Virtual Administrator’s December 2016 Patch Recommendation

12 Security Bulletins were released – 6 Critical, 6 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

6 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. Outside of Vista and Server 2008 the Monthly Rollup and Cumulative Windows 10 packages will cover all with the exception of Adobe Flash update/MS16-154. MS16-154 is being actively exploited.

No out-of-band security updates were released during the last month.

Head Up! The cumulative update for Windows 10 version 1607 and Server 2016 (KB3206632) is very slow to install and end points will not function properly until the machine is rebooted. If you have agents set to the patch nag reboot option beware of end user complaints that will be remedied with a reboot.

IMPORTANT: Windows 7 patch scan slowness
We’ve mentioned this issue in past posts. We now have 2 agent procedures that should resolve this.
See: “Slow/Inaccurate Kaseya Patch Scans with Windows 7 SP1”
https://virtualadministrator.com/blog/slowinaccurate-kaseya-patch-scans-with-windows-7-sp1/

“Preview of Monthly Quality Rollup” explained
Previews are released the third Tuesday of the month. The “November, 2016 Preview of Monthly Quality Rollup” are the non-security patches Microsoft will release with December’s Patch Tuesday. They are classified as “Optional Software”. We do not discuss them in the blog (as they are not yet available) but will of course cover any issues they present in our blog when they are officially released the following month. We do not approve the “Previews”. The decision to approve or deny will be made after the official release at which time the Previews will be superseded by the “Security Monthly Quality Rollup” – as it included the non-security patches

Microsoft is doing this to give programmers and system administrators a “sneak peek” at next month’s non-security patches. It’s a good idea for companies that run critical proprietary software to use the Previews to see what might happen and give them time to prepare for the official release. Outside of that I see no reason to use them. Technically I’m not sure Microsoft guarantees a given Preview KB will be exactly the same as the KB they release the following month.

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS16-144 Cumulative Security Update for Internet Explorer (3204059) (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Internet Explorer 9-11
Known Issues per MS:
MS16-145 Cumulative Security Update for Microsoft Edge (3204062) (Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Details
Affected Software: Edge
Known Issues per MS:
MS16-146 Security Update for Microsoft Graphics Component (3204066) (Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1
Known Issues per MS:
MS16-147 Security Update for Microsoft Uniscribe (3204063) (Microsoft Windows) The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1
Known Issues per MS:
MS16-148 Security Update for Microsoft Office (3204068) (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
Affected Software: Office 2007/2010/2013/2016,Office 2011/2016 for MAC,SharePoint Server 2007/2010,Office 2010 Web Apps
Known Issues per MS:
MS16-154 Security Update for Adobe Flash Player (3209498) (Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Details
Affected Software: Windows 8.1/10, Server 2012/2012R2/2016, Windows RT 8.1
Known Issues per MS:

IMPORTANT

MS16-149 Security Update for Microsoft Windows (3205655) (Microsoft Windows) The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1
Known Issues per MS:
MS16-150 Security Update for Secure Kernel Mode (3205642) (Microsoft Windows) The vulnerability could allow denial of service if an attacker sends a large number of specially crafted IPv6 packets to an affected system.
Details
Affected Software: Windows 10,Server 2016
Known Issues per MS:
MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651) (Microsoft Windows) The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1
Known Issues per MS:
MS16-152 Security Update for Windows Kernel (3199709) (Microsoft Windows) The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Windows 10,Server 2016
Known Issues per MS:
MS16-153 Security Update for Common Log File System Driver (3207328) (Microsoft Windows) The vulnerability could allow denial of service if an attacker sends a large number of specially crafted IPv6 packets to an affected system.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2/2016, Windows RT 8.1
Known Issues per MS:
MS16-155 Security Update for .NET Framework (3205640) (Microsoft .NET Framework) The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content.
Details
Affected Software: .NET Framework 2.0/3.5/3.5.1/4.5.2/4.6/4.6.1/4.6.2
Known Issues per MS:

Monthly Rollup

 

December 2016 Security Monthly Quality Rollup

  • KB3207752 – Windows 7, Windows Server 2008 R2
  • KB3205401 – Windows 8.1, Windows Server 2012 R2
  • KB3205409 – Windows Server 2012

 

December 2016 Security Only Quality Update

  • KB3205394 – Windows 7, Windows Server 2008 R2
  • KB3205400 – Windows 8.1, Windows Server 2012 R2
  • KB3205408 – Windows Server 2012

 

December 2016 Security and Quality Rollup for .NET Framework

December 2016 Security Only Update for .NET Framework

The KB numbers for .Net are different for each version and in some cases each OS installed.

 

Cumulative update for Windows 10 and Server 2016

  • KB3205383 – Original release
  • KB3205386 – Version 1511
  • KB3206632 – Version 1607 (Anniversary Update)
  • KB3206632 – Server 2016

Note:Server 2016 uses the same KB as Windows 10 Version 1607