Microsoft Patchday 11. Oktober 2016

Windows UpdateAm gestrigen Oktober-Patchday hat Microsoft eine Reihe an Sicherheits-Updates für Windows freigegeben. Gleichzeitig steigt Microsoft die das Rollup Update-Service-Modell für Windows 7 und Windows 8.1 ein. Hier eine Update-Übersicht.


Anzeige

Einstieg in Rollup-Updates für Windows 7/8.1

Beim Oktober-Patchday ändert sich für Benutzer von Windows 7 SP1 und Windows 8.1 das Update-Modell. Statt einzelner Patches gibt es nur noch ein Rollup (Security and Quality Rollup for .NET Framework 3.5.1) und ein monatliches Sicherheitsqualitätsrollup.

Das letztgenannte Rollup enthält alle Oktober-Patches für Windows 7 bzw. Windows 8.1. Auf die Änderung des Update Service Modells bin ich ich im Blog-Beitrag  Patchday-Infos: Was ab Oktober für Windows 7/8.1 kommt eingegangen. Details zu den Rollups für Windows 7 SP1 und Windows 8.1 sowie den Server-Pendants findet sich im Beitrag Oktober-Patchday: Einstieg in Windows 7/8.1 Rollup-Updates.

Kritische Sicherheits-Updates für Windows (Oktober 2016)

MS16-118Cumulative Security Update for Internet Explorer (3192887)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Anzeige

This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

– Affected Software:
– Windows Vista Service Pack 2:
– Internet Explorer 9
– Windows Vista x64 Edition Service Pack 2:
– Internet Explorer 9
– Windows Server 2008 for 32-bit Systems Service Pack 2:
– Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
– Windows Server 2008 for x64-based Systems Service Pack 2:
– Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
– Windows 7 for 32-bit Systems Service Pack 1:
– Internet Explorer 11
– Windows 7 for x64-based Systems Service Pack 1:
– Internet Explorer 11
– Windows Server 2008 R2 for x64-based Systems
Service Pack 1:
– Internet Explorer 11
(Windows Server 2008 R2 Server Core installation
not affected)
– Windows 8.1 for 32-bit Systems:
– Internet Explorer 11
– Windows 8.1 for x64-based Systems:
– Internet Explorer 11
– Windows Server 2012:
– Internet Explorer 10
(Windows Server 2012 Server Core installation not affected)
– Windows Server 2012 R2:
– Internet Explorer 11
(Windows Server 2012 R2 Server Core installation not affected)
– Windows RT 8.1:
– Internet Explorer 11
– Windows 10 for 32-bit Systems:
– Internet Explorer 11
– Windows 10 for x64-based Systems:
– Internet Explorer 11
– Windows 10 Version 1511 for 32-bit Systems:
– Internet Explorer 11
– Windows 10 Version 1511 for x64-based Systems:
– Internet Explorer 11
– Windows 10 Version 1607 for 32-bit Systems:
– Internet Explorer 11
– Windows 10 Version 1607 for x64-based Systems:
– Internet Explorer 11
– Impact: Remote Code Execution
– Version Number: 1.0

MS16-119: Cumulative Security Update for Microsoft Edge (3192890)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

– Affected Software:
– Windows 10 for 32-bit Systems
– Microsoft Edge
– Windows 10 for x64-based Systems
– Microsoft Edge
– Windows 10 Version 1511 for 32-bit Systems
– Microsoft Edge
– Windows 10 Version 1511 for x64-based Systems
– Microsoft Edge
– Windows 10 Version 1607 for 32-bit Systems:
– Microsoft Edge
– Windows 10 Version 1607 for x64-based Systems:
– Microsoft Edge
– Impact: Remote Code Execution
– Version Number: 1.0

