16 Security Bulletins were released – 8 Critical, 8 Important, and 0 Moderate

This Month In Brief

16 Security Bulletins were released – 8 Critical, 8 Important

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

Denied non-security updates – KB3147071 and KB3133977

Of the 8 patches rated Critical MS16-051 and MS16-053 should be your top priority followed by MS16-064. After your next patch cycle completes you should follow up and make sure these are installed.

No out-of-band security updates were released during the last month.

Heads Up! Slow scan issues have resurfaced. Installing KB3153199 (MS16-062) may help.
“Windows 7 update scans taking forever? KB 3153199 may solve the problem”
http://www.infoworld.com/article/3069693/microsoft-windows/windows-7-update-scans-taking-forever-kb-3153199-may-solve-the-problem.html

Denied non-security updates – KB3147071 and KB3133977. These were both originally released by Microsoft on April 12. Because the problems associated with them did not surface until weeks after the release they have likely already been installed.

Denied KB3133977 Update Classification: Update (Optional – Software)
On May 3 Microsoft updated Known Issues for this update warning “After you install update 3133977 on a Windows 7 x64-based system that includes an ASUS-based main board, the system does not start, and it generates a Secure Boot error on the ASUS BIOS screen.” ASUS has posted a workaround here: http://www.asus.com/support/FAQ/1016356/

Denied KB3147071 Update Classification: Update (Optional – Software)
On April 29 StorageCraft emailed a notification to its partner warning “We wanted to notify you of an issue that the following recent Microsoft security updates are causing with third-party software including StorageCraft: KB3126587 & KB3147071 (combined); or KB3146723” Article “Restored System Fails to Boot” details the problem and resolution here: https://www.storagecraft.com/support/kb/article/355
Three patches are mentioned – KB3126587 and KB3147071 (combined); or KB3146723. Because KB3126587 (MS16-014) and KB3146723 (MS16-048) are classified as “Security Update – Important (High Priority)” and StorageCraft has a workaround, we have not denied them. Therefore KB3146723 could still be installed and cause problems. Microsoft release KB3146723 on April 12.

Exploitability

• Publically disclosed: None
• Being exploited: MS16-051, MS16-053
• Rated CRITICAL: MS16-051, MS16-052, MS16-053, MS16-054, MS16-055, MS16-056, MS16-057, MS16-064
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS16-051 Cumulative Security Update for Internet Explorer (3155533)	(Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details Affected Software: Internet Explorer 9-11 Known Issues per MS:
	MS16-052 Cumulative Security Update for Microsoft Edge (3155538)	(Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Details Affected Software: Edge Known Issues per MS:
	MS16-053 Cumulative Security Update for JScript and VBScript (3156764)	(Microsoft Windows) The vulnerabilities could allow remote code execution if a user visits a specially crafted website. Details Affected Software: Vista, Server 2008 Known Issues per MS:
	MS16-054 Security Update for Microsoft Office (3155544)	(Microsoft Office) The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Details Affected Software: Office 2007/2010/2013/2016, Office 2011/2016 for MAC, Office 2010 Web Apps, SharePoint Designer 2010 Known Issues per MS:
	MS16-055 Security Update for Microsoft Graphics Component (3156754)	(Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-056 Security Update for Windows Journal (3156761)	(Microsoft Windows) The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Details Affected Software: Vista, Windows 7/8.1/10 Known Issues per MS:
	MS16-057 Security Update for Windows Shell (3156987)	(Microsoft Windows) The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content. Details Affected Software: Windows 8.1/10, Server 2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-064 Security Update for Adobe Flash Player (3157993)	(Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows. Details Affected Software: Server 2012/2012R2 Known Issues per MS:

IMPORTANT

	MS16-058 Security Update for Windows IIS (3141083)	(Microsoft Windows) The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. Details Affected Software: Vista, Server 2008 Known Issues per MS:
	MS16-059 Security Update for Windows Media Center (3150220)	(Microsoft Windows) The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. Details Affected Software: Vista, Windows 7/8.1 Known Issues per MS:
	MS16-060 Security Update for Windows Kernel (3154846)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008R2/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-061 Security Update for Microsoft RPC (3155520)	(Microsoft Windows) The vulnerability could allow remote code execution if an authenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-062 Security Update for Windows Kernel-Mode Drivers (3158222)	(Microsoft Windows) The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-065 Security Update for .NET Framework (3156757)	(Microsoft .NET Framework) The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server. Details Affected Software: Vista, Windows 7/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT 8.1 Known Issues per MS:
	MS16-066 Security Update for Virtual Secure Mode (3155451)	(Microsoft Windows) The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows. Details Affected Software: Windows 10 Known Issues per MS:
	MS16-067 Security Update for Volume Manager Driver (3155784)	(Microsoft Windows) The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user. Details Affected Software: Windows 8.1, Server 2012/2012R2 Known Issues per MS: