microsoft Microsoft Security Bulletins June 2016 - Updated

[vissha]

Microsoft Security Bulletins June 2016

 

Microsoft Security Bulletins June 2016 provides you with an overview of all security bulletins and non-security updates released by Microsoft.

 

This summary provides you with detailed information about the security bulletins that Microsoft released for its Windows operating system and other company products on June 14, 2016.

 

The guide lists all security and non-security patches, as well as security advisories that Microsoft released since the last patch day on May 10, 2016.

 

Each update is linked to Microsoft's Knowledge Base so that you can look it up in detail.

 

Apart from the list of patches, our overview provides you with information about the operating system and other Microsoft products distribution, an executive summary, and information on how to download the updates to Windows machines.

 

Microsoft Security Bulletins June 2016

 

Executive Summary

• Microsoft released a total of 16 security bulletins on the June 2016 Patch Day.
• 5 of the bulletins received the highest severity rating of critical, the remaining 11 bulletins a rating of important.
• Affected products include all client and server versions of Microsoft Windows, Microsoft Office, and Microsoft Exchange.

 

Operating System Distribution

 

All client versions of Windows are affected critically by vulnerabilities described in MS16-063. Windows Vista on top of that is affected critically by MS16-069, and Windows 10 by MS16-068.

 

MS16-069 is a cumulative security update for JScript and VBScript, and MS16-068 an update for Microsoft Edge which is exclusively available for Windows 10.

 

The critical server vulnerability affects only Windows Server 2012 and 2012 R2. It is described as an update for Microsoft Windows DNS Server in the bulletin MS16-071.

• Windows Vista: 2 critical, 2 important
• Windows 7: 1 critical, 2 important
• Windows 8.1: 1 critical, 3 important
• Windows RT 8.1: 1 critical, 2 important
• Windows 10: 2 critical, 4 important
• Windows Server 2008: 3 important, 2 moderate
• Windows Server 2008 R2: 4 important, 1 moderate
• Windows Server 2012 and 2012 R2: 1 critical, 5 important, 1 moderate
• Server core: 1 critical, 3 important, 1 moderate

 

Other Microsoft Products

 

All Office products are affected by vulnerabilities described in the bulletin MS16-070. Microsoft Exchange Server is affected by vulnerabilities described in MS16-079.

• Microsoft Office 2007, 2010, 2013, 2013 RT, 2016: 1 critical
• Microsoft Office for Mac 2011, 2016: 1 critical
• Microsoft Office Compatibility Pack SP3: 1 important
• Microsoft Visio Viewer 2007 SP3, 2010: 1 important
• Microsoft Word Viewer: 1 important
• Microsoft SharePoint Server 2010, 2013: 1 important
• Microsoft Office Web Apps 2010, 2013: 1 important
• Office Online Server: 1 important
• Microsoft Exchange Server 2007, 2010, 2013, 2016: 1 important

 

Security Bulletins

 

MS16-063 - Cumulative Security Update for Internet Explorer (3163649) - Critical - Remote Code Execution

 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

 

MS16-068 - Cumulative Security Update for Microsoft Edge (3163656) - Critical - Remote Code Execution

 

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

 

MS16-069 - Cumulative Security Update for JScript and VBScript (3163640) - Critical - Remote Code Execution

 

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website.

 

MS16-070 - Security Update for Microsoft Office (3163610) - Critical - Remote Code Execution

 

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

 

MS16-071 - Security Update for Microsoft Windows DNS Server (3164065) - Critical - Remote Code Execution

 

The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

 

MS16-072 - Security Update for Group Policy (3163622) - Important - Elevation of Privilege

 

The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

 

MS16-073 - Security Update for Windows Kernel-Mode Drivers (3164028) - Important - Elevation of Privilege

 

The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

 

MS16-074 - Security Update for Microsoft Graphics Component (3164036) - Important - Elevation of Privilege

 

The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.

 

MS16-075 - Security Update for Windows SMB Server (3164038) - Important - Elevation of Privilege

 

The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

 

MS16-076 - Security Update for Netlogon (3167691) - Important - Remote Code Execution

 

The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

 

MS16-077 - Security Update for WPAD (3165191) - Important - Elevation of Privilege

 

The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

 

MS16-078 - Security Update for Windows Diagnostic Hub (3165479) - Important - Elevation of Privilege

 

The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

 

MS16-079 - Security Update for Microsoft Exchange Server (3160339) -  Important - Information Disclosure

 

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.

 

MS16-080 - Security Update for Microsoft Windows PDF (3164302) - Important - Remote Code Execution

 

The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user.

 

MS16-081 - Security Update for Active Directory (3160352) - Important - Denial of Service

 

This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

 

MS16-082 - Security Update for Microsoft Windows Search Component (3165270) - Important - Denial of Service

 

The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application.

 

Security advisories and updates

 

MS16-033: Security Update for Windows Embedded Standard 7 (KB3139398)

 

Quote

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.

 

MS16-064: Security Update for Adobe Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB3163207)

 

Quote

MS16-064: Security update for Adobe Flash Player: May 13, 2016

 

MS16-065: Security Update for Microsoft .NET Framework 4.6 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3142037)

 

Quote

MS16-065: Description of the security update for the .NET Framework 4.6.1 in Windows 7 SP1 and Windows Server 2008 R2 SP1 and the .NET Framework 4.6 in Windows Vista SP2 and Windows Server 2008 SP2: May 10, 2016

 

Microsoft Security Advisory 2880823

 

Quote

Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

 

Microsoft Security Advisory 3155527

 

Quote

Update to Cipher Suites for FalseStart

 

Non-security related updates

 

Update for Windows 7 (KB2952664)

 

Update for Windows 7 (KB2977759)

 

Update for Windows 8.1 and Windows 8 (KB2976978)

 

Quote

Compatibility update for upgrading Windows 7, 7 RTM, 8, 8.1. This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.

 

Update for Windows Embedded 8 Standard (KB3156416)

 

Quote

May 2016 update rollup for Windows Server 2012

 

Update for Windows 8.1 and Windows 7 (KB3035583)

 

Quote

This update installs the Get Windows 10 app that helps users understand their Windows 10 upgrade options and device readiness.

 

Update for Windows 8.1 and Windows 7 (KB3123862)

 

Quote

Updated capabilities to upgrade Windows 8.1 and Windows 7

 

Update for Windows 7 and Windows Server 2008 R2 (KB3125574)

 

Quote

Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1.

 

Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2 (KB3139923)

 

Quote

MSI repair doesn't work when MSI source is installed on an HTTP share in Windows

 

Update for Windows Server 2012 R2 (KB3155444)

 

Quote

PXE client computers freeze during multithread network transfers in Windows Server 2012 R2.

 

Update for Windows Server 2012 (KB3156416)

 

Quote

May 2016 update rollup for Windows Server 2012

 

Update for Windows 7 and Windows Server 2008 R2 (KB3156417)

 

Quote

May 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

 

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3156418)

 

Quote

May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

 

Update for Windows 10 (KB3159635)

 

Quote

Windows 10 Update Assistant: To help keep all Windows 10 systems secure and provide the latest features and improvements, the Windows 10 Update Assistant downloads and starts the setup for Windows 10 version 1511.

 

Update for Windows 10 (KB3147062)

 

Quote

Signing verification failure breaks audio functionality in Windows 10 Version 1511

 

Update for Windows 8.1, Windows 8, and Windows 7 (KB3150513)

 

Quote

May 2016 Compatibility Update for Windows

 

Update for Windows 10 (KB3152599)

 

Quote

Preinstalled system applications and Start menu may not work when you upgrade to Windows 10 Version 1511

 

How to download and install the June 2016 security updates

 

 

The security updates that Microsoft published on the June 2016 Patch Day are already available via Windows Update.

 

While the updates will get picked up eventually, it is possible to run a manual check for updates to speed up the process.

1. Tap on the Windows-key, type Windows Update, and hit the Enter-key afterwards.
2. Click on the check for updates button to run a manual check for new updates for the operating system.

Windows will check for updates and either download and install them automatically, only download them, or prompt you for actions.

 

Please note that it is recommended to research Windows updates before you install them to avoid issues after installing them.

 

Some updates are made available via Microsoft's Download Center, while all security updates via Microsoft's Update Catalog.

 

All security updates are also made available via security ISO images that Microsoft releases on a monthly basis.

 

Additional resources

• Microsoft Security Bulletin Summary for June 2016
• List of software updates for Microsoft products
• List of security advisories of 2016
• Our in-depth update guide for Windows
• Windows 10 Update History

 

Source

 

Update from Other Sources:

MS16-072 - KB3159398 - Group Policy Update

The update causing trouble with Windows Group Policy settings; changes were made in Group Policy object (GPO) settings that left previously hidden drives and devices accessible.. - Read more here, here or here.