Tuesday, October 11, 2016

Microsoft Security Bulletin Release for October, 2016


The updates this month begin the new "patch rollup" for Windows 7 and 8.1 as well as Server 2008 and 2012.

Simply stated, on the second Tuesday of each month, "Patch Tuesday, rather than individual KB articles, there will be one  security monthly rollup.  The update includes new security fixes along with the security fixes from previous monthly rollups, available from Windows Update.

As explained in How to prepare for the Windows 7/8.1 ‘patchocalypse’,

"The most important note for most Windows Update users: You don’t have to change anything. The Automatic Update settings (that is, Automatically download and install, Download but let me choose when to install, Notify but don’t download, or Never check) work as they always have. The “Give me recommended updates the same way I receive important updates” check box works as it has before -- if Microsoft tags an update as “Recommended” and this box is checked, the update appears checked (ready to install) in the Windows Update list. If that box is unchecked, the update appears as unchecked in the Optional category." 
For complete, albeit confusing, details, the changes are described in More on Windows 7 and Windows 8.1 servicing changes – Windows for IT Pros.  

October Security Update Details:

Microsoft released ten (10) bulletins.  Five (5) bulletins are identified as Critical, four (4) as Important and one (1) rated Moderate in severity

The updates address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft .NET Framework, Skype for Business, Microsoft Lync as well as Adobe Flash Player for Windows 8.1 and above. 

Addressed in the updates are Remote Code Execution, Elevation of Privilege and Information Disclosure.

Information about the update for Windows 10 is available at Windows 10 update history.

Critical:
  • MS16-118 -- Cumulative Security Update for Internet Explorer (392887)
  • MS16-119 -- Cumulative Security Update for Microsoft Edge (3192890)
  • MS16-120 -- Security Update for Microsoft Graphics Component (3192884)
  • MS16-122 -- Security Update for Microsoft Video Control (3195360)
  • MS16-127 -- Security Update for Adobe Flash Player (3194343)
Important:
  • MS16-121 -- Security Update for Microsoft Office (3194063)
  • MS16-123 -- Security Update for Windows Kernel-Mode Drivers (3192892)
  • MS16-124 -- Security Update for Windows Registry (3193227)
  • MS16-125 -- Security Update for Diagnostics Hub (3193229)
Moderate:
  • MS16-126 -- Security Update for Microsoft Internet Messaging API (3196067)

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

    References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      No comments: