Virtual Administrator’s November 2016 Windows Patch Recommendations
14 Security Bulletins were released – 6 Critical, 8 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
6 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. Outside of Vista and Server 2008 the Monthly Rollup and Cumulative Windows 10 packages will cover all with the exception of Adobe Flash update/MS16-141. MS16-135 patches the zero-day flaw disclosed by Google on October 31.
The new servicing model with rollups instead of individual patches makes is pointless to try and rank the importance of most security bulletins. It’s all or nothing now for most products. This blog now includes a “Monthly Rollup/Security Only/Windows 10 KBs” sections which list the KBs for the these. In the “Details and Links” section the “KB in Kaseya” will note if the security bulletin is included in the rollup. For example MS019-130 has “Monthly Rollup/Security Only/Win10,KB3193418”. This means it is included in the rollup and KB3193418 is the individual patch for Vista and Server 2008 (not covered by the new model). If you want to verify that a MS019-130 was installed you would look for the KB number associated with the Monthly Rollup/Security Only/Win10. Note: It looks like Server 2016 uses the same KB as Windows 10 Version 1607.
Out-of-band security updates released during the last month.
Microsoft Security Bulletin MS16-128 – Critical
Security Update for Adobe Flash Player (3201860)
IMPORTANT: Windows 7 patch scan slowness
We’ve mentioned this issue in past posts. We now have 2 agent procedures that should resolve this.
See: “Slow/Inaccurate Kaseya Patch Scans with Windows 7 SP1”
Notable News: Windows 7 Pro and Windows 8.1 end of sales was October 31, 2016
Windows lifecycle fact sheet
- Publically disclosed: None
- Being exploited: MS16-132, MS16-135
- Rated CRITICAL: MS16-129, MS16-130, MS16-131, MS16-132, MS16-141, MS16-142
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
New Security Bulletins
Monthly Rollup/Security Only/Windows 10 KBs
- November 2016 Security Monthly Quality Rollup
- KB3197868 – Windows 7, Windