Home > Microsoft Security > Microsoft Security Bulletin December 2016

Microsoft Security Bulletin December 2016

Contents

Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Important Information Disclosure Requires restart --------- Microsoft Windows MS16-114 Security Update for SMBv1 Server (3185879)This security update resolves a vulnerability in Microsoft Windows. Critical Remote Code Execution May require restart Microsoft Windows, Microsoft .NET Framework MS14-058 Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) This security update resolves two privately reported vulnerabilities in For details on affected software, see the next section, Affected Software. http://img4skype.com/microsoft-security/microsoft-security-bulletin-may-2016.html

If the current user is logged on with administrative user rights, an attacker could take control of an affected system. CVE-2013-3871 is scheduled to be addressed in a future security update. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. How do I use these tables? https://technet.microsoft.com/en-us/library/security/ms16-dec.aspx

Microsoft Security Bulletin December 2016

Important Elevation of Privilege Requires restart 3175024 Microsoft Windows MS16-112 Security Update for Windows Lock Screen (3178469)This security update resolves a vulnerability in Microsoft Windows. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an email message or Instant Messenger message. The content you requested has been removed.

Please note that the 3138327 update for Microsoft Outlook 2016 for Mac was not released on March 16. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Microsoft Security Patches An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. Microsoft Security Bulletin November 2016 Executive Summaries The following table summarizes the security bulletins for this month in order of severity. Critical Remote Code Execution May require restart --------- Microsoft Office,Microsoft Office Services and Web Apps MS16-122 Security Update for Microsoft Video Control (3195360)This security update resolves a vulnerability in Microsoft Windows. Get More Info For more information, see Microsoft Knowledge Base Article 913086.

You should review each software program or component listed to see whether any security updates pertain to your installation. Microsoft Patch Tuesday Schedule 2017 See Acknowledgments for more information. Likely, M$ hv reintroduced KB2952664 n KB2976978 in anticipation of Win 7/8.1 users clamoring to upgrade to Win 10 bc M$ will be sending the Nov or Dec 2016 Patch Rollup For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft Security Bulletin November 2016

The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. useful source Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. Microsoft Security Bulletin December 2016 Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion Microsoft Patch Tuesday December 2016 It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.InformationAbout Contact Disclaimer Rss Feeds Privacy Policy

Use these tables to learn about the security updates that you may need to install. Get More Info Is there a way to pass thought this update? Reply Andrej October 11, 2016 at 9:50 pm # Cant understand the deference between '"Security Monthly Quality Rollup" and "Security Only Quality update". For details on affected software, see the next section, Affected Software. Microsoft Security Bulletin January 2017

The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. For details on affected software, see the Affected Software section. useful reference Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release.

Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Microsoft Patch Tuesday November 2016 An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. For more information and the solution to this known issue, see Microsoft Knowledge Base Article 3168674.

In the columns below, "Latest Software Release" refers to the subject software, and "Older Software Releases" refers to all older, supported releases of the subject software, as listed in the "Affected

Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2017 Microsoft © 2017 Microsoft

Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2017 Microsoft © 2017 Microsoft this page The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software.

For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Reply M$, BYE October 11, 2016 at 9:36 pm # How can someone know what these patches do?I look at Microsoft(TM) site and they list these KB...I look at one of An attacker could exploit the vulnerabilities to execute malicious code. Show: Inherited Protected Print Export (0) Print Share IN THIS ARTICLE Is this page helpful?

This bulletin spans more than one software category. Additionally, bulletin information in the Common Vulnerability Reporting Framework (CVRF) format is available. I don't know the answer to that, but I would guess that they are kept optional and are not included in the monthly rollup. Other versions are past their support life cycle.

An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Critical Remote Code Execution Requires restart 3185614 3185611 3188966 3192392 3192393 3192391 Microsoft Windows MS16-123 Security Update for Windows Kernel-Mode Drivers (3192892)This security update resolves vulnerabilities in Microsoft Windows. For details on affected software, see the next section, Affected Software. Earlier operating systems are either not affected or they received the fix in the original updates of October 13, 2015.

Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. You can find them most easily by doing a keyword search for "security update". Note You may have to install several security updates for a single vulnerability. Important Elevation of Privilege Requires restart 3185614 3185611 3188966 3192392 3192393 3192391 Microsoft Windows MS16-124 Security Update for Windows Registry (3193227)This security update resolves vulnerabilities in Microsoft Windows.

Windows 8.1, RT 8.1 and Windows 10 are furthermore affected by MS16-127 critically. MS13-081 Win32k NULL Page Vulnerability CVE-2013-3881 Not affected 1 - Exploit code likelyPermanent(None) MS13-081 DirectX Graphics Kernel Subsystem Double Fetch Vulnerability CVE-2013-3888 Not affected 2 - Exploit code would be difficult