MS16-092 - Important: Security Update for Windows Kernel (3171910) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (July 18, 2016): Bulletin revised to add an Update FAQ to inform customers running Windows Server 2012 that they do not need to install the 3170377 and 3172727 updates in a particular order.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to properly validate permissions.

Posted by on 18 July 2016 | 12:00 pm

MS16-094 - Important: Security Update for Secure Boot (3177404) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (July 18, 2016): Bulletin revised to add an Update FAQ to inform customers running Windows Server 2012 that they do not need to install the 3170377 and 3172727 updates in a particular order.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.

Posted by on 18 July 2016 | 12:00 pm

MS16-077 - Important: Security Update for WPAD (3165191) - Version: 1.2

Severity Rating: ImportantRevision Note: V1.2 (July 13, 2016): Bulletin revised to correct the workarounds for CVE-2016-3213 and CVE-2016-3236. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

Posted by on 13 July 2016 | 12:00 pm

MS16-035 - Important: Security Update for .NET Framework to Address Security Feature Bypass (3141780) - Version: 2.2

Severity Rating: ImportantRevision Note: V2.2 (July 13, 2016): Revised bulletin to inform customers that the 3135996 update has been refreshed. This is an informational notification only. Customers who have already successfully installed the update do not need to take any further action.Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.

Posted by on 13 July 2016 | 12:00 pm

MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or sets up a rogue print server on a target network.

Posted by on 12 July 2016 | 12:00 pm

MS16-090 - Important: Security Update for Windows Kernel-Mode Drivers (3171481) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Posted by on 12 July 2016 | 12:00 pm

MS15-094 - Important: Security Update for Secure Boot (3175677) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.

Posted by on 12 July 2016 | 12:00 pm

MS16-089 - Important: Security Update for Windows Secure Kernel Mode (3170050) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

Posted by on 12 July 2016 | 12:00 pm

MS16-084 - Critical: Cumulative Security Update for Internet Explorer (3169991) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 12 July 2016 | 12:00 pm

MS16-091 - Important: Security Update for .NET Framework (3170048) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based application.

Posted by on 12 July 2016 | 12:00 pm

MS16-085 - Critical: Cumulative Security Update for Microsoft Edge (3169999) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Posted by on 12 July 2016 | 12:00 pm

MS16-093 - Critical: Security Update for Adobe Flash Player (3174060) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Posted by on 12 July 2016 | 12:00 pm

MS16-086 - Critical: Cumulative Security Update for JScript and VBScript (3169996) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 12 July 2016 | 12:00 pm

MS16-088 - Critical: Security Update for Microsoft Office (3170008) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (July 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Posted by on 12 July 2016 | 12:00 pm

MS16-063 - Critical: Cumulative Security Update for Internet Explorer (3163649) - Version: 1.1

Severity Rating: CriticalRevision Note: V1.1 (June 22, 2016): Bulletin revised to add workarounds for CVE-2016-3213. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Posted by on 22 June 2016 | 12:00 pm

MS16-083 - Critical: Security Update for Adobe Flash Player (3167685) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (June 16, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Posted by on 16 June 2016 | 12:00 pm

MS16-074 - Important: Security Update for Microsoft Graphics Component (3164036) - Version: 1.1

Severity Rating: ImportantRevision Note: V1.1 (June 15, 2016): Revised the Executive Summary to correct the attack vector description. This is an informational change only.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted application.

Posted by on 15 June 2016 | 12:00 pm

MS16-075 - Important: Security Update for Windows SMB Server (3164038) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

Posted by on 14 June 2016 | 12:00 pm

MS16-068 - Critical: Cumulative Security Update for Microsoft Edge (3163656) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Posted by on 14 June 2016 | 12:00 pm

MS16-039 - Critical: Security Update for Microsoft Graphics Component (3148522) - Version: 3.0

Severity Rating: CriticalRevision Note: V3.0 (June 14, 2016): Microsoft has re-released security update 3144427 for affected editions of Microsoft Lync 2010 and Microsoft Lync 2010 Attendee. The re-release addresses issues customers might have experienced downloading security update 3144427. Customers running Microsoft Lync 2010 should install the update to be fully protected from the vulnerability. See Microsoft Knowledge Base Article 3144427 for more information.Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

Posted by on 14 June 2016 | 12:00 pm

MS16-080 - Important: Security Update for Microsoft Windows PDF (3164302) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.

Posted by on 14 June 2016 | 12:00 pm

MS16-076 - Important: Security Update for Netlogon (3167691) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

Posted by on 14 June 2016 | 12:00 pm

MS16-081 - Important: Security Update for Active Directory (3160352) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

Posted by on 14 June 2016 | 12:00 pm

MS16-071 - Critical: Security Update for Microsoft Windows DNS Server (3164065) - Version: 1.0

Severity Rating: CriticalRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

Posted by on 14 June 2016 | 12:00 pm

MS16-072 - Important: Security Update for Group Policy (3163622) - Version: 1.0

Severity Rating: ImportantRevision Note: V1.0 (June 14, 2016): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine .

Posted by on 14 June 2016 | 12:00 pm