ENGLISH

Microsoft Security Bulletins October 2016

292

Microsoft released updates for supported operating systems and other company products on today’s patch day.

This guide provides you with information on the patches and related information. It covers all security and non-security updates that Microsoft released, plus additional information and links that may prove useful.

It begins with an executive summary highlighting the most important information about the October 2016 Patch day.

This is followed by the list of affected Windows client and server operating systems, and other Microsoft products. The severity and number of updates is listed for each product so that you can see on first glance how products that you use are affected.

What follows is the list of security bulletins, security advisories, and non-security updates that Microsoft released in October 2016.

The last part lists download options, and links to additional resources.

Microsoft Security Bulletins October 2016

microsoft security updates october 2016

Executive Summary

Updates for Windows 7 and 8 are provided as monthly rollup patches instead of individual updates from this Patch day on. We covered this in detail, and suggest you check out this article for details.
Microsoft released a total of 10 security bulletins on the October 2016 Patch Day.
Five of the ten bulletins are rated with a maximum severity rating of critical (highest), the remaining five with a maximum severity rating of important (second highest).
All Microsoft client and server operating systems are affected by vulnerabilities.
Microsoft Silverlight, Microsoft .Net Framwork, Microsoft Office, and various business products are affected as well.

Operating System Distribution

All client versions of windows are affected by MS16-118, Ms16-120 and MS16-122 critically. Windows 8.1, RT 8.1 and Windows 10 are furthermore affected by MS16-127 critically. windows 10 on top of that is affected by MS16-119 critically.

Windows 10 is also affected by MS16-126, rated important, which fixes issues in the Microsoft Internet Messaging API.

MS16-119 is a cumulative security update for Microsoft Edge. MS16-127 updates the integrated Adobe Flash Player on those systems.

Windows Vista: 3 critical, 2 important, 1 moderate
Windows 7: 3 critical, 2 important, 1 moderate
Windows 8.1: 4 critical, 2 important
Windows RT 8.1: 4 critical, 2 important
Windows 10: 5 critical, 3 important
Windows Server 2008: 1 critical, 2 important, 1 moderate, 1 low
Windows Server 2008 R2: 1 critical, 2 important, 1 moderate, 1 low
Windows Server 2012 and 2012 R2: 1 critical, 2 important, 2 moderate
Server core: 1 critical, 3 important

Other Microsoft Products

Microsoft .NET Framework Security Only Release: 1 important.
Microsoft .NET Framework -Monthly Rollup Release: 1 important.
Skype for Business 2016: 1 important.
Microsoft Lync 2010, 2013: 1 important.
Microsoft Live Meeting 2007 Console: 1 important.
Microsoft Silverlight: 1 important
Microsoft Office 2007, 2010: 2 important
Microsoft Office 2013, 2013 RT, 2016: 1 important
Microsoft Office for Mac 2011, 2016: 1 important:
Microsoft Word Viewer: 2 important
Microsoft Office Compatibility Pack Service Pack 3: 2 important
Microsoft SharePoint Server 2010, 2013: 1 important
Microsoft Office Web Apps 2010, 2013: 1 important

Security Bulletins

Red = critical

MS16-118 — Cumulative Security Update for Internet Explorer (3192887)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS16-119 — Cumulative Security Update for Microsoft Edge (3192890)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-120 — Security Update for Microsoft Graphics Component (3192884)

This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync.

MS16-121 — Security Update for Microsoft Office (3194063)

This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files.

MS16-122 — Security Update for Microsoft Video Control (3195360)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory.

MS16-123 — Security Update for Windows Kernel-Mode Drivers (3192892)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-124 — Security Update for Windows Registry (3193227)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.

MS16-125 — Security Update for Diagnostics Hub (3193229)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-126 — Security Update for Microsoft Internet Messaging API (3196067)

This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory.

MS16-127 — Security Update for Adobe Flash Player (3194343)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Security advisories and updates

Non-security related updates

KB3194798 — Update for Windows 10 Version 1607 – The update includes quality improvements according to Microsoft.

The history lists various fixes for issues, as well as security updates released today. See this page for details.

KB3192392 — Security only update for Windows 8.1 and Windows Server 2012 R2

Security updates to Microsoft Video Control, kernel-mode drivers, Microsoft Graphics Component, Windows registry, and Internet Explorer 11.

