severity: Important |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features. | ||||
Vulnerabilities: CVE-2016-3258 CVE-2016-3272 |
Included Updates: 2919355 3163912 3169704 3170377 3171910 3172985 3172989 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-091 |
Title: Security Update for .NET Framework (3170048) |
Update Type: Security Update |
Severity: Important |
Date: 2016-07-12 |
Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application. | ||||
Vulnerabilities: CVE-2016-3255 |
Included Updates: 2919355 3163244 3163245 3163246 3163247 3163248 3163249 3163250 3163251 3163291 3163912 3164023 3164024 3164025 3170048 3172985 3172989 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-090 |
Title: Security Update for Windows Kernel-Mode Drivers (3171481) |
Update Type: Security Update |
Severity: Important |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. | ||||
Vulnerabilities: CVE-2016-3249 CVE-2016-3250 CVE-2016-3251 CVE-2016-3252 CVE-2016-3254 CVE-2016-3286 |
Included Updates: 2919355 3163912 3168965 3171481 3172985 3172989 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-089 |
Title: Security Update for Windows Secure Kernel Mode (3170050) |
Update Type: Security Update |
Severity: Important |
Date: 2016-07-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory. | ||||
Vulnerabilities: CVE-2016-3256 |
Included Updates: 3163912 3172985 3172989 |
Applies to: Windows 10 |
Bulletin ID: MS16-088 |
Title: Security Update for Microsoft Office (3170008) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3278 CVE-2016-3279 CVE-2016-3280 CVE-2016-3281 CVE-2016-3282 CVE-2016-3283 CVE-2016-3284 |
Included Updates: 3114890 3115114 3115118 3115246 3115254 3115259 3115262 3115272 3115279 3115285 3115289 3115292 3115294 3115299 3115301 3115306 3115308 3115309 3115311 3115312 3115315 3115317 3115318 3115322 3115386 3115393 3115395 3170008 3170460 3170463 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-087 |
Title: Security Update for Windows Print Spooler Components (3170005) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network. | ||||
Vulnerabilities: CVE-2016-3238 CVE-2016-3239 |
Included Updates: 2919355 3163912 3170005 3170455 3172985 3172989 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-086 |
Title: Cumulative Security Update for JScript and VBScript (3169996) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-07-12 |
Description: This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3204 |
Included Updates: 3169658 3169659 3169996 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
Bulletin ID: MS16-085 |
Title: Cumulative Security Update for Microsoft Edge (3169999) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3244 CVE-2016-3246 CVE-2016-3248 CVE-2016-3259 CVE-2016-3260 CVE-2016-3264 CVE-2016-3265 CVE-2016-3269 CVE-2016-3271 CVE-2016-3273 CVE-2016-3274 CVE-2016-3276 CVE-2016-3277 |
Included Updates: 3163912 3172985 3172989 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-084 |
Title: Cumulative Security Update for Internet Explorer (3169991) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-07-12 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3204 CVE-2016-3240 CVE-2016-3241 CVE-2016-3242 CVE-2016-3243 CVE-2016-3245 CVE-2016-3248 CVE-2016-3259 CVE-2016-3260 CVE-2016-3261 CVE-2016-3264 CVE-2016-3273 CVE-2016-3274 CVE-2016-3276 CVE-2016-3277 |
Included Updates: 3163912 3169991 3170106 3172985 3172989 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-083 |
Title: Security Update for Adobe Flash Player (3167685) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-06-16 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-4121 CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4126 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 |
Included Updates: 3167685 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-082 |
Title: Security Update for Microsoft Windows Search Component (3165270) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-3230 |
Included Updates: 2919355 3161958 3163017 3163018 3165270 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-081 |
Title: Security Update for Active Directory (3160352) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain. | ||||
Vulnerabilities: CVE-2016-3226 |
Included Updates: 3160352 |
Applies to: Server Core installation option Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-080 |
Title: Security Update for Microsoft Windows PDF (3164302) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file. | ||||
Vulnerabilities: CVE-2016-3201 CVE-2016-3203 CVE-2016-3215 |
Included Updates: 2919355 3157569 3163017 3163018 3164302 |
Applies to: Windows 10 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-079 |
Title: Security Update for Microsoft Exchange Server (3160339) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilites in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL. | ||||
Vulnerabilities: CVE-2015-6013 CVE-2015-6014 CVE-2015-6015 CVE-2016-0028 |
Included Updates: 3150501 3151086 3151097 3160339 |
