Virtual Administrator’s July 2016 Patch Recommendations

11 Security Bulletins were released – 6 Critical, 5 Important, and 0 Moderate

This Month In Brief

11 Security Bulletins were released – 6 Critical, 5 Important

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

Critical patches MS16-084, MS16-085 and MS16-088 are your top priority this month. After your next patch cycle completes you should follow up and make sure these are installed. Lots of hype about MS16-087 as well as a warning – see below.

No out-of-band security updates were released during the last month.

MS16-087/KB3170455 There are two things you need to know about MS16-087. First, it’s not that bad. Second, there are some issues.

There have been a number of “the sky is falling” headlines about MS16-087 this week. It is novel as it is a remote code execution in the print spooler but it’s really no worse than most of the other critical threats out there. So make sure you apply MS16-087 as you would any other Security Bulletin rated Critical but don’t lose sleep over it.

With that said some have seen issues with GPO deployed printers using older drivers. See: http://marc.info/?l=patchmanagement&m=146853571904822&w=2

Heads Up! The delayed release of KB3159398 and KB3161561 is planned for Friday July 29. We will update the June 2016 Patch Recommendations post (https://clubmsp.com/msp/patch_updates/virtual-administrators-june-2016-patch-recommendations/) with more information prior to the release.

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS16-084 Cumulative Security Update for Internet Explorer (3169991) (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Internet Explorer 9-11
Known Issues per MS:
MS16-085 Cumulative Security Update for Microsoft Edge (3169999) (Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Details
Affected Software: Edge
Known Issues per MS:
MS16-086 Cumulative Security Update for JScript and VBScript (3169996) (Microsoft Windows) The vulnerability could allow remote code execution if a user visits a specially crafted website.
Details
Affected Software: Vista, Server 2008
Known Issues per MS:
MS16-087 Security Update for Windows Print Spooler Components (3170005) (Microsoft Windows) The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS16-088 Security Update for Microsoft Office (3170008) (Microsoft Office/Services and Web Apps) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
Affected Software: Office 2007/2010/2013/2016, Office 2011/2016 for MAC, Office Web Apps 2010/2013, SharePoint Server 2010/2013/2016
Known Issues per MS:
MS16-093 Security Update for Adobe Flash Player (3174060) (Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows.
Details
Affected Software: Windows 8.1/10, Server 2012/2012R2
Known Issues per MS:

IMPORTANT

MS16-089 Security Update for Windows Secure Kernel Mode (3170050) (Microsoft Windows) The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Details
Affected Software: Windows 10
Known Issues per MS:
MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481) (Microsoft Windows) The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1
Known Issues per MS:
MS16-091 Security Update for .NET Framework (3170048) (Microsoft .NET Framework) The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.
Details
Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1
Known Issues per MS:
MS16-092 Security Update for Windows Kernel (3171910) (Microsoft Windows) The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.
Details
Affected Software: Windows 8.1/10, Server 2012/2012R2
Known Issues per MS:
MS16-094 Security Update for Secure Boot (3177404) (Microsoft Windows) The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device.
Details
Affected Software: Windows 8.1/10, Server 2012/2012R2
Known Issues per MS:

MODERATE