MS16-035 - Important: Security Update for .NET Framework to Address Security Feature Bypass (3141780) - Version: 2.1

Severity Rating: ImportantRevision Note: V2.1 (May 18, 2016): Revised bulletin to clarify the distribution audience for the Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 security updates that were re-released on May 10, 2016, as follows: The security updates for Microsoft .NET Framework 4.5.2 have been re-released to Limited Distribution Release (LDR) customers only. The security updates for Microsoft .NET Framework 4.6/4.6.1 have been re-released to all customers.Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.

Posted by on 18 May 2016 | 12:00 pm

MS16-064 - Critical: Security Update for Adobe Flash Player (3157993) - Version: 2.0

Severity Rating: CriticalRevision Note: V2.0 (May 13, 2016): Bulletin revised to announce the release of update 3163207 to address the vulnerabilities included in Adobe Security Bulletin APSB16-15. Note that update 3163207 replaces the update previously released in this bulletin (update 3157993). Microsoft strongly recommends that customers install update 3163207 to help be protected from the vulnerabilities described in Adobe Security Bulletin APSB16-15.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Posted by on 13 May 2016 | 12:00 pm

MS16-067 - Important: Security Update for Volume Manager Driver (3155784) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (May 13, 2016): Bulletin revised to change the vulnerability severity rating for Windows 8.1 and Windows RT 8.1 to Not applicable, because these operating systems are not affected by the vulnerability described in this bulletin. Customers who have applied security update 3155784 do not need to take any further action. This is an informational change only.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.

Posted by on 13 May 2016 | 12:00 pm

MS16-065 - Important: Security Update for .NET Framework (3156757) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (May 12, 2016): Revised bulletin to announce a detection change for the 3142037 update for .NET Framework 4.6. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.

Posted by on 12 May 2016 | 12:00 pm

MS16-061 - Important: Security Update for Microsoft RPC (3155520) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (May 11, 2016): Bulletin revised to change the vulnerability impact from elevation of privilege to remote code execution, and the title of CVE 2016-0178 to RPC Network Data Representation Engine Remote Code Execution Vulnerability. This is an informational change only.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an authenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.

Posted by on 11 May 2016 | 12:00 pm

MS16-054 - Critical: Security Update for Microsoft Office (3155544) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-062 - Important: Security Update for Windows Kernel-Mode Drivers (3158222) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Posted by on 10 May 2016 | 12:00 pm

MS16-051 - Critical: Cumulative Security Update for Internet Explorer (3155533) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-056 - Critical: Security Update for Windows Journal (3156761) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-066 - Important: Security Update for Virtual Secure Mode (3155451) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.

Posted by on 10 May 2016 | 12:00 pm

MS16-055 - Critical: Security Update for Microsoft Graphics Component (3156754) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-060 - Important: Security Update for Windows Kernel (3154846) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Posted by on 10 May 2016 | 12:00 pm

MS16-057 - Critical: Security Update for Windows Shell (3156987) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Click here to enter text.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-058 - Important: Security Update for Windows IIS (3141083) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-052 - Critical: Cumulative Security Update for Microsoft Edge (3155538) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-059 - Important: Security Update for Windows Media Center (3150220) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-053 - Critical: Cumulative Security Update for JScript and VBScript (3156764) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (May 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 10 May 2016 | 12:00 pm

MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 2.0

Severity Rating: CriticalRevision Note: V2.0 (April 19, 2016): To comprehensively address CVE-2016-0145, Microsoft re-released security update 3144432 for affected editions of Microsoft Live Meeting 2007 Console. Customers running Microsoft Live Meeting 2007 Console should install the update to be fully protected from the vulnerability. See Microsoft Knowledge Base Article 3144432 for more information.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

Posted by on 19 April 2016 | 12:00 pm

MS16-045 - Important: Security Update for Windows Hyper-V (3143118) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Posted by on 12 April 2016 | 12:00 pm

MS15-040 - Critical: Security Update for Microsoft XML Core Service to Address Remote Code Execution (3148541) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.

Posted by on 12 April 2016 | 12:00 pm

MS16-048 - Important: Security Update for CSRSS (3148528) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.

Posted by on 12 April 2016 | 12:00 pm

MS16-044 - Important: Security Update for Windows OLE (3146706) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Posted by on 12 April 2016 | 12:00 pm

MS16-033 - Important: Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142) - Version: 2.0

Severity Rating: ImportantRevision Note: V2.0 (April 12, 2016): To comprehensively address CVE-2016-0133, Microsoft is releasing April Windows 10 Cumulative Update. Microsoft recommends that customers running affected versions of Microsoft Windows 10 (update 3140745) should install update 3147461. See Microsoft Knowledge Base Article 3140745 for more information.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.

Posted by on 12 April 2016 | 12:00 pm

MS16-037 - Critical: Cumulative Security Update for Internet Explorer (3148531) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 12 April 2016 | 12:00 pm

MS16-049 - Important: Security Update for HTTP.sys (3148795) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

Posted by on 12 April 2016 | 12:00 pm