Applies to: Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Bulletin ID: MS16-078 |
Title: Security Update for Windows Diagnostic Hub (3165479) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-3231 |
Included Updates: 3163017 3163018 |
Applies to: |
Bulletin ID: MS16-077 |
Title: Security Update for WPAD (3165191) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system. | ||||
Vulnerabilities: CVE-2016-3213 CVE-2016-3236 CVE-2016-3299 |
Included Updates: 2919355 3161949 3163017 3163018 3165191 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-076 |
Title: Security Update for Netlogon (3167691) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller. | ||||
Vulnerabilities: CVE-2016-3228 |
Included Updates: 2919355 3161561 3162343 3167691 |
Applies to: Server Core installation option Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-075 |
Title: Security Update for Windows SMB Server (3164038) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-3225 |
Included Updates: 2919355 3161561 3163017 3163018 3164038 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-074 |
Title: Security Update for Microsoft Graphics Component (3164036) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website. | ||||
Vulnerabilities: CVE-2016-3216 CVE-2016-3219 CVE-2016-3220 |
Included Updates: 2919355 3163017 3163018 3164033 3164035 3164036 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-073 |
Title: Security Update for Windows Kernel-Mode Drivers (3164028) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-3218 CVE-2016-3221 CVE-2016-3232 |
Included Updates: 2919355 3161664 3163017 3163018 3164028 3164294 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-072 |
Title: Security Update for Group Policy (3163622) |
Update Type: Security Update |
Severity: Important |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. | ||||
Vulnerabilities: CVE-2016-3223 |
Included Updates: 2919355 3159398 3163016 3163017 3163018 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-071 |
Title: Security Update for Microsoft Windows DNS Server (3164065) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-06-14 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server. | ||||
Vulnerabilities: CVE-2016-3227 |
Included Updates: 2919355 3161951 3164065 |
Applies to: Server Core installation option Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-070 |
Title: Security Update for Microsoft Office (3163610) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0025 CVE-2016-3233 CVE-2016-3234 CVE-2016-3235 |
Included Updates: 2596915 2999465 3114740 3114862 3114872 3115014 3115020 3115041 3115107 3115111 3115130 3115134 3115144 3115170 3115173 3115182 3115187 3115194 3115195 3115196 3115198 3115243 3115244 3163610 3165796 3165798 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-069 |
Title: Cumulative Security Update for JScript and VBScript (3163640) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-3205 CVE-2016-3206 CVE-2016-3207 |
Included Updates: 3158363 3158364 3163640 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
Bulletin ID: MS16-068 |
Title: Cumulative Security Update for Microsoft Edge (3163656) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-3198 CVE-2016-3199 CVE-2016-3201 CVE-2016-3202 CVE-2016-3203 CVE-2016-3214 CVE-2016-3215 CVE-2016-3222 |
Included Updates: 3163017 3163018 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-063 |
Title: Cumulative Security Update for Internet Explorer (3163649) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-06-14 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0199 CVE-2016-0200 CVE-2016-3202 CVE-2016-3205 CVE-2016-3206 CVE-2016-3207 CVE-2016-3210 CVE-2016-3211 CVE-2016-3212 CVE-2016-3213 |
Included Updates: 3160005 3163016 3163017 3163018 3163649 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-067 |
Title: Security Update for Volume Manager Driver (3155784) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user. | ||||
Vulnerabilities: CVE-2016-0190 |
Included Updates: 3155784 |
Applies to: Server Core installation option Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-066 |
Title: Security Update for Virtual Secure Mode (3155451) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows. | ||||
Vulnerabilities: CVE-2016-0181 |
Included Updates: 3156387 3156421 |
Applies to: |
Bulletin ID: MS16-065 |
Title: Security Update for .NET Framework (3156757) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server. | ||||
Vulnerabilities: CVE-2016-0149 |
Included Updates: 3142023 3142024 3142025 3142026 3142027 3142029 3142030 3142032 3142033 3142035 3142036 3142037 3156387 3156421 3156757 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-064 |
Title: Security Update for Adobe Flash Player (3157993) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-1096 CVE-2016-1097 CVE-2016-1098 CVE-2016-1099 CVE-2016-1100 CVE-2016-1101 CVE-2016-1102 CVE-2016-1103 CVE-2016-1104 CVE-2016-1105 CVE-2016-1106 CVE-2016-1107 CVE-2016-1108 CVE-2016-1109 CVE-2016-1110 CVE-2016-4108 CVE-2016-4109 CVE-2016-4110 CVE-2016-4111 CVE-2016-4112 CVE-2016-4113 CVE-2016-4114 CVE-2016-4115 CVE-2016-4116 CVE-2016-4117 |
Included Updates: 3156387 3156421 3157993 3163207 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-062 |
Title: Security Update for Windows Kernel-Mode Drivers (3158222) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0171 CVE-2016-0173 CVE-2016-0174 CVE-2016-0175 CVE-2016-0176 CVE-2016-0196 CVE-2016-0197 |
Included Updates: 2919355 3153199 3156017 3156387 3156421 3158222 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-061 |
Title: Security Update for Microsoft RPC (3155520) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host. | ||||
Vulnerabilities: CVE-2016-0178 |
Included Updates: 2919355 3153171 3153704 3155520 3156387 3156421 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-060 |
Title: Security Update for Windows Kernel (3154846) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0180 |
Included Updates: 2919355 3153171 3154846 3156387 3156421 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-059 |
Title: Security Update for Windows Media Center (3150220) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0185 |
Included Updates: 3150220 |
Applies to: Windows 7 Windows 8.1 Windows Vista |
Bulletin ID: MS16-058 |
Title: Security Update for Windows IIS (3141083) |
Update Type: Security Update |
Severity: Important |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0152 |
Included Updates: 3141083 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
Bulletin ID: MS16-057 |
Title: Security Update for Windows Shell (3156987) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0179 |
Included Updates: 2919355 3156059 3156387 3156421 3156987 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Bulletin ID: MS16-056 |
Title: Security Update for Windows Journal (3156761) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0182 |
Included Updates: 3155178 3156387 3156421 3156761 |
Applies to: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Vista |
Bulletin ID: MS16-055 |
Title: Security Update for Microsoft Graphics Component (3156754) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0168 CVE-2016-0169 CVE-2016-0170 CVE-2016-0184 CVE-2016-0195 |
Included Updates: 2919355 3156013 3156016 3156019 3156387 3156421 3156754 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-054 |
Title: Security Update for Microsoft Office (3155544) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0126 CVE-2016-0140 CVE-2016-0183 CVE-2016-0198 |
Included Updates: 2984938 2984943 3054984 3101520 3114893 3115016 3115025 3115094 3115103 3115115 3115116 3115117 3115121 3115123 3115124 3115132 3115464 3115465 3115479 3115480 3155544 3155776 3155777 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-053 |
Title: Cumulative Security Update for JScript and VBScript (3156764) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0187 CVE-2016-0189 |
Included Updates: 3155413 3155533 3156764 3158991 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
Bulletin ID: MS16-052 |
Title: Cumulative Security Update for Microsoft Edge (3155538) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0186 CVE-2016-0191 CVE-2016-0192 CVE-2016-0193 |
Included Updates: 3156387 3156421 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-051 |
Title: Cumulative Security Update for Internet Explorer (3155533) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-05-10 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0187 CVE-2016-0188 CVE-2016-0189 CVE-2016-0192 CVE-2016-0194 |
Included Updates: 3154070 3155533 3156387 3156421 3158987 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-050 |
Title: Security Update for Adobe Flash Player (3154132) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-04-12 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012 CVE-2016-1013 CVE-2016-1014 CVE-2016-1015 CVE-2016-1016 CVE-2016-1017 CVE-2016-1018 CVE-2016-1019 |
Included Updates: 3154132 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-049 |
Title: Security Update for HTTP.sys (3148795) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system. | ||||
Vulnerabilities: CVE-2016-0150 |
Included Updates: 3147458 |
Applies to: |
Bulletin ID: MS16-048 |
Title: Security Update for CSRSS (3148528) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0151 |
Included Updates: 2919355 3146723 3147458 3147461 3148528 3157663 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-047 |
Title: Security Update for SAM and LSAD Remote Protocols (3148527) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user. | ||||
Vulnerabilities: CVE-2016-0128 |
Included Updates: 2919355 3147458 3147461 3148527 3149090 3157663 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-046 |
Title: Security Update for Secondary Logon (3148538) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. | ||||
Vulnerabilities: CVE-2016-0135 |
Included Updates: 3147458 3157663 |
Applies to: Windows 10 |
Bulletin ID: MS16-045 |
Title: Security Update for Windows Hyper-V (3143118) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected. | ||||
Vulnerabilities: CVE-2016-0088 CVE-2016-0089 CVE-2016-0090 |
Included Updates: 2919355 3135456 3143118 3147461 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-044 |
Title: Security Update for Windows OLE (3146706) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message. | ||||
Vulnerabilities: CVE-2016-0153 |
Included Updates: 3146706 |
Applies to: Server Core installation option Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-042 |
Title: Security Update for Microsoft Office (3148775) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-04-12 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0122 CVE-2016-0127 CVE-2016-0136 CVE-2016-0139 |
Included Updates: 3072630 3114871 3114888 3114892 3114895 3114897 3114898 3114927 3114934 3114937 3114947 3114964 3114982 3114983 3114987 3114988 3114990 3114993 3114994 3139923 3142577 3148775 3154208 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-041 |
Title: Security Update for .NET Framework (3148789) |
Update Type: Security Update |
Severity: Important |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. | ||||
Vulnerabilities: CVE-2016-0148 |
Included Updates: 3143693 3148789 |
Applies to: Server Core installation option Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
Bulletin ID: MS16-040 |
Title: Security Update for Microsoft XML Core Services (3148541) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-04-12 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message. | ||||
Vulnerabilities: CVE-2016-0147 |
Included Updates: 2919355 3146963 3147458 3147461 3148541 3157663 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-039 |
Title: Security Update for Microsoft Graphics Component (3148522) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-04-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. | ||||
Vulnerabilities: CVE-2016-0143 CVE-2016-0145 CVE-2016-0165 CVE-2016-0167 |
Included Updates: 2919355 3072630 3114542 3114566 3114944 3114960 3114985 3139923 3142041 3142042 3142043 3142045 3142046 3144427 3144428 3144429 3144431 3144432 3145739 3147458 3147461 3148522 3157663 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-038 |
Title: Cumulative Security Update for Microsoft Edge (3148532) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-04-12 |
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0154 CVE-2016-0155 CVE-2016-0156 CVE-2016-0157 CVE-2016-0158 CVE-2016-0161 |
Included Updates: 3147458 3157663 |
Applies to: Microsoft Edge |
Bulletin ID: MS16-037 |
Title: Cumulative Security Update for Internet Explorer (3148531) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-04-12 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0154 CVE-2016-0159 CVE-2016-0160 CVE-2016-0162 CVE-2016-0164 CVE-2016-0166 |
Included Updates: 3147458 3147461 3148198 3148531 3157663 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-036 |
Title: Security Update for Adobe Flash Player (3144756) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-03-10 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. | ||||
Vulnerabilities: CVE-2015-8652 CVE-2015-8655 CVE-2015-8658 CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-1001 CVE-2016-1005 CVE-2016-1010 |
Included Updates: 3144756 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-035 |
Title: Security Update for .NET Framework to Address Security Feature Bypass (3141780) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document. | ||||
Vulnerabilities: CVE-2016-0132 |
Included Updates: 2919355 3135982 3135983 3135984 3135985 3135986 3135987 3135988 3135989 3135991 3135993 3135994 3135995 3135996 3135997 3135998 3136000 3141780 3148821 3149737 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-034 |
Title: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0093 CVE-2016-0094 CVE-2016-0095 CVE-2016-0096 |
Included Updates: 2919355 3139852 3140745 3140768 3143145 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-033 |
Title: Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system. | ||||
Vulnerabilities: CVE-2016-0133 |
Included Updates: 2919355 3139398 3140745 3140768 3143142 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-032 |
Title: Security Update for Secondary Logon to Address Elevation of Privilege (3143141) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory. | ||||
Vulnerabilities: CVE-2016-0099 |
Included Updates: 2919355 3139914 3140745 3140768 3143141 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-031 |
Title: Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker is able to log on to a target system and run a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0087 |
Included Updates: 3140410 |
Applies to: Server Core installation option Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
Bulletin ID: MS16-030 |
Title: Security Update for Windows OLE to Address Remote Code Execution (3143136) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message. | ||||
Vulnerabilities: CVE-2016-0091 CVE-2016-0092 |
Included Updates: 2919355 3139940 3140745 3140768 3143136 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-029 |
Title: Security Update for Microsoft Office to Address Remote Code Execution (3141806) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0021 CVE-2016-0057 CVE-2016-0134 |
Included Updates: 2880510 2956063 2956110 3039746 3114414 3114426 3114690 3114812 3114814 3114821 3114824 3114829 3114833 3114855 3114861 3114866 3114873 3114878 3114880 3114883 3114900 3114901 3138327 3138328 3141806 3143576 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-028 |
Title: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. | ||||
Vulnerabilities: CVE-2016-0117 CVE-2016-0118 |
Included Updates: 2919355 3137513 3140745 3140768 3143081 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-027 |
Title: Security Update for Windows Media to Address Remote Code Execution (3143146) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website. | ||||
Vulnerabilities: CVE-2016-0098 CVE-2016-0101 |
Included Updates: 2919355 3138910 3138962 3140745 3140768 3143146 |
Applies to: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-026 |
Title: Security Update for Graphic Fonts to Address Remote Code Execution (3143148) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts. | ||||
Vulnerabilities: CVE-2016-0120 CVE-2016-0121 |
Included Updates: 2919355 3140735 3140745 3140768 3143148 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-025 |
Title: Security Update for Windows Library Loading to Address Remote Code Execution (3140709) |
Update Type: Security Update |
Severity: Important |
Date: 2016-03-08 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local system with the ability to execute a malicious application. | ||||
Vulnerabilities: CVE-2016-0100 |
Included Updates: 3140709 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
Bulletin ID: MS16-023 |
Title: Cumulative Security Update for Internet Explorer (3142015) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-03-08 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0102 CVE-2016-0103 CVE-2016-0104 CVE-2016-0105 CVE-2016-0106 CVE-2016-0107 CVE-2016-0108 CVE-2016-0109 CVE-2016-0110 CVE-2016-0111 CVE-2016-0112 CVE-2016-0113 CVE-2016-0114 |
Included Updates: 3139929 3140745 3140768 3142015 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-022 |
Title: Security Update for Adobe Flash Player (3135782) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-02-09 |
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511. For more information, see the Affected Software section. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. | ||||
Vulnerabilities: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 |
Included Updates: 3135782 |
Applies to: Windows 10 Windows 8.1 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-021 |
Title: Security Update for NPS RADIUS Server to Address Denial of Service (3133043) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS. | ||||
Vulnerabilities: CVE-2016-0050 |
Included Updates: 3133043 |
Applies to: Server Core installation option Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-020 |
Title: Security Update for Active Directory Federation Services to Address Denial of Service (3134222) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive. | ||||
Vulnerabilities: CVE-2016-0037 |
Included Updates: 3134222 |
Applies to: Server Core installation option Windows Server 2012 R2 |
Bulletin ID: MS16-019 |
Title: Security Update for .NET Framework to Address Denial of Service (3137893) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms. | ||||
Vulnerabilities: CVE-2016-0033 CVE-2016-0047 |
Included Updates: 2919355 3122646 3122648 3122649 3122651 3122653 3122654 3122655 3122656 3122658 3122660 3122661 3123055 3127219 3127220 3127221 3127222 3127223 3127225 3127226 3127227 3127229 3127230 3127231 3127233 3137893 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-018 |
Title: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0048 |
Included Updates: 2919355 3134214 3135173 3135174 3136082 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-017 |
Title: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. | ||||
Vulnerabilities: CVE-2016-0036 |
Included Updates: 2919355 3126446 3134700 3135174 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-016 |
Title: Security Update for WebDAV to Address Elevation of Privilege (3136041) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server. | ||||
Vulnerabilities: CVE-2016-0051 |
Included Updates: 2919355 3124280 3134146 3135173 3135174 3136041 |
Applies to: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-015 |
Title: Security Update for Microsoft Office to Address Remote Code Execution (3134226) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-02-09 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0022 CVE-2016-0039 CVE-2016-0052 CVE-2016-0053 CVE-2016-0054 CVE-2016-0055 CVE-2016-0056 |