-120: Security Update for Microsoft Graphics Component (3192884)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1511 for 32-bit Systems
– Windows 10 Version 1511 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Windows Vista Service Pack 2:
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4.5.2
– Microsoft .NET Framework 4.6
– Windows Vista x64 Edition Service Pack 2:
– Microsoft .NET Framework 4.6
– Microsoft .NET Framework 4.5.2
– Microsoft .NET Framework 4.6
– Windows Server 2008 for 32-bit Systems Service Pack 2:
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4.5.2
– Microsoft .NET Framework 4.6
(Windows Server 2008 Server Core installation not affected)
– Windows Server 2008 for x64-based Systems Service Pack 2:
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4.5.2
– Microsoft .NET Framework 4.6
(Windows Server 2008 Server Core installation not affected)
– Windows 7 for 32-bit Systems Service Pack 1:
– Microsoft .NET Framework 3.5.1
– Windows 7 for x64-based Systems Service Pack 1:
– Microsoft .NET Framework 3.5.1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1:
– Microsoft .NET Framework 3.5.1
Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1:
– Microsoft .NET Framework 3.5.1
– Windows 8.1 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 8.1 for x64-based Systems
– Microsoft .NET Framework 3.5
– Windows Server 2012
– Microsoft .NET Framework 3.5
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
– Microsoft .NET Framework 3.5
(Windows Server 2012 R2 Server Core installation affected)
– Windows 10 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 10 for x64-based Systems
– Microsoft .NET Framework 3.5
– Windows 10 Version 1511 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 10 Version 1511 for x64-based Systems
– Microsoft .NET Framework 3.5
– Windows 10 Version 1607 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 10 Version 1607 for x64-based Systems
– Microsoft .NET Framework 3.5
– Microsoft Office 2007 Service Pack 3
– Microsoft Office 2010 Service Pack 2 (32-bit editions)
– Microsoft Office 2010 Service Pack 2 (64-bit editions)
– Microsoft Word Viewer
– Skype for Business 2016 (32-bit editions)
– Skype for Business Basic 2016 (32-bit editions)
– Skype for Business 2016 (64-bit editions)
– Skype for Business Basic 2016 (64-bit editions)
– Microsoft Lync 2013 Service Pack 1 (32-bit) (Skype for
Business)
– Microsoft Lync Basic 2013 Service Pack 1 (32-bit) (Skype for
Business Basic)
– Microsoft Lync 2013 Service Pack 1 (64-bit) (Skype for
Business)
– Microsoft Lync Basic 2013 Service Pack 1 (64-bit) (Skype for
Business Basic)
– Microsoft Lync 2010 (32-bit)
– Microsoft Lync 2010 (64-bit)
– Microsoft Lync 2010 Attendee (user level install)
– Microsoft Lync 2010 Attendee (admin level install)
– Microsoft Live Meeting 2007 Console
– Microsoft Silverlight 5 when installed on Mac
– Microsoft Silverlight 5 Developer Runtime when installed on
Mac
– Microsoft Silverlight 5 when installed on all supported
releases of Microsoft Windows clients
– Microsoft Silverlight 5 Developer Runtime when installed on
all supported releases of Microsoft Windows clients
– Microsoft Silverlight 5 when installed on all supported
releases of Microsoft Windows servers
– Microsoft Silverlight 5 Developer Runtime when installed on
all supported releases of Microsoft Windows servers

– Impact: Remote Code Execution
– Version Number: 1.0

MS16-122: Security Update for Microsoft Video Control (3195360)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1511 for 32-bit Systems
– Windows 10 Version 1511 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Impact: Remote Code Execution
– Version Number: 1.0

MS16-127: Security Update for Adobe Flash Player (3194343)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

– Affected Software:
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation not affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation not affected)
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1511 for 32-bit Systems
– Windows 10 Version 1511 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Impact: Remote Code Execution
– Version Number: 1.0

Wichtige Sicherheits-Updates für Windows (Oktober 2016)

MS16-121: Security Update for Microsoft Office (3194063)
This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

– Affected Software:
– Microsoft Word 2007 Service Pack 3
– Microsoft Office 2010 Service Pack 2 (32-bit editions)
– Microsoft Office 2010 Service Pack 2 (64-bit editions)
– Microsoft Word 2010 Service Pack 2 (32-bit editions)
– Microsoft Word 2010 Service Pack 2 (64-bit editions)
– Microsoft Word 2013 Service Pack 1 (32-bit editions)
– Microsoft Word 2013 Service Pack 1 (64-bit editions)
– Microsoft Word 2013 RT Service Pack 1
– Microsoft Word 2016 (32-bit edition)
– Microsoft Word 2016 (64-bit edition)
– Microsoft Word for Mac 2011
– Microsoft Word 2016 for Mac
– Microsoft Office Compatibility Pack Service Pack 3
– Microsoft Word Viewer
– Word Automation Services on Microsoft SharePoint Server 2010
Service Pack 2
– Word Automation Services on Microsoft SharePoint Server 2013
Service Pack 1
– Microsoft Office Web Apps 2010 Service Pack 2
– Microsoft Office Web Apps Server 2013 Service Pack 1
– Office Online Server
– Impact: Remote Code Execution
– Version Number: 1.0

MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1511 for 32-bit Systems
– Windows 10 Version 1511 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Impact: Elevation of Privilege
– Version Number: 1.0

MS16-124: Security Update for Windows Registry (3193227)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1511 for 32-bit Systems
– Windows 10 Version 1511 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Impact: Elevation of Privilege
– Version Number: 1.0

MS16-125: Security Update for Diagnostics Hub (3193229)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

– Affected Software:
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Windows 10 Version 1511 for 32-bit Systems
– Windows 10 Version 1511 for x64-based Systems
– Windows 10 Version 1607 for 32-bit Systems
– Windows 10 Version 1607 for x64-based Systems
– Impact: Elevation of Privilege
– Version Number: 1.0

Moderate Sicherheits-Updates (Oktober 2016)

MS16-126: Security Update for Microsoft Internet Messaging API (3196067)
This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
– Windows Server 2008 for x64-based Systems Service Pack 2
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Impact: Information Disclosure

Eine Übersicht der Updates wurde von Microsoft auf der Webseite Microsoft Security Bulletin Summary for October 2016 veröffentlicht.

Ähnliche Artikel
Adobe Flash: Oktober-Sicherheits-Update Oktober 2016
Oktober-Patchday: Einstieg in Windows 7/8.1 Rollup-Updates
Updates für Adobe DC und Adobe XI


Anzeige

Dieser Beitrag wurde unter Update, Windows 10, Windows Server abgelegt und mit , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

10 Antworten zu Microsoft Patchday 11. Oktober 2016

  1. sandy sagt:

    Super! Vielen lieben Dank! :-)

  2. Dieter Schmitz sagt:

    Hoffentlich jubelt man mir jetzt nicht Skype und Silverlight unter…

  3. Nobody sagt:

    Bedanke mich ebenfalls.
    Wenn ich das richtig verstanden habe, sollte man, wenn man nur die Sicherheitsupdates des Monats installieren will (Windows 7) lediglich KB3192391 installieren. Es muss explizit heruntergeladen werden, weil es nicht über Windows Update angeboten wird.
    Grüße

  4. sandy sagt:

    Das ist ja blöd! Warum wird es nicht ganz normal über Windows Update angeboten und dem Nutzer so unnötige Arbeit gemacht? Ich weiß überhaupt nicht, wo ich da suchen soll? Läuft das bei MS unter den älteren Betriebssystemen immer so ab? Das kann es doch echt nicht sein!

  5. speedy75 sagt:

    Wenn das so weiter geht braucht man echt bald VDSL.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Hinweis: Bitte beachtet die Regeln zum Kommentieren im Blog (Erstkommentare und Verlinktes landet in der Moderation, gebe ich alle paar Stunden frei, SEO-Posts/SPAM lösche ich rigoros). Kommentare abseits des Themas bitte unter Diskussion.

Du findest den Blog gut, hast aber Werbung geblockt? Du kannst diesen Blog auch durch eine Spende unterstützen.