MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 2.0

Severity Rating: CriticalRevision Note: V2.0 (April 19, 2016): To comprehensively address CVE-2016-0145, Microsoft re-released security update 3144432 for affected editions of Microsoft Live Meeting 2007 Console. Customers running Microsoft Live Meeting 2007 Console should install the update to be fully protected from the vulnerability. See Microsoft Knowledge Base Article 3144432 for more information.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

Posted by on 19 April 2016 | 2:00 am

MS16-049 - Important: Security Update for HTTP.sys (3148795) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

Posted by on 12 April 2016 | 2:00 am

MS15-040 - Critical: Security Update for Microsoft XML Core Service to Address Remote Code Execution (3148541) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.

Posted by on 12 April 2016 | 2:00 am

MS16-047 - Important: Security Update for SAM and LSAD Remote Protocols (3148527) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.

Posted by on 12 April 2016 | 2:00 am

MS16-044 - Important: Security Update for Windows OLE (3146706) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Posted by on 12 April 2016 | 2:00 am

MS16-037 - Critical: Cumulative Security Update for Internet Explorer (3148531) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 12 April 2016 | 2:00 am

MS16-033 - Important: Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142) - Version: 2.0

Severity Rating: ImportantRevision Note: V2.0 (April 12, 2016): To comprehensively address CVE-2016-0133, Microsoft is releasing April Windows 10 Cumulative Update. Microsoft recommends that customers running affected versions of Microsoft Windows 10 (update 3140745) should install update 3147461. See Microsoft Knowledge Base Article 3140745 for more information.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.

Posted by on 12 April 2016 | 2:00 am

MS16-038 - Critical: Cumulative Security Update for Microsoft Edge (3148532) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 12 April 2016 | 2:00 am

MS16-048 - Important: Security Update for CSRSS (3148528) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.

Posted by on 12 April 2016 | 2:00 am

MS16-046 - Important: Security Update for Secondary Logon (3148538) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Posted by on 12 April 2016 | 2:00 am

MS16-045 - Important: Security Update for Windows Hyper-V (3143118) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Posted by on 12 April 2016 | 2:00 am

MS16-041 - Important: Security Update for .NET Framework (3148789) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause remote code execution if an attacker with access to the local system executes a malicious application.

Posted by on 12 April 2016 | 2:00 am

MS16-050 - Critical: Security Update for Adobe Flash Player (3154132) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Posted by on 12 April 2016 | 2:00 am

MS16-042 - Critical: Security Update for Microsoft Office (3148775) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 12 April 2016 | 2:00 am

MS16-040 - Critical: Security Update for Microsoft XML Core Services (3148541) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (April 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Posted by on 12 April 2016 | 2:00 am

MS15-121 - Important: Security Update for Schannel to Address Spoofing (3081320) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (April 7, 2016): Updated the footnotes following the Affected Software table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.

Posted by on 7 April 2016 | 2:00 am

MS16-027 - Critical: Security Update for Windows Media to Address Remote Code Execution (3143146) - Version: 1.2

Severity Rating: CriticalRevision Note: V1.2 (April 7, 2016): Added a note to clarify that Windows Media is only enabled on Windows server operating systems when the Desktop Experience feature is enabled. This is an informational change only.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website.

Posted by on 7 April 2016 | 2:00 am

MS15-115 - Critical: Security Update for Microsoft Windows to Address Remote Code Execution (3105864) - Version: 2.1

Severity Rating: CriticalRevision Note: V2.1 (April 7, 2016): Updated the footnotes following the Affected Software table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.

Posted by on 7 April 2016 | 2:00 am

MS15-122 - Important: Security Update for Kerberos to Address Security Feature Bypass (3105256) - Version: 1.2

Severity Rating: ImportantRevision Note: V1.2 (April 7, 2016): Updated the footnotes following the Affected Software and Vulnerability Severity Ratings table to further clarify installation order for security update 3101746 in MS15-115, 3081320 in MS15-121, and 3101246 in MS15-122. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.Summary: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key.

Posted by on 7 April 2016 | 2:00 am

MS13-082 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution - Version: 1.2

Severity Rating: CriticalRevision Note: V1.2 (April 7, 2016): Corrected download links for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows 2008 R2. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.

Posted by on 7 April 2016 | 2:00 am

MS16-028 - Critical: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081) - Version: 1.1

Severity Rating: CriticalRevision Note: V1.1 (March 24, 2016): Removed Windows Server 2012 (Server Core installation) from the Affected Software and Vulnerability Severity Ratings table because it is not affected. This is an informational change only.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file.

Posted by on 24 March 2016 | 2:00 am

MS16-029 - Important: Security Update for Microsoft Office to Address Remote Code Execution (3141806) - Version: 2.0

Severity Rating: ImportantRevision Note: V2.0 (March 16, 2016): Bulletin revised to announce that the 3138327 update is available for Microsoft Office 2016 for Mac, and the 3138328 update is available for Microsoft Office for Mac 2011. Please note that the 3138327 update for Microsoft Outlook 2016 for Mac was not released on March 16. This update will be released as soon as it is available and users will be notified via a bulletin revision. For more information, see Microsoft Knowledge Base Article 3138327 and Microsoft Knowledge Base Article 3138328.Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 16 March 2016 | 2:00 am

MS16-036 - Critical: Security Update for Adobe Flash Player (3144756) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (March 10, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Posted by on 10 March 2016 | 1:00 am

MS16-032 - Important: Security Update for Secondary Logon to Address Elevation of Privilege (3143141) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (March 8, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory.

Posted by on 8 March 2016 | 1:00 am

MS16-030 - Important: Security Update for Windows OLE to Address Remote Code Execution (3143136) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (March 8, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Posted by on 8 March 2016 | 1:00 am