Included Updates: 3039768 3114335 3114338 3114401 3114407 3114432 3114481 3114548 3114698 3114702 3114724 3114733 3114734 3114741 3114742 3114745 3114747 3114748 3114752 3114755 3114759 3114773 3134226 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software |
Bulletin ID: MS16-014 |
Title: Security Update for Microsoft Windows to Address Remote Code Execution (3134228) |
Update Type: Security Update |
Severity: Important |
Date: 2016-02-09 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0040 CVE-2016-0041 CVE-2016-0042 CVE-2016-0044 CVE-2016-0049 |
Included Updates: 2919355 3126041 3126434 3126587 3126593 3134228 3135173 3135174 3155039 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-013 |
Title: Security Update for Windows Journal to Address Remote Code Execution (3134811) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-02-09 |
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2016-0038 |
Included Updates: 2919355 3115858 3134811 3135173 3135174 |
Applies to: Windows 10 Windows 7 Windows 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-012 |
Title: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-02-09 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document. | ||||
Vulnerabilities: CVE-2016-0046 CVE-2016-0058 |
Included Updates: 2919355 3123294 3135174 3138938 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 |
Bulletin ID: MS16-009 |
Title: Cumulative Security Update for Internet Explorer (3134220) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-02-09 |
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0041 CVE-2016-0059 CVE-2016-0060 CVE-2016-0061 CVE-2016-0062 CVE-2016-0063 CVE-2016-0064 CVE-2016-0067 CVE-2016-0068 CVE-2016-0069 CVE-2016-0071 CVE-2016-0072 CVE-2016-0077 |
Included Updates: 3134220 3134814 3135173 3135174 3141092 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Bulletin ID: MS16-010 |
Title: Security Update in Microsoft Exchange Server to Address Spoofing (3124557) |
Update Type: Security Update |
Severity: Important |
Date: 2016-01-12 |
Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content. | ||||
Vulnerabilities: CVE-2016-0029 CVE-2016-0030 CVE-2016-0031 CVE-2016-0032 |
Included Updates: 3124557 |
Applies to: Microsoft Server Software |
Bulletin ID: MS16-008 |
Title: Security Update for Windows Kernel to Address Elevation of Privilege (3124605) |
Update Type: Security Update |
Severity: Important |
Date: 2016-01-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0006 CVE-2016-0007 |
Included Updates: 2919355 3121212 3124263 3124266 3124605 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-007 |
Title: Security Update for Microsoft Windows to Address Remote Code Execution (3124901) |
Update Type: Security Update |
Severity: Important |
Date: 2016-01-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application. | ||||
Vulnerabilities: CVE-2016-0014 CVE-2016-0015 CVE-2016-0016 CVE-2016-0018 CVE-2016-0019 CVE-2016-0020 |
Included Updates: 2919355 3108664 3109560 3110329 3121461 3121918 3124263 3124266 3124901 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-006 |
Title: Security Update for Silverlight to Address Remote Code Execution (3126036) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-01-12 |
Description: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the attacker's website. | ||||
Vulnerabilities: CVE-2016-0034 |
Included Updates: 3126036 |
Applies to: Software |
Bulletin ID: MS16-005 |
Title: Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-01-12 |
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website. | ||||
Vulnerabilities: CVE-2016-0008 CVE-2016-0009 |
Included Updates: 2919355 3124000 3124001 3124263 3124266 3124584 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
Bulletin ID: MS16-004 |
Title: Security Update for Microsoft Office to Address Remote Code Execution (3124585) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-01-12 |
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
Vulnerabilities: CVE-2015-6117 CVE-2016-0010 CVE-2016-0011 CVE-2016-0012 CVE-2016-0035 |
Included Updates: 2881029 2881067 2920727 3039794 3096896 3114396 3114402 3114421 3114429 3114482 3114486 3114489 3114494 3114503 3114504 3114511 3114518 3114520 3114526 3114527 3114540 3114541 3114546 3114547 3114549 3114553 3114554 3114557 3114564 3114569 3124585 3133699 3133711 |
Applies to: Maximum Security Impact by Affected Software Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software Vulnerability Severity Rating |
Bulletin ID: MS16-003 |
Title: Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-01-12 |
Description: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0002 |
Included Updates: 3124624 3124625 3125540 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
Bulletin ID: MS16-001 |
Title: Cumulative Security Update for Internet Explorer (3124903) |
Update Type: Security Update |
Severity: Critical |
Date: 2016-01-12 |
Description: This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
Vulnerabilities: CVE-2016-0002 CVE-2016-0005 |
Included Updates: 3124263 3124266 3124275 3124903 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |