14 Security Bulletins were released – 6 Critical, 8 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

6 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. Outside of Vista and Server 2008 the Monthly Rollup and Cumulative Windows 10 packages will cover all with the exception of Adobe Flash update/MS16-141. MS16-135 patches the zero-day flaw disclosed by Google on October 31.

The new servicing model with rollups instead of individual patches makes is pointless to try and rank the importance of most security bulletins. It’s all or nothing now for most products. This blog now includes a “Monthly Rollup/Security Only/Windows 10 KBs” sections which list the KBs for the these. In the “Details and Links” section the “KB in Kaseya” will note if the security bulletin is included in the rollup. For example MS019-130 has “Monthly Rollup/Security Only/Win10,KB3193418”. This means it is included in the rollup and KB3193418 is the individual patch for Vista and Server 2008 (not covered by the new model). If you want to verify that a MS019-130 was installed you would look for the KB number associated with the Monthly Rollup/Security Only/Win10. Note: It looks like Server 2016 uses the same KB as Windows 10 Version 1607.

Out-of-band security updates released during the last month.
Microsoft Security Bulletin MS16-128 – Critical
Security Update for Adobe Flash Player (3201860)
https://technet.microsoft.com/en-us/library/security/ms16-128

IMPORTANT: Windows 7 patch scan slowness
We’ve mentioned this issue in past posts. We now have 2 agent procedures that should resolve this.
See: “Slow/Inaccurate Kaseya Patch Scans with Windows 7 SP1”
https://virtualadministrator.com/blog/slowinaccurate-kaseya-patch-scans-with-windows-7-sp1/

Notable News: Windows 7 Pro and Windows 8.1 end of sales was October 31, 2016
Windows lifecycle fact sheet
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

Exploitability

• Publically disclosed: None
• Being exploited: MS16-132, MS16-135
• Rated CRITICAL: MS16-129, MS16-130, MS16-131, MS16-132, MS16-141, MS16-142
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

Monthly Rollup/Security Only/Windows 10 KBs

• November 2016 Security Monthly Quality Rollup
• KB3197868 – Windows 7, Windows Server 2008 R2
• KB3197874 – Windows 8.1, Windows Server 2012 R2
• KB3197877 – Windows Server 2012

November 2016 Security Only Quality Update

• KB3197867 – Windows 7, Windows Server 2008 R2
• KB3197873 – Windows 8.1, Windows Server 2012 R2
• KB3197876 – Windows Server 2012

November 2016 Security and Quality Rollup for .NET Framework

• November 2016 Security Only Update for .NET Framework
• The KB numbers for .Net are different for each version and in some cases each OS installed.

Cumulative update for Windows 10

• KB3198585 – Original release
• KB3198586 – Version 1511
• KB3200970 – Version 1607 (Anniversary Update)
• Note: Server 2016 uses the same KB as Windows 10 Version 1607

CRITICAL

	MS16-129 Cumulative Security Update for Microsoft Edge (3199057)	(Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Details Affected Software: Edge Known Issues per MS:
	MS16-130 Security Update for Microsoft Windows (3199172)	(Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-131 Security Update for Microsoft Video Control (3199151)	(Microsoft Windows) The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. Details Affected Software: Vista, Windows 7/8.1/10 Known Issues per MS:
	MS16-132 Security Update for Microsoft Graphics Component (3199120)	(Microsoft Windows) The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-141 Security Update for Adobe Flash Player (3202790)	(Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows. Details Affected Software: Windows 8.1/10, Server 2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-142 Cumulative Security Update for Internet Explorer (3198467)	(Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details Affected Software: Internet Explorer 9-11 Known Issues per MS:

IMPORTANT

	MS16-133 Security Update for Microsoft Office (3199168)	(Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Details Affected Software: Office 2007/2010/2013/2016, Office 2011/2016 for MAC, Office Web Apps 2010/2013, SharePoint Server 2010/2013 Known Issues per MS:
	MS16-134 Security Update for Common Log File System Driver (3193706)	(Microsoft Windows) The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-135 Security Update for Windows Kernel-Mode Drivers (3199135)	(Microsoft Windows) The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-136 Security Update for SQL Server (3199641)	(Microsoft SQL Server) The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. Details Affected Software: SQL Server 2012/2014/2016 Known Issues per MS:
	MS16-137 Security Update for Windows Authentication Methods (3199173)	(Microsoft Windows) The more severe of the vulnerabilities could allow elevation of privilege. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-138 Security Update to Microsoft Virtual Hard Disk Driver (3199647)	(Microsoft Windows) The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability. Details Affected Software: Windows 8.1/10, Server 2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:
	MS16-139 Security Update for Windows Kernel (3199720)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. Details Affected Software: Vista, Windows 7, Server 2008/2008R2 Known Issues per MS:
	MS16-140 Security Update for Boot Manager (3193479)	(Microsoft Windows) The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy. Details Affected Software: Windows 8.1/10, Server 2012/2012R2/2016, Windows RT 8.1 Known Issues per MS:

MODERATE