Virtual Administrator’s April 2016 Patch Recommendations
13 Security Bulletins were released – 6 Critical, 7 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
The top priority this month is MS16-039 for Microsoft Graphics Component and MS16-050 for Flash. MS16-039 is actively being exploited and unfortunately has a known issue (see below). Next in line would be MS16-042 addressing four flaws in Microsoft Office. After your next patch cycle completes you should follow up and make sure all of these are installed.
No out-of-band security updates were released during the last month.
Windows 10 cumulative updates are KB3147458 and KB3147461
Cumulative Update for Windows 10
https://support.microsoft.com/en-us/kb/3147461
Cumulative Update for Windows 10 Version 1511
https://support.microsoft.com/en-us/kb/3147458
Heads Up! MS16-039 “The Windows installer service could not be accessed.”
KB3114566 the patch specific to Office 2010
After you install this security update, you may receive an error message that resembles the following when you try to start an Office application:
“The Windows installer service could not be accessed.”
To resolve this problem, do one of the following:
-Option 1 On systems that have update 3139923 installed, make sure that update 3072630 is also installed.
-Option 2 Uninstall update 3139923.
This is identical to an issue reported with non-security update KB3114996
3114996 – Fixes race condition with Exchange Server
April 5, 2016, update for Outlook 2010 (KB3114996)
https://support.microsoft.com/en-us/kb/3114996
Notable news: Upcoming change to the release schedule for non-security updates
“Starting in April, the non-security updates will be released in Microsoft Update and the Windows Server Update Service (WSUS) on the first Tuesday of the month, which is April 5 in this case. This will include all updates that have the Critical or Definition classification. Updates with the Security classification will continue to release on second Tuesday as usual.
This change applies only to the MSI version of Office. Office Click-To-Run (C2R) will release on second Tuesday.”
Virtual Administrator’s policy is to release all patches on the first Friday following Patch Tuesday.
Exploitability
- Publically disclosed: None
- Being exploited: MS16-039
- Rated CRITICAL: MS16-037, MS16-038, MS16-039, MS16-040, MS16-042, MS16-050
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
Requires Restart
- Servers:True
- Workstations:True
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
 |
MS16-037 Cumulative Security Update for Internet Explorer (3148531) | (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS16-038 Cumulative Security Update for Microsoft Edge (3148532) | (Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. |
|
MS16-039 Security Update for Microsoft Graphics Component (3148522) | (Microsoft .NET Framework, Office, Skype, Lync) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. |
|
MS16-040 Security Update for Microsoft XML Core Services (3148541) | (Microsoft Windows) The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. |
|
MS16-042 Security Update for Microsoft Office (3148775) | (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. |
|
MS16-050 Security Update for Adobe Flash Player (3154132) | (Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. |
IMPORTANT
 |
MS16-041 Security Update for .NET Framework (3148789) | (.NET Framework) The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. |
|
MS16-044 Security Update for Windows OLE (3146706) | (Microsoft Windows) The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. |
|
MS16-045 Security Update for Windows Hyper-V (3143118) | (Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. |
|
MS16-046 Security Update for Secondary Logon (3148538) | (Microsoft Windows) An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. |
|
MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527) | (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. |
|
MS16-048 Security Update for CSRSS (3148528) | (Microsoft Windows) The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application. |
|
MS16-049 Security Update for HTTP.sys (3148795) | (Microsoft Windows) The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system. |