KB3185331 – Monthly Rollup for Windows 8.1 and Windows Server 2012 R2

This security update includes improvements and fixes that were a part of update KB3185279 (released September 20, 2016) and also all security updates of KB3192392.

KB3192391 — Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP

Security updates to Windows authentication methods, Internet Explorer 11, Microsoft Graphics component, Microsoft Video Control, kernel-mode drivers, Windows registry, and Microsoft Internet Messaging API.

KB3185330 — Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

This security update includes improvements and fixes that were a part of update KB3185278 (released September 20, 2016), and also resolves the security updates listed under KB3192391

KB3191208 — Update for Windows 10 Version 1511 — Can’t install Windows servicing updates in Windows 10 Version 1511

KB3197099 — Dynamic Update for Windows 10 Version 1607 — Compatibility update for upgrading to Windows 10 Version 1607: October 11, 2016

KB890830 — Windows Malicious Software Removal Tool – October 2016

KB2952664 — Update for Windows 7 — Compatibility update for upgrading Windows 7. See this article for details.

KB2976978 — Update for Windows 8.1 — Compatibility update for Windows 8.1 and Windows 8. See this article for details.

KB3192665 — Update for Internet Explorer — ActiveX installation that uses AXIS fails after you install MS16-104.

KB3063109 — Update for Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 — Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host.

KB3177467 — Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 — Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: September 20, 2016.

KB3179930 — Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6 and 4.6.1 on Windows 7 and Windows Server 2008 R2.

KB3179949 — Reliability Rollup for Microsoft .NET Framework 4.5.2 and 4.6 on Vista and Server 2008.

KB3181988 — Update for Windows 7 and Windows Server 2008 R2 — SFC integrity scan reports and fixes an error in the usbhub.sys.mui file in Windows 7 SP1 and Windows Server 2008 R2 SP1.

KB3182203 — Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded — September 2016 time zone change for Novosibirsk.

KB3184143 — Update for Windows 8.1 and Windows 7 — Remove software related to the Windows 10 free upgrade offer.

KB3184951 — Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows Server 2012.

KB3185278 — Update for Windows 7 and Windows Server 2008 R2 — September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

Improved support for the Disk Cleanup tool to free up space by removing older Windows Updates after they are superseded by newer updates.
Removed the Copy Protection option when ripping CDs in Windows Media Audio (WMA) format from Windows Media Player.
Addressed issue that causes mmc.exe to consume 100% of the CPU on one processor after installing KB3125574.
Addressed issue that causes the Generic Commands (GC) to fail upon attempting to install KB2919469 or KB2970228 on a device that already has KB3125574 installed.
All reported changes here.

KB3185279 — Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 — September 2016 update rollup for Windows 8.1 and Windows Server 2012 R2.

Addressed issue that causes some USB storage devices to lose authorization when the device goes into the lowest power state, requiring user to re-authenticate using PIN when the device moves back to a working power state.
Addressed issue that causes Windows Explorer to become unresponsive when sharing a folder that is the child of at least two shared parent folders.
Addressed issue that causes a COM port to become unavailable after it is repeatedly opened and closed.
Addressed issue that causes devices to lose connection to their virtual private network (VPN) a few seconds after connecting, if the connection is made using an integrated mobile broadband connection.
All reported changes here

KB3185280 — Update for Windows Embedded 8 Standard and Windows Server 2012 — September 2016 update rollup for Windows Server 2012.

KB3186208 — Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2.

KB3159635 — Update for Windows 10 Version 1607 — Windows 10 Update Assistant update.

How to download and install the October 2016 security updates

The monthly rollup patch is offered through Windows Update. It includes all non-security and security updates that Microsoft released this month.

Tap on the Windows-key, type Windows Update, hit the Enter-key.
Click on the check for updates link if that is not done automatically.
Depending on your update policy, updates found are downloaded automatically, or need a manual trigger.

Updates are also provided via Microsoft’s Download Center, monthly Security ISO image releases, and via Microsoft’s Update Catalog.

Direct Microsoft Update Catalog download links:

Windows 7 Security-only October 2016
Windows 8.1 Security-only October 2016
Windows 8.1 Flash security patch October 2016

Additional resources

Microsoft Security Bulletin Summary for October 2016
List of software updates for Microsoft products
List of security advisories of 2016
Microsoft Update Catalog site
Our in-depth update guide for Windows
Windows 10 Update History
Windows 8.1 Update History
Windows 7 Update History