Microsoft Vulnerabilities

MS16-DEC – Microsoft Security Bulletin Summary for December 2016 – Version:...

The following tables list the bulletins in order of major software category and severity.Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation.
If a software program or component is listed, then the severity rating of the software update is also listed.Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system. Windows Vista Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows Vista Service Pack 2 Internet Explorer 9 (3203621)(Critical)Microsoft Windows Hyperlink Object Library(3208481)(Critical) Not applicable Windows Vista Service Pack 2(3204724)(Important)Windows Vista Service Pack 2(3205638)(Critical) Windows Vista Service Pack 2(3196348)(Critical) Windows Vista Service Pack 2(3204808)(Important)Windows Vista Service Pack 2(3196726)(Important) Windows Vista x64 Edition Service Pack 2 Internet Explorer 9 (3203621)(Critical)Microsoft Windows Hyperlink Object Library(3208481)(Critical) Not applicable Windows Vista x64 Edition Service Pack 2(3204724)(Important)Windows Vista x64 Edition Service Pack 2(3205638)(Critical) Windows Vista x64 Edition Service Pack 2(3196348)(Critical) Windows Vista x64 Edition Service Pack 2(3204808)(Important)Windows Vista x64 Edition Service Pack 2(3196726)(Important) Windows Server 2008 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate None Critical Critical Important Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 (3203621)(Moderate)Microsoft Windows Hyperlink Object Library(3208481)(Moderate) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2(3204724)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2(3205638)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2(3196348)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2(3204808)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2(3196726)(Important) Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 9 (3203621)(Moderate)Microsoft Windows Hyperlink Object Library(3208481)(Moderate) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(3204724)(Important)Windows Server 2008 for x64-based Systems Service Pack 2(3205638)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2(3196348)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2(3204808)(Important)Windows Server 2008 for x64-based Systems Service Pack 2(3196726)(Important) Windows Server 2008 for Itanium-based Systems Service Pack 2 Not applicable Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2(3204724)(Important)Windows Server 2008 for Itanium-based Systems Service Pack 2(3205638)(Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2(3196348)(Critical) Windows Server 2008 for Itanium-based Systems Service Pack 2(3204808)(Important)Windows Server 2008 for Itanium-based Systems Service Pack 2(3196726)(Important) Windows 7 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows 7 for 32-bit Systems Service Pack 1Security Only Internet Explorer 11(3205394)(Critical) Not applicable                    Windows 7 for 32-bit Systems Service Pack 1(3205394)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3205394)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3205394)(Important) Windows 7 for 32-bit Systems Service Pack 1Monthly Rollup Internet Explorer 11(3207752)(Critical) Not applicable Windows 7 for 32-bit Systems Service Pack 1(3207752)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3207752)(Critical) Windows 7 for 32-bit Systems Service Pack 1(3207752)(Important) Windows 7 for x64-based Systems Service Pack 1Security Only Internet Explorer 11(3205394)(Critical) Not applicable Windows 7 for x64-based Systems Service Pack 1(3205394)(Critical) Windows 7 for x64-based Systems Service Pack 1(3205394)(Critical) Windows 7 for x64-based Systems Service Pack 1(3205394)(Important) Windows 7 for x64-based Systems Service Pack 1Monthly Rollup Internet Explorer 11(3207752)(Critical) Not applicable Windows 7 for x64-based Systems Service Pack 1(3207752)(Critical) Windows 7 for x64-based Systems Service Pack 1(3207752)(Critical) Windows 7 for x64-based Systems Service Pack 1(3207752)(Important) Windows Server 2008 R2 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate None Critical Critical Important Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Only Internet Explorer 11(3205394)(Moderate) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1Monthly Rollup Internet Explorer 11(3207752)(Moderate) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Security Only Not applicable Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Monthly Rollup Not applicable Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Critical) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Important) Windows 8.1 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows 8.1 for 32-bit SystemsSecurity Only Internet Explorer 11(3205400)(Critical) Not applicable Windows 8.1 for 32-bit Systems(3205400)(Critical) Windows 8.1 for 32-bit Systems(3205400)(Critical) Windows 8.1 for 32-bit Systems(3205400)(Important) Windows 8.1 for 32-bit SystemsMonthly Rollup Internet Explorer 11(3205401)(Critical) Not applicable Windows 8.1 for 32-bit Systems(3205401)(Critical) Windows 8.1 for 32-bit Systems(3205401)(Critical) Windows 8.1 for 32-bit Systems(3205401)(Important) Windows 8.1 for x64-based SystemsSecurity Only Internet Explorer 11(3205400)(Critical) Not applicable Windows 8.1 for x64-based Systems(3205400)(Critical) Windows 8.1 for x64-based Systems(3205400)(Critical) Windows 8.1 for x64-based Systems(3205400)(Important) Windows 8.1 for x64-based SystemsMonthly Rollup Internet Explorer 11(3205401)(Critical) Not applicable Windows 8.1 for x64-based Systems(3205401)(Critical) Windows 8.1 for x64-based Systems(3205401)(Critical) Windows 8.1 for x64-based Systems(3205401)(Important) Windows Server 2012 and Windows Server 2012 R2 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate None Critical Critical Important Windows Server 2012Security Only Internet Explorer 10(3205408)(Moderate) Not applicable Windows Server 2012(3205408)(Critical) Windows Server 2012(3205408)(Critical) Windows Server 2012(3205408)(Important) Windows Server 2012Monthly Rollup Internet Explorer 10(3205409)(Moderate) Not applicable Windows Server 2012(3205409)(Critical) Windows Server 2012(3205409)(Critical) Windows Server 2012(3205409)(Important) Windows Server 2012 R2Security Only Internet Explorer 11(3205400)(Moderate) Not applicable Windows Server 2012 R2(3205400)(Critical) Windows Server 2012 R2(3205400)(Critical) Windows Server 2012 R2(3205400)(Important) Windows Server 2012 R2Monthly Rollup Internet Explorer 11(3205401)(Moderate) Not applicable Windows Server 2012 R2(3205401)(Critical) Windows Server 2012 R2(3205401)(Critical) Windows Server 2012 R2(3205401)(Important) Windows RT 8.1 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical None Critical Critical Important Windows RT 8.1Monthly Rollup Internet Explorer 11(3205401)(Critical) Not applicable Windows RT 8.1(3205401)(Critical) Windows RT 8.1(3205401)(Critical) Windows RT 8.1(3205401)(Important) Windows 10 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Critical Critical Critical Critical Important Windows 10 for 32-bit Systems Internet Explorer 11(3205383)(Critical) Microsoft Edge(3205383)(Critical) Windows 10 for 32-bit Systems(3205383)(Critical) Windows 10 for 32-bit Systems(3205383)(Critical) Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for x64-based Systems Internet Explorer 11(3205383)(Critical) Microsoft Edge(3205383)(Critical) Windows 10 for x64-based Systems(3205383)(Critical) Windows 10 for x64-based Systems(3205383)(Critical) Windows 10 for x64-based Systems(3205383)(Important) Windows 10 Version 1511 for 32-bit Systems Internet Explorer 11(3205386)(Critical) Microsoft Edge(3205386)(Critical) Windows 10 Version 1511 for 32-bit Systems(3205386)(Critical) Windows 10 Version 1511 for 32-bit Systems(3205386)(Critical) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems Internet Explorer 11(3205386)(Critical) Microsoft Edge(3205386)(Critical) Windows 10 Version 1511 for x64-based Systems(3205386)(Critical) Windows 10 Version 1511 for x64-based Systems(3205386)(Critical) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11(3206632)(Critical) Microsoft Edge(3206632)(Critical) Windows 10 Version 1607 for 32-bit Systems(3206632)(Critical) Windows 10 Version 1607 for 32-bit Systems(3206632)(Critical) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems Internet Explorer 11(3206632)(Critical) Microsoft Edge(3206632)(Critical) Windows 10 Version 1607 for x64-based Systems(3206632)(Critical) Windows 10 Version 1607 for x64-based Systems(3206632)(Critical) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows Server 2016 Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating Moderate Moderate Critical Critical Important Windows Server 2016 for x64-based Systems Internet Explorer 11(3206632)(Moderate) Microsoft Edge(3206632)(Moderate) Windows Server 2016 for x64-based Systems(3206632)(Critical) Windows Server 2016 for x64-based Systems(3206632)(Critical) Windows Server 2016 for x64-based Systems(3206632)(Important) Server Core installation option Bulletin Identifier MS16-144 MS16-145 MS16-146 MS16-147 MS16-149 Aggregate Severity Rating None None Critical Critical Important Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation) Not applicable Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3204724)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3205638)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3196348)(Critical) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3204808)(Important)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3196726)(Important) Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) Not applicable Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3204724)(Important)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3205638)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3196348)(Critical) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3204808)(Important)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3196726)(Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)Security Only Not applicable Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Important) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Monthly Rollup Not applicable Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Critical) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Important) Windows Server 2012(Server Core installation)Security Only Not applicable Not applicable Windows Server 2012 (Server Core installation)(3205408)(Critical) Windows Server 2012 (Server Core installation)(3205408)(Critical) Windows Server 2012 (Server Core installation)(3205408)(Important) Windows Server 2012(Server Core installation)Monthly Rollup Not applicable Not applicable Windows Server 2012 (Server Core installation)(3205409)(Critical) Windows Server 2012 (Server Core installation)(3205409)(Critical) Windows Server 2012 (Server Core installation)(3205409)(Important) Windows Server 2012 R2(Server Core installation)Security Only Not applicable Not applicable Windows Server 2012 R2 (Server Core installation)(3205400)(Critical) Windows Server 2012 R2 (Server Core installation)(3205400)(Critical) Windows Server 2012 R2 (Server Core installation)(3205400)(Important) Windows Server 2012 R2(Server Core installation)Monthly Rollup Not applicable Not applicable Windows Server 2012 R2 (Server Core installation)(3205401)(Critical) Windows Server 2012 R2 (Server Core installation)(3205401)(Critical) Windows Server 2012 R2 (Server Core installation)(3205401)(Important) Windows Server 2016 for x64-based Systems(Server Core installation) Not applicable Not applicable Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Critical) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Critical) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Vista Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows Vista Service Pack 2 Not applicable Windows Vista Service Pack 2(3204723)(Important) Not applicable Windows Vista Service Pack 2(3203838)(Important) Not applicable Windows Vista x64 Edition Service Pack 2 Not applicable Windows Vista x64 Edition Service Pack 2(3204723)(Important) Not applicable Windows Vista x64 Edition Service Pack 2(3203838)(Important) Not applicable Windows Server 2008 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows Server 2008 for 32-bit Systems Service Pack 2 Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2(3204723)(Important) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2(3203838)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(3204723)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(3203838)(Important) Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2 Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2(3204723)(Important) Not applicable Windows Server 2008 for Itanium-based Systems Service Pack 2(3203838)(Important) Not applicable Windows 7 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows 7 for 32-bit Systems Service Pack 1Security Only Not applicable Windows 7 for 32-bit Systems Service Pack 1(3205394)(Important) Not applicable                    Windows 7 for 32-bit Systems Service Pack 1(3205394)(Important) Not applicable Windows 7 for 32-bit Systems Service Pack 1Monthly Rollup Not applicable Windows 7 for 32-bit Systems Service Pack 1(3207752)(Important) Not applicable Windows 7 for 32-bit Systems Service Pack 1(3207752)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1Security Only Not applicable Windows 7 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1Monthly Rollup Not applicable Windows 7 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows 7 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important None Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Only Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1Monthly Rollup Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Security Only Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3205394)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Monthly Rollup Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Important) Not applicable Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(3207752)(Important) Not applicable Windows 8.1 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important Critcal Windows 8.1 for 32-bit SystemsSecurity Only Not applicable Windows 8.1 for 32-bit Systems(3205400)(Important) Not applicable Windows 8.1 for 32-bit Systems(3205400)(Important) Adobe Flash Player(3209498)(Critical) Windows 8.1 for 32-bit SystemsMonthly Rollup Not applicable Windows 8.1 for 32-bit Systems(3205401)(Important) Not applicable Windows 8.1 for 32-bit Systems(3205401)(Important) Not applicable Windows 8.1 for x64-based SystemsSecurity Only Not applicable Windows 8.1 for x64-based Systems(3205400)(Important) Not applicable Windows 8.1 for x64-based Systems(3205400)(Important) Adobe Flash Player(3209498)(Critical) Windows 8.1 for x64-based SystemsMonthly Rollup Not applicable Windows 8.1 for x64-based Systems(3205401)(Important) Not applicable Windows 8.1 for x64-based Systems(3205401)(Important) Not applicable Windows Server 2012 and Windows Server 2012 R2 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important Moderate Windows Server 2012Security Only Not applicable Windows Server 2012(3205408)(Important) Not applicable Windows Server 2012(3205408)(Important) Adobe Flash Player(3209498)(Moderate) Windows Server 2012Monthly Rollup Not applicable Windows Server 2012(3205409)(Important) Not applicable Windows Server 2012(3205409)(Important) Not applicable Windows Server 2012 R2Security Only Not applicable Windows Server 2012 R2(3205400)(Important) Not