14 Security Bulletins were released – 6 Critical, 8 Important, and 0 Moderate

This Month In Brief

Microsoft released 13 security bulletins on Patch Tuesday then added an out-of-band patch (MS16-036) on Thursday afternoon. This blog covers all 14 bulletins.

We have not uncovered any widespread problems with any of these patches and are releasing all of them….but read “WARNING: MS16-023/KB3139929” below.

MS16-023, MS16-024, MS16-026, MS16-027, MS16-028 and MS16-036 are rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.

Windows 10 cumulative updates are KB3140745 and KB3140768
Cumulative Update for Windows 10
https://support.microsoft.com/en-us/kb/3140745
Cumulative Update for Windows 10 Version 1511
https://support.microsoft.com/en-us/kb/3140768

WARNING: MS16-023/KB3139929 Another Microsoft attempt to push out Windows 10 Upgrades
Microsoft has brought the pesky Windows 10 upgrade annoyance to a new level this month. They wrapped this one into a critical security update. KB3146449 cannot be blocked or uninstalled separately. It is part of KB3139929. Your best defense is to follow the advice given below for “Blocking Windows 10 Upgrades”.
“This update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.” (https://support.microsoft.com/en-us/kb/3146449)

Blocking Windows 10 Upgrades
KBs to block- KB3035583 and KB3123862
Registry changes- 2 changes explained here: https://support.microsoft.com/en-us/kb/3080351 ClubMSP has agent procedures available that will make the registry changes.

K2 and VA4 partners
KB3035583 and KB3123862 have been denied globally
Execute the registry update agent procedures found here: Shared> _VA Scripts> Microsoft> Windows> Win10 no upgrade>”Disable Win10 Upgrade Notifications” and “Disable Win10 Upgrade RegKey”

SaaS Partners
Use Patch Management> Patch Policy> KB Override to deny KB3035583 and KB3123862 globally
Import and execute the registry update agent procedures (“Disable Win10 Upgrade Notifications” and “Disable Win10 Upgrade RegKey”). They are available here: https://clubmsp.com/msp/script/windows-10-no-upgrade/

Exploitability

• Publically disclosed: None
• Being exploited: None
• Rated CRITICAL: MS16-023, MS16-024, MS16-026, MS16-027, MS16-028, MS16-036
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS16-023 Cumulative Security Update for Internet Explorer (3142015)	(Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details Affected Software: Internet Explorer 9-11 Known Issues per MS:
	MS16-024 Cumulative Security Update for Microsoft Edge (3142019)	(Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Details Affected Software: Edge Known Issues per MS:
	MS16-026 Security Update for Graphic Fonts to Address Remote Code Execution (3143148)	(Microsoft Windows) The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts. Details Affected Software: Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-027 Security Update for Windows Media to Address Remote Code Execution (3143146)	(Microsoft Windows) The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website. Details Affected Software: Windows 7/8.1/10, Server 2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-028 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)	(Microsoft Windows) The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. Details Affected Software: Windows 8.1/10, Server 2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-036 Security Update for Adobe Flash Player (3144756)	(Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. Details Affected Software: Windows 8.1/10, Server 2012/2012R2, Windows RT 8.1 Known Issues per MS:

IMPORTANT

	MS16-025 Security Update for Windows Library Loading to Address Remote Code Execution (3140709)	(Microsoft Windows) The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. Details Affected Software: Vista, Server 2008 Known Issues per MS:
	MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806)	(Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Details Affected Software: SharePoint Designer 2010/2013, Office 2007/2010/2013/2016, Office 2011/2016 for MAC, Office Web Apps 2010/2013 Known Issues per MS:
	MS16-030 Security Update for Windows OLE to Address Remote Code Execution (3143136)	(Microsoft Windows) The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker is able to log on to a target system and run a specially crafted application. Details Affected Software: Vista, Windows 7, Server 2008/2008R2 Known Issues per MS:
	MS16-032 Security Update for Secondary Logon to Address Elevation of Privilege (3143141)	(Microsoft Windows) The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-033 Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-034 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145)	(Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-035 Security Update for .NET Framework to Address Security Feature Bypass (3141780)	(Microsoft .NET Framework) The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS: https://support.microsoft.com/en-us/kb/3148821

MODERATE