Microsoft October 2016 Patchday Summary

Windows UpdateOn October 11, 2016, Microsoft released several security updates for Windows and Office. Also Rollup Updates has been issued for Windows 7 SP1 and Windows 8.1 (and the related server variants).


Advertising

Starting with Rollup Updates for Windows 7/8.1

From October 2016 on, Microsoft will release Rollups for Windows 7 SP1 and Windows 8.1 to patch security issues (see my blog post Windows 7/8.1-Update: What to expect from October onwards).

Windows 7  SP1 Quality Rollup Update KB3185330

Update KB3185330 (October 2016 security monthly quality rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1) contains the following packages.

  • MS16-101 Security update for Windows authentication methods
  • MS16-118 Cumulative security update for Internet Explorer
  • MS16-120 Security update for Microsoft graphics component
  • MS16-122 Security update for Microsoft video control
  • MS16-123 Security update for kernel-mode drivers
  • MS16-124 Security update for Windows registry
  • MS16-126 Security update for Microsoft Internet Messaging API

This Rollup Update is available via Windows Update, Microsoft Update Catalog or by direct download:

KB3185330 Rollup for Windows 7  (32 Bit)
KB3185330 Rollup for Windows 7  (64 Bit)


Advertising

KB3185330 Rollup for Windows Server 2008 R2 for Itanium
KB3185330 Rollup for Windows Server 2008 R2  (x64)

More details may be found Windows 7 SP1 and Windows Server 2008 R2 SP1 update history. The Rollup ist also available as update KB3192391 (October 2016 security only quality update for Windows 7 SP1 and Windows Server 2008 R2 SP1).

Windows 8.1 Quality Rollup Update KB3185331

Update KB3185331 (October 2016 security monthly quality rollup for Windows 8.1 and Windows Server 2012 R2) contains the following patches.

  • MS16-101 Security update for Windows authentication methods
  • MS16-118 Cumulative security update for Internet Explorer
  • MS16-120 Security update for Microsoft graphics component
  • MS16-122 Security update for Microsoft video control
  • MS16-123 Security update for kernel-mode drivers
  • MS16-124 Security update for Windows registry

The Rollup is available via Windows Update, Microsoft Update Catalog or at direct download:

KB3185331 Rollup for Windows 8.1  (32 Bit)
KB3185331 Rollup for Windows 8.1 (64 Bit)

KB3185331 Rollup for Windows Server 2012 R2

More details may be found at Windows 8.1 and Windows Server 2012 R2 update history. This update is also available as KB3192392 (October 2016 security only quality update for Windows 8.1 and Windows Server 2012 R2).

Cumulative Updates for Windows 10

Microsoft has also released update KB3194798 (Cumulative update for Windows 10 Version 1607 and Windows Server 2016: October 11, 2016) which contains the following security updates:

  • 3193229 MS16-125: Security update for diagnostics hub: October 11, 2016
  • 3193227 MS16-124: Security update for Windows registry: October 11, 2016
  • 3192892 MS16-123: Security update for kernel-mode drivers: October 11, 2016
  • 3195360 MS16-122: Security update for Microsoft video control: October 11, 2016
  • 3192884 MS16-120: Security update for Microsoft graphics component: October 11, 2016
  • 3192890 MS16-119: Cumulative security update for Microsoft Edge: October 11, 2016
  • 3192887 MS16-118: Cumulative security update for Internet Explorer: October 11, 2016
  • 3178465 MS16-101: Security update for Windows authentication methods: August 9, 2016

This update changes Windows 10 Version 1607 Build number to 15393.321. A detailed update history may be found here.

Update KB3192441 (Cumulative update for Windows 10 Version 1511: October 11, 2016) contains the following security updates:

  • 3193229 MS16-125: Security update for diagnostics hub: October 11, 2016
  • 3193227 MS16-124: Security update for Windows registry: October 11, 2016
  • 3192892 MS16-123: Security update for kernel-mode drivers: October 11, 2016
  • 3195360 MS16-122: Security update for Microsoft video control: October 11, 2016
  • 3192884 MS16-120: Security update for Microsoft graphics component: October 11, 2016
  • 3192890 MS16-119: Cumulative security update for Microsoft Edge: October 11, 2016
  • 3192887 MS16-118: Cumulative security update for Internet Explorer: October 11, 2016
  • 3178465 MS16-101: Security update for Windows authentication methods: August 9, 2016

This update changes Windows 10 Version 1511 Build number to 10586.633. A detailed update history may be found here.

Update KB3192440 (Cumulative update for Windows 10: October 11, 2016) contains the following security updates:

  • 3193229 MS16-125: Security update for diagnostics hub: October 11, 2016
  • 3193227 MS16-124: Security update for Windows registry: October 11, 2016
  • 3192892 MS16-123: Security update for kernel-mode drivers: October 11, 2016
  • 3195360 MS16-122: Security update for Microsoft video control: October 11, 2016
  • 3192884 MS16-120: Security update for Microsoft graphics component: October 11, 2016
  • 3192890 MS16-119: Cumulative security update for Microsoft Edge: October 11, 2016
  • 3192887 MS16-118: Cumulative security update for Internet Explorer: October 11, 2016
  • 3178465 MS16-101: Security update for Windows authentication methods: August 9, 2016

This update changes Windows 10 Build number to 10240.17146. A detailed update history may be found here.

Critical Security Updates for Windows (October 2016)

MS16-118Cumulative Security Update for Internet Explorer (3192887)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

  – Affected Software:
    – Windows Vista Service Pack 2:
      – Internet Explorer 9
    – Windows Vista x64 Edition Service Pack 2:
      – Internet Explorer 9
    – Windows Server 2008 for 32-bit Systems Service Pack 2:
      – Internet Explorer 9
      (Windows Server 2008 Server Core installation not affected)
    – Windows Server 2008 for x64-based Systems Service Pack 2:
      – Internet Explorer 9
      (Windows Server 2008 Server Core installation not affected)
    – Windows 7 for 32-bit Systems Service Pack 1:
      – Internet Explorer 11
    – Windows 7 for x64-based Systems Service Pack 1:
      – Internet Explorer 11
    – Windows Server 2008 R2 for x64-based Systems
      Service Pack 1:
      – Internet Explorer 11
      (Windows Server 2008 R2 Server Core installation
      not affected)
    – Windows 8.1 for 32-bit Systems:
      – Internet Explorer 11
    – Windows 8.1 for x64-based Systems:
      – Internet Explorer 11
    – Windows Server 2012:
      – Internet Explorer 10
      (Windows Server 2012 Server Core installation not affected)
    – Windows Server 2012 R2:
      – Internet Explorer 11
      (Windows Server 2012 R2 Server Core installation not affected)
    – Windows RT 8.1:
      – Internet Explorer 11
    – Windows 10 for 32-bit Systems:
      – Internet Explorer 11
    – Windows 10 for x64-based Systems:
      – Internet Explorer 11
    – Windows 10 Version 1511 for 32-bit Systems:
      – Internet Explorer 11
    – Windows 10 Version 1511 for x64-based Systems:
      – Internet Explorer 11
    – Windows 10 Version 1607 for 32-bit Systems:
      – Internet Explorer 11
    – Windows 10 Version 1607 for x64-based Systems:
      – Internet Explorer 11
  – Impact: Remote Code Execution
  – Version Number: 1.0

MS16-119: Cumulative Security Update for Microsoft Edge (3192890)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

  – Affected Software:
    – Windows 10 for 32-bit Systems
      – Microsoft Edge
    – Windows 10 for x64-based Systems
      – Microsoft Edge
    – Windows 10 Version 1511 for 32-bit Systems
      – Microsoft Edge
    – Windows 10 Version 1511 for x64-based Systems
      – Microsoft Edge
    – Windows 10 Version 1607 for 32-bit Systems:
      – Microsoft Edge
    – Windows 10 Version 1607 for x64-based Systems:
      – Microsoft Edge
  – Impact: Remote Code Execution
  – Version Number: 1.0