applicable Windows Server 2012 R2(3205400)(Important) Adobe Flash Player(3209498)(Moderate) Windows Server 2012 R2Monthly Rollup Not applicable Windows Server 2012 R2(3205401)(Important) Not applicable Windows Server 2012 R2(3205401)(Important) Not applicable Windows RT 8.1 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating None Important None Important Critical Windows RT 8.1Monthly Rollup Not applicable Windows RT 8.1(3205401)(Important) Not applicable Windows RT 8.1(3205401)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating Important Important Important Important Critical Windows 10 for 32-bit Systems Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for 32-bit Systems(3205383)(Important) Windows 10 for 32-bit Systems(3205383)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 for x64-based Systems Windows 10 for x64-based Systems(3205383)(Important) Windows 10 for x64-based Systems(3205383)(Important) Windows 10 for x64-based Systems(3205383)(Important) Windows 10 for x64-based Systems(3205383)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Windows 10 Version 1511 for 32-bit Systems(3205386)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Windows 10 Version 1511 for x64-based Systems(3205386)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Windows 10 Version 1607 for 32-bit Systems(3206632)(Important) Adobe Flash Player(3209498)(Critical) Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Windows 10 Version 1607 for x64-based Systems(3206632)(Important) Adobe Flash Player(3209498)(Critical) Windows Server 2016 Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating Important Important Important Important Moderate Windows Server 2016 for x64-based Systems Windows Server 2016 for x64-based Systems(3206632)(Important) Windows Server 2016 for x64-based Systems(3206632)(Important) Windows Server 2016 for x64-based Systems(3206632)(Important) Windows Server 2016 for x64-based Systems(3206632)(Important) Adobe Flash Player(3209498)(Moderate) Server Core installation Bulletin Identifier MS16-150 MS16-151 MS16-152 MS16-153 MS16-154 Aggregate Severity Rating Important Important Important Important None Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3204723)(Important) Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(3203838)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3204723)(Important) Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(3203838)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)Security Only Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3205394)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Monthly Rollup Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Important) Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(3207752)(Important) Not applicable Windows Server 2012(Server Core installation)Security Only Not applicable Windows Server 2012 (Server Core installation)(3205408)(Important) Not applicable Not applicable Not applicable Windows Server 2012(Server Core installation)Monthly Rollup Not applicable Windows Server 2012 (Server Core installation)(3205409)(Important) Not applicable Not applicable Not applicable Windows Server 2012 R2(Server Core installation)Security Only Not applicable Windows Server 2012 R2 (Server Core installation)(3205400)(Important) Not applicable Windows Server 2012 R2 (Server Core installation)(3205400)(Important) Not applicable Windows Server 2012 R2(Server Core installation)Monthly Rollup Not applicable Windows Server 2012 R2 (Server Core installation)(3205401)(Important) Not applicable Windows Server 2012 R2 (Server Core installation)(3205401)(Important) Not applicable Windows Server 2016 for x64-based Systems(Server Core installation) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Windows Server 2016 for x64-based Systems(Server Core installation)(3206632)(Important) Not applicable This bulletin spans more than one software category.
See other tables in this section for additional affected software. Microsoft .NET Framework Windows Vista and Windows Server 2008Microsoft .NET Framework Updates for 2.0, 4.5.2, 4.6 (KB3210142) Windows Vista Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Vista for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows Vista for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows Server 2008 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5(3210129)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6(3210136)(Important) Windows 7 and Windows Server 2008 R2Microsoft .NET Framework Updates for 3.5.1, 4.5.2, 4.6/4.6.1, 4.6.2 (KB3205402) Windows 7 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows Server 2008 R2 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.5.2(3210139)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5(3210131)(Important) Windows Server 2012Microsoft .NET Framework Updates for 3.5, 4.5.2, 4.6/4.6.1, 4.6.2 (KB3205403) Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2012 Microsoft .NET Framework 3.5(3210130)(Important)Microsoft .NET Framework 4.5.2(3210138)(Important)Microsoft .NET Framework 4.6/4.6.1(3210133)(Important)Microsoft .NET Framework 4.6.2(3205377)(Important) Windows 8.1 and Windows Server 2012 R2Microsoft .NET Framework Updates for 3.5, 4.5.2, 4.6/4.6.1, 4.6.2 (KB3205404) Windows 8.1 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows 8.1 for 32-bit Systems Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows 8.1 for x64-based Systems Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows Server 2012 R2 Windows Server 2012 R2 Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows 10 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows 10 Version 1607 for 32-bit Systems(3206632) Microsoft .NET Framework 4.6.2(Important) Windows 10 Version 1607 for x64-based Systems(3206632) Microsoft .NET Framework 4.6.2(Important) Windows Server 2016 Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2016 for x64-based Systems(3206632) Microsoft .NET Framework 4.6.2(Important) Server Core installation option Bulletin Identifier MS16-155 Aggregate Severity Rating Important Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5(3210131)(Important)Microsoft .NET Framework 4.6/4.6.1(3210136)(Important)Microsoft .NET Framework 4.6.2(3205379)(Important) Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5(3210130)(Important)Microsoft .NET Framework 4.5.2(3210138)(Important)Microsoft .NET Framework 4.6/4.6.1(3210133)(Important)Microsoft .NET Framework 4.6.2(3205377)(Important) Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5(3210132)(Important)Microsoft .NET Framework 4.5.2(3210137)(Important)Microsoft .NET Framework 4.6/4.6.1(3210135)(Important)Microsoft .NET Framework 4.6.2(3205378)(Important) Windows Server 2016 for x64-based Systems (Server Core installation)(3206632) Microsoft .NET Framework 4.6.2(Important) This bulletin spans more than one software category.
See other tables in this section for additional affected software. Microsoft Office 2007 Bulletin Identifier MS16-148 Aggregate Severity Rating Critical Microsoft Office 2007 Service Pack 3 Microsoft Excel 2007 Service Pack 3(3128019)(Important)Microsoft Word 2007 Service Pack 3(3128025)(Important)Microsoft Office 2007 Service Pack 3(2883033)(Critical)Microsoft Office 2007 Service Pack 3(3128020)(Important) Microsoft Office 2010 Bulletin Identifier MS16-148 Aggregate Severity Rating Critical Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions)(3128032)(Important)Microsoft Office 2010 Service Pack 2 (32-bit editions)(3118380)(Important)Microsoft Office 2010 Service Pack 2 (32-bit editions)(2889841)(Critical)Microsoft Excel 2010 Service Pack 2 (32-bit editions)(3128037)(Important)Microsoft Publisher 2010 Service Pack 2 (32-bit editions)(3114395)(Important)Microsoft Word 2010 Service Pack 2 (32-bit editions)(3128034)(Important) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions)(3128032)(Important)Microsoft Office 2010 Service Pack 2 (64-bit editions)(3118380)(Important)Microsoft Office 2010 Service Pack 2 (64-bit editions)(2889841)(Critical)Microsoft Excel 2010 Service Pack 2 (64-bit editions)(3128037)(Important)Microsoft Publisher 2010 Service Pack 2 (64-bit editions)(3114395)(Important)Microsoft Word 2010 Service Pack 2 (64-bit editions)(3128034)(Important) Microsoft Office 2013 Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions)(3128008)(Important)Microsoft Office 2013 Service Pack 1 (32-bit editions)(3127968)(Important) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions)(3128008)(Important)Microsoft Office 2013 Service Pack 1 (64-bit editions)(3127968)(Important) Microsoft Office 2013 RT Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 RT Service Pack 1(3128008)(Important)Microsoft Office 2013 RT Service Pack 1(3127968)(Important) Microsoft Office 2016 Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2016 (32-bit edition) Microsoft Excel 2016 (32-bit edition)(3128016)(Important)Microsoft Office 2016 (32-bit edition)(3127986)(Important)Microsoft Office 2016 (32-bit edition)(Important)[1] Microsoft Office 2016 (64-bit edition) Microsoft Excel 2016 (64-bit edition)(3128016)(Important)Microsoft Office 2016 (64-bit edition)(3127986)(Important)Microsoft Office 2016 (64-bit edition)(Important)[1] Microsoft Office for Mac 2011 Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office for Mac 2011(3198808)(Important)Microsoft Excel for Mac 2011(3198808)(Important)Microsoft Word for Mac 2011(3198808)(Important) Microsoft Office 2016 for Mac Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Office 2016 for Mac(3198800)(Important)Microsoft Excel 2016 for Mac(3198800)(Important) Other Office for Mac Software Bulletin Identifier MS16-148 Aggregate Severity Rating Important Microsoft Auto Updater for Mac Microsoft Auto Updater for Mac[2](Important) Other Office Software Bulletin Identifier MS16-148 Aggregate Severity Rating Critical Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Compatibility Pack Service Pack 3(3128022)(Important)Microsoft Office Compatibility Pack Service Pack 3(3128024)(Important) Microsoft Excel Viewer Microsoft Excel Viewer(3128023)(Important) Microsoft Word Viewer Microsoft Word Viewer(3128044)(Important)Microsoft Word Viewer(3127995)(Critical) [1]This entry references the Click-to-Run (C2R) version only.This bulletin spans more than one software category.
See other tables in this section for additional affected software.This bulletin spans more than one software category.
See other tables in this section for additional affected software.

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet...

Revision Note: V36.0 (January 27, 2015): Added the 3035034 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S...

MS16-079 – Important: Security Update for Microsoft Exchange Server (3160339)...

Security Update for Microsoft Exchange Server (3160339)Published: June 14, 2016Version: 1.0This security update resolves vulnerabilites in Microsoft Exchange Server.

The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.This security update is rated Important for all supported editions of Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, Microsoft Exchange Server 2013, and Microsoft Exchange Server 2016.

For more information, see the Affected Software and Vulnerability Severity Ratings section.The security update addresses the vulnerabilities by correcting the way that Microsoft Exchange parses HTML messages.

For more information about the vulnerabilities, see the Vulnerability Information section.For more information about this update, see Microsoft Knowledge Base Article 3160339.The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.*The Updates Replaced column shows only the latest update in any chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).Why is Microsoft issuing a security update for vulnerabilities that are in third-party code, Oracle Outside In libraries? Microsoft licenses a custom implementation of the Oracle Outside In libraries, specific to the product in which the third-party code is used. Microsoft is issuing this security update to help ensure that all customers using this third-party code in Microsoft Exchange are protected from these vulnerabilities.

For more information about these vulnerabilities, see Oracle Critical Patch Update Advisory - January 2016.Do these updates contain any additional security-related changes to functionality? The updates listed in the Affected Software and Vulnerability Severity Ratings table include defense-in-depth updates to help improve security-related features, in addition to the changes that are listed for the vulnerability described in this bulletin.Microsoft Exchange Information Disclosure Vulnerability - CVE-2016-0028An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure.

An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access (OWA).

An attacker could also combine this vulnerability with another one, such as a Cross-Site Request Forgery (CSRF), to amplify the attack.To exploit the vulnerability, an attacker could include specially crafted image URLs in OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL.

This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.

The update corrects the way that Exchange parses HTML messages.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Exchange Information Disclosure Vulnerability CVE-2016-0028 No No Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability.WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.Oracle Outside In Libraries Elevation of Privilege VulnerabilitiesThis security update addresses the following vulnerabilities, which are described in Oracle Critical Patch Update Advisory - January 2016:CVE-2015-6013: Oracle Outside In 8.5.2 WK4 stack buffer overflow CVE-2015-6014: Oracle Outside In 8.5.2 DOC stack buffer overflow CVE-2015-6015: Oracle OIT 8.5.2 Paradox DB stack buffer overflow For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See Acknowledgments for more information.The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.V1.0 (June 14, 2016): Bulletin published. Page generated 2016-06-08 10:44-07:00.

MS16-076 – Important: Security Update for Netlogon (3167691) – Version: 1.0

Security Update for Netlogon (3167691)Published: June 14, 2016Version: 1.0This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.This security update is rated Important for all supported editions of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

For more information, see the Affected Software and Vulnerability Severity Ratings section.The update addresses the vulnerability by modifying how Netlogon handles the establishment of secure channels.

For more information about the vulnerability, see the Vulnerability Information section.For more information about this update, see Microsoft Knowledge Base Article 3167691.The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.[1]This update is available via Windows Update only.*The Updates Replaced column shows only the latest update in a chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is on the Package Details tab).Why is security update 3161561 in this bulletin also denoted in MS16-075 Security update 3161561 is also denoted in MS16-075 for supported releases of Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 due to the way fixes for vulnerabilities affecting particular products are consolidated.

Because bulletins are broken out by the vulnerabilities being addressed, not by the update package being released, it is possible for separate bulletins, each addressing distinctly different vulnerabilities, to list the same update package as the vehicle for providing their respective fixes.

This is frequently the case with cumulative updates for products, such as Internet Explorer or Silverlight, where singular security updates address different security vulnerabilities in separate bulletins.Note Users do not need to install identical security updates that ship with multiple bulletins more than once.Windows Netlogon Memory Corruption Remote Code Execution- CVE-2016-3228This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow remote code execution when Windows improperly handles objects in memory.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

To exploit the vulnerability, a domain-authenticated attacker could make a specially crafted NetLogon request to a domain controller. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This update corrects how Windows handles objects in memory to prevent corruption.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability Title CVE number Publicly disclosed Exploited Windows Netlogon Memory Corruption Remote Code Execution Vulnerability CVE-2016-3228 No No Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability.WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See Acknowledgments for more information.The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.V1.0 (June 14, 2016): Bulletin published. Page generated 2016-06-15 10:31-07:00.

2953095 – Vulnerability in Microsoft Word Could Allow Remote Code Execution...

Revision Note: V2.0 (April 8, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-017 to address this issue. For more inf...

2737111 – Vulnerabilities in Microsoft Exchange and FAST Search Server 2010...

Revision Note: V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin for Microsoft FAST Search Server 2010 for SharePoint.Summary: Microsoft has completed the investigation into public reports of vulnerabilities in third-...

Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of...

Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to ad...

Vulnerability in Microsoft Word Could Allow Remote Code Execution – Version:...

Revision Note: V2.0 (April 8, 2014): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS14-017 to address this issue. For more inf...

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet...

Revision Note: V34.0 (January 13, 2015): Added the 3024663 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S...

2896666 – Vulnerability in Microsoft Graphics Component Could Allow Remote Code...

Revision Note: V2.0 (December 10, 2013): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a private report of this vulnerability. We have issued MS13-096 to address the Microsoft Graph...

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet...

Revision Note: V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows ...

MS16-071 – Critical: Security Update for Microsoft Windows DNS Server (3164065)...

Security Update for Microsoft Windows DNS Server (3164065)Published: June 14, 2016Version: 1.0This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.This security update is rated Critical for all supported releases of Windows Server 2012 and Windows Server 2012 R2.

For more information, see the Affected Software and Vulnerability Severity Ratings section.The security update addresses the vulnerability by modifying how DNS servers handle requests.

For more information about the vulnerability, see the Vulnerability Information section.For more information about this update, see Microsoft Knowledge Base Article 3164065.The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The following severity ratings assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.Note Windows Server Technical Preview 5 is affected.

Customers running this operating system are encouraged to apply the update, which is available via Windows Update.*The Updates Replaced column shows only the latest update in any chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).Windows DNS Server Use After Free Vulnerability – CVE-2016-3227A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability Title CVE number Publicly disclosed Exploited Windows DNS Server Use After Free Vulnerability CVE-2016-3227 No No Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability.WorkaroundsMicrosoft has not identified any workarounds for this vulnerability.For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See Acknowledgments for more information.The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.V1.0 (June 14, 2016): Bulletin published. Page generated 2016-06-08 09:48-07:00.