Home > Microsoft Security > Microsoft Security Bulletin July 2016

Microsoft Security Bulletin July 2016

Contents

Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please see the section, Other Information. Report a vulnerabilityContribute to MSRC investigations of security vulnerabilities.Search by bulletin, KB, or CVE number OR Filter bulletins by product or componentAllActive DirectoryActive Directory Federation Services 1.xActive Directory Federation Services 2.0Active Directory An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. have a peek here

The bounty program enables individuals across the globe to earn a bounty on submitted vulnerabilities for participating services and products provided by Microsoft. Microsoft Virtual Security SummitMarch 29, 2016 – 9:00AM Pacific TimeWith the threat of cyberattacks against corporations, government agencies and nonprofits looming, it’s imperative to understand how cybercriminals have evolved and learn If you are using network printing in your environment, after you apply the 3170005 security update you may receive a warning about installing a printer driver, or the driver may fail Important Remote Code Execution May require restart --------- Microsoft Office,Microsoft Office Services and Web Apps MS16-134 Security Update for Common Log File System Driver (3193706)This security update resolves vulnerabilities in Microsoft

Microsoft Security Bulletin July 2016

Important Security Feature Bypass Requires restart --------- Microsoft Windows MS16-093 Security Update for Adobe Flash Player (3174060)This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of See other tables in this section for additional affected software. V1.1 (July 29, 2016): For MS16-087, added a Known Issues reference to the Executive Summaries table.

  • An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
  • See Acknowledgments for more information.
  • Learn about settings and quick actions that can be locked down in Windows 10 Mobile then learn how to configure Windows 10 Mobile using Lockdown XML or manage identity verification using
  • Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
  • Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
  • An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
  • How do I use this table?
  • Other versions are past their support life cycle.
  • The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.

Enterprise Mobility Suite: Beyond "Bring Your Own Device"Get an in-depth look at supporting services and infrastructure to further implement, manage, and protect your technology assets through on-premises and user-owned technologies and Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. Critical Remote Code Execution Requires restart 3197873 3197874 3197876 3197877 3197867 3197868 Microsoft Windows MS16-132 Security Update for Microsoft Graphics Component (3199120) This security update resolves vulnerabilities in Microsoft Windows. Microsoft Security Bulletin May 2016 Windows 10 Mobile Security GuideGet a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform

Important Information Disclosure Requires restart --------- Microsoft Windows MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481)This security update resolves vulnerabilities in Microsoft Windows. Microsoft Security Bulletin June 2016 See Microsoft Security Advisories for more information. Important Elevation of Privilege Requires restart 3197873 3197874 3197876 3197877 3197867 3197868 Microsoft Windows MS16-136 Security Update for SQL Server (3199641)This security update resolves vulnerabilities in Microsoft SQL Server. You can find them most easily by doing a keyword search for "security update".

Microsoft Advanced Threat AnalyticsMicrosoft Advanced Threat Analytics (ATA) helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline. Microsoft Security Bulletin October 2016 Critical Remote Code Execution Requires restart --------- Microsoft Windows,Adobe Flash Player Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. You can obtain the MSRC public PGP key at the MSRC Security Notification PGP Web page. Page generated 2016-09-29 13:55-07:00.

Microsoft Security Bulletin June 2016

Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Microsoft Security Bulletin July 2016 Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2016 Microsoft © 2016 Microsoft

Critical Remote Code Execution Requires restart --------- Microsoft Windows,Microsoft Edge MS16-086 Cumulative Security Update for JScript and VBScript (3169996)This security update resolves a vulnerability in the JScript and VBScript scripting engines in navigate here Note You may have to install several security updates for a single vulnerability. The MSRC investigates all reports of security vulnerabilities affecting Microsoft products and services, and releases these documents as part of the ongoing effort to help you manage security risks and help In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Microsoft Security Bulletins

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. CVE ID                     Vulnerability Title Exploitability Assessment forLatest Software Release Exploitability Assessment forOlder Software Release Denial of ServiceExploitability Assessment MS16-104: Cumulative Security Update for Internet Explorer (3183038) CVE-2016-3247 Microsoft Browser Memory Corruption Vulnerability 2 - Exploitation Less Likely 4 - Not affected Not applicable CVE-2016-3291 Critical Remote Code Execution May require restart --------- Microsoft Office,Microsoft Office Services and Web Apps MS16-108 Security Update for Microsoft Exchange Server (3185883)This security update resolves vulnerabilities in Microsoft Exchange Server. Check This Out Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates.

You should review each software program or component listed to see whether any security updates pertain to your installation. Microsoft Patch Tuesday August 2016 The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Important Elevation of Privilege Requires restart 3197873 3197874 3197876 3197877 3197867 3197868 Microsoft Windows MS16-135 Security Update for Windows Kernel-Mode Drivers (3199135)This security update resolves vulnerabilities in Microsoft Windows.

Brad Anderson, Corporate Vice President, Enterprise and Client Mobility has been blogging a lot on this topic and I always learn something from him.

Important Information Disclosure May require restart --------- Microsoft Windows MS16-116 Security Update in OLE Automation for VBScript Scripting Engine (3188724)This security update resolves a vulnerability in Microsoft Windows. Important Remote Code Execution Does not require restart --------- Microsoft Windows MS16-110 Security Update for Windows (3178467)This security update resolves vulnerabilities in Microsoft Windows. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Security Bulletin September 2016 Each advisory is accompanied by a Microsoft Knowledge Base Article to provide additional information about any changes or updates being delivered with the advisory’s release.

An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Home Security Updates Tools Learn Library Support We’re sorry. Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and this contact form These bulletins are written for IT professionals, contain in-depth technical information, and e-mails are digitally-signed with PGP.E-mail:  Security Notification ServiceRSS:  Security for IT Professionals  Web Site:  Bulletin SearchComprehensive AlertsThe free Comprehensive

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. For information about these and other tools that are available, see Security Tools for IT Pros.  Acknowledgments Microsoft recognizes the efforts of those in the security community who help us protect Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Home Security Updates Tools Learn Library Support Response Bulletins Advisories Guidance Developer We’re sorry. If the current user is logged on with administrative user rights, an attacker could take control of an affected system.

For more information about security, see Security TechCenter. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Critical Remote Code Execution May require restart --------- Microsoft Office,Microsoft Office Services and Web Apps MS16-089 Security Update for Windows Secure Kernel Mode (3170050)This security update resolves a vulnerability in Microsoft Windows.

Important Information Disclosure Requires restart --------- Microsoft Windows MS16-114 Security Update for SMBv1 Server (3185879)This security update resolves a vulnerability in Microsoft Windows. Security Bulletins Security Bulletin Summaries Security Advisories Microsoft Vulnerability Research Advisories Acknowledgments Glossary For more information about the MSRC, see Microsoft Security Response Center. For details on how to deploy, configure, maintain, and support phones and small tablets running Windows 10 Mobile, see Windows 10 Mobile and mobile device management. The vulnerabilities are listed in order of bulletin ID then CVE ID.

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! This documentation is archived and is not being maintained. If a software program or component is listed, then the severity rating of the software update is also listed. Critical Remote Code Execution Requires restart --------- Microsoft Windows,Internet Explorer MS16-085 Cumulative Security Update for Microsoft Edge (3169999)This security update resolves vulnerabilities in Microsoft Edge.

Looking for more information? A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. Email us at [email protected] share your ideas. Top Stories  Progress Report: Enterprise Security for Our Mobile-First, Cloud-First WorldLearn about new Microsoft security capabilities, products and features designed to help our customers accelerate The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up