-120: Security Update for Microsoft Graphics Component (3192884)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  – Affected Software:
    – Windows Vista Service Pack 2
    – Windows Vista x64 Edition Service Pack 2
    – Windows Server 2008 for 32-bit Systems Service Pack 2
      (Windows Server 2008 Server Core installation affected)
    – Windows Server 2008 for x64-based Systems Service Pack 2
      (Windows Server 2008 Server Core installation affected)
    – Windows Server 2008 for Itanium-based Systems Service Pack 2
    – Windows 7 for 32-bit Systems Service Pack 1
    – Windows 7 for x64-based Systems Service Pack 1
    – Windows Server 2008 R2 for x64-based Systems Service Pack 1
      (Windows Server 2008 R2 Server Core installation affected)
    – Windows Server 2008 R2 for Itanium-based Systems Service
      Pack 1
    – Windows 8.1 for 32-bit Systems
    – Windows 8.1 for x64-based Systems
    – Windows Server 2012
      (Windows Server 2012 Server Core installation affected)
    – Windows Server 2012 R2
      (Windows Server 2012 R2 Server Core installation affected)
    – Windows RT 8.1
    – Windows 10 for 32-bit Systems
    – Windows 10 for x64-based Systems
    – Windows 10 Version 1511 for 32-bit Systems
    – Windows 10 Version 1511 for x64-based Systems
    – Windows 10 Version 1607 for 32-bit Systems
    – Windows 10 Version 1607 for x64-based Systems
    – Windows Vista Service Pack 2:
      – Microsoft .NET Framework 3.0 Service Pack 2
      – Microsoft .NET Framework 4.5.2
      – Microsoft .NET Framework 4.6
    – Windows Vista x64 Edition Service Pack 2:
      – Microsoft .NET Framework 4.6
      – Microsoft .NET Framework 4.5.2
      – Microsoft .NET Framework 4.6
    – Windows Server 2008 for 32-bit Systems Service Pack 2:
      – Microsoft .NET Framework 3.0 Service Pack 2
      – Microsoft .NET Framework 4.5.2
      – Microsoft .NET Framework 4.6
      (Windows Server 2008 Server Core installation not affected)
    – Windows Server 2008 for x64-based Systems Service Pack 2:
      – Microsoft .NET Framework 3.0 Service Pack 2
      – Microsoft .NET Framework 4.5.2
      – Microsoft .NET Framework 4.6
      (Windows Server 2008 Server Core installation not affected)
    – Windows 7 for 32-bit Systems Service Pack 1:
      – Microsoft .NET Framework 3.5.1
    – Windows 7 for x64-based Systems Service Pack 1:
      – Microsoft .NET Framework 3.5.1
    – Windows Server 2008 R2 for x64-based Systems Service Pack 1:
      – Microsoft .NET Framework 3.5.1
      Windows Server 2008 R2 for Itanium-based Systems Service
      Pack 1:
      – Microsoft .NET Framework 3.5.1
    – Windows 8.1 for 32-bit Systems
      – Microsoft .NET Framework 3.5
    – Windows 8.1 for x64-based Systems
      – Microsoft .NET Framework 3.5
    – Windows Server 2012
      – Microsoft .NET Framework 3.5
      (Windows Server 2012 Server Core installation affected)
    – Windows Server 2012 R2
      – Microsoft .NET Framework 3.5
      (Windows Server 2012 R2 Server Core installation affected)
    – Windows 10 for 32-bit Systems
      – Microsoft .NET Framework 3.5
    – Windows 10 for x64-based Systems
      – Microsoft .NET Framework 3.5
    – Windows 10 Version 1511 for 32-bit Systems
      – Microsoft .NET Framework 3.5
    – Windows 10 Version 1511 for x64-based Systems
      – Microsoft .NET Framework 3.5
    – Windows 10 Version 1607 for 32-bit Systems
      – Microsoft .NET Framework 3.5
    – Windows 10 Version 1607 for x64-based Systems
      – Microsoft .NET Framework 3.5
    – Microsoft Office 2007 Service Pack 3
    – Microsoft Office 2010 Service Pack 2 (32-bit editions)
    – Microsoft Office 2010 Service Pack 2 (64-bit editions)
    – Microsoft Word Viewer
    – Skype for Business 2016 (32-bit editions)
    – Skype for Business Basic 2016 (32-bit editions)
    – Skype for Business 2016 (64-bit editions)
    – Skype for Business Basic 2016 (64-bit editions)
    – Microsoft Lync 2013 Service Pack 1 (32-bit) (Skype for
      Business)
    – Microsoft Lync Basic 2013 Service Pack 1 (32-bit) (Skype for
      Business Basic)
    – Microsoft Lync 2013 Service Pack 1 (64-bit) (Skype for
      Business)
    – Microsoft Lync Basic 2013 Service Pack 1 (64-bit) (Skype for
      Business Basic)
    – Microsoft Lync 2010 (32-bit)
    – Microsoft Lync 2010 (64-bit)
    – Microsoft Lync 2010 Attendee (user level install)
    – Microsoft Lync 2010 Attendee (admin level install)
    – Microsoft Live Meeting 2007 Console
    – Microsoft Silverlight 5 when installed on Mac
    – Microsoft Silverlight 5 Developer Runtime when installed on
      Mac
    – Microsoft Silverlight 5 when installed on all supported
      releases of Microsoft Windows clients
    – Microsoft Silverlight 5 Developer Runtime when installed on
      all supported releases of Microsoft Windows clients
    – Microsoft Silverlight 5 when installed on all supported
      releases of Microsoft Windows servers
    – Microsoft Silverlight 5 Developer Runtime when installed on
      all supported releases of Microsoft Windows servers

  – Impact: Remote Code Execution
  – Version Number: 1.0

MS16-122: Security Update for Microsoft Video Control (3195360)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

  – Affected Software:
    – Windows Vista Service Pack 2
    – Windows Vista x64 Edition Service Pack 2
    – Windows 7 for 32-bit Systems Service Pack 1
    – Windows 7 for x64-based Systems Service Pack 1
    – Windows 8.1 for 32-bit Systems
    – Windows 8.1 for x64-based Systems
    – Windows RT 8.1
    – Windows 10 for 32-bit Systems
    – Windows 10 for x64-based Systems
    – Windows 10 Version 1511 for 32-bit Systems
    – Windows 10 Version 1511 for x64-based Systems
    – Windows 10 Version 1607 for 32-bit Systems
    – Windows 10 Version 1607 for x64-based Systems
  – Impact: Remote Code Execution
  – Version Number: 1.0

MS16-127: Security Update for Adobe Flash Player (3194343)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

  – Affected Software:
    – Windows 8.1 for 32-bit Systems
    – Windows 8.1 for x64-based Systems
    – Windows Server 2012
      (Windows Server 2012 Server Core installation not affected)
    – Windows Server 2012 R2
      (Windows Server 2012 R2 Server Core installation not affected)
    – Windows RT 8.1
    – Windows 10 for 32-bit Systems
    – Windows 10 for x64-based Systems
    – Windows 10 Version 1511 for 32-bit Systems
    – Windows 10 Version 1511 for x64-based Systems
    – Windows 10 Version 1607 for 32-bit Systems
    – Windows 10 Version 1607 for x64-based Systems
  – Impact: Remote Code Execution
  – Version Number: 1.0

Important Security Updates for Windows (October 2016)

MS16-121: Security Update for Microsoft Office (3194063)
This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

  – Affected Software:
    – Microsoft Word 2007 Service Pack 3
    – Microsoft Office 2010 Service Pack 2 (32-bit editions)
    – Microsoft Office 2010 Service Pack 2 (64-bit editions)
    – Microsoft Word 2010 Service Pack 2 (32-bit editions)
    – Microsoft Word 2010 Service Pack 2 (64-bit editions)
    – Microsoft Word 2013 Service Pack 1 (32-bit editions)
    – Microsoft Word 2013 Service Pack 1 (64-bit editions)
    – Microsoft Word 2013 RT Service Pack 1
    – Microsoft Word 2016 (32-bit edition)
    – Microsoft Word 2016 (64-bit edition)
    – Microsoft Word for Mac 2011
    – Microsoft Word 2016 for Mac
    – Microsoft Office Compatibility Pack Service Pack 3
    – Microsoft Word Viewer
    – Word Automation Services on Microsoft SharePoint Server 2010
      Service Pack 2
    – Word Automation Services on Microsoft SharePoint Server 2013
      Service Pack 1
    – Microsoft Office Web Apps 2010 Service Pack 2
    – Microsoft Office Web Apps Server 2013 Service Pack 1
    – Office Online Server
  – Impact: Remote Code Execution
  – Version Number: 1.0

MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

  – Affected Software:
    – Windows Vista Service Pack 2
    – Windows Vista x64 Edition Service Pack 2
    – Windows Server 2008 for 32-bit Systems Service Pack 2
      (Windows Server 2008 Server Core installation affected)
    – Windows Server 2008 for x64-based Systems Service Pack 2
      (Windows Server 2008 Server Core installation affected)
    – Windows Server 2008 for Itanium-based Systems Service Pack 2
    – Windows 7 for 32-bit Systems Service Pack 1
    – Windows 7 for x64-based Systems Service Pack 1
    – Windows Server 2008 R2 for x64-based Systems Service Pack 1
      (Windows Server 2008 R2 Server Core installation affected)
    – Windows Server 2008 R2 for Itanium-based Systems Service
      Pack 1
    – Windows 8.1 for 32-bit Systems
    – Windows 8.1 for x64-based Systems
    – Windows Server 2012
      (Windows Server 2012 Server Core installation affected)
    – Windows Server 2012 R2
      (Windows Server 2012 R2 Server Core installation affected)
    – Windows RT 8.1
    – Windows 10 for 32-bit Systems
    – Windows 10 for x64-based Systems
    – Windows 10 Version 1511 for 32-bit Systems
    – Windows 10 Version 1511 for x64-based Systems
    – Windows 10 Version 1607 for 32-bit Systems
    – Windows 10 Version 1607 for x64-based Systems
  – Impact: Elevation of Privilege
  – Version Number: 1.0

MS16-124: Security Update for Windows Registry (3193227)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.

  – Affected Software:
    – Windows Vista Service Pack 2
    – Windows Vista x64 Edition Service Pack 2
    – Windows Server 2008 for 32-bit Systems Service Pack 2
      (Windows Server 2008 Server Core installation affected)
    – Windows Server 2008 for x64-based Systems Service Pack 2
      (Windows Server 2008 Server Core installation affected)
    – Windows Server 2008 for Itanium-based Systems Service Pack 2
    – Windows 7 for 32-bit Systems Service Pack 1
    – Windows 7 for x64-based Systems Service Pack 1
    – Windows Server 2008 R2 for x64-based Systems Service Pack 1
      (Windows Server 2008 R2 Server Core installation affected)
    – Windows Server 2008 R2 for Itanium-based Systems Service
      Pack 1
    – Windows 8.1 for 32-bit Systems
    – Windows 8.1 for x64-based Systems
    – Windows Server 2012
      (Windows Server 2012 Server Core installation affected)
    – Windows Server 2012 R2
      (Windows Server 2012 R2 Server Core installation affected)
    – Windows RT 8.1
    – Windows 10 for 32-bit Systems
    – Windows 10 for x64-based Systems
    – Windows 10 Version 1511 for 32-bit Systems
    – Windows 10 Version 1511 for x64-based Systems
    – Windows 10 Version 1607 for 32-bit Systems
    – Windows 10 Version 1607 for x64-based Systems
  – Impact: Elevation of Privilege
  – Version Number: 1.0

MS16-125: Security Update for Diagnostics Hub (3193229)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

  – Affected Software:
    – Windows 10 for 32-bit Systems
    – Windows 10 for x64-based Systems
    – Windows 10 Version 1511 for 32-bit Systems
    – Windows 10 Version 1511 for x64-based Systems
    – Windows 10 Version 1607 for 32-bit Systems
    – Windows 10 Version 1607 for x64-based Systems
  – Impact: Elevation of Privilege
  – Version Number: 1.0

Moderate Security Updates (October 2016)

MS16-126: Security Update for Microsoft Internet Messaging API (3196067)
This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

  – Affected Software:
    – Windows Vista Service Pack 2
    – Windows Vista x64 Edition Service Pack 2
    – Windows Server 2008 for 32-bit Systems Service Pack 2
    – Windows Server 2008 for x64-based Systems Service Pack 2
    – Windows Server 2008 for Itanium-based Systems Service Pack 2
    – Windows 7 for 32-bit Systems Service Pack 1
    – Windows 7 for x64-based Systems Service Pack 1
    – Windows Server 2008 R2 for x64-based Systems Service Pack 1
    – Windows Server 2008 R2 for Itanium-based Systems Service
      Pack 1
  – Impact: Information Disclosure

An overview about the updates listed above may be found at Microsoft Security Bulletin Summary for October 2016.

Similar articles
Windows 7/8.1-Update: What to expect from October onwards


Advertising
This entry was posted in Office, Update, Windows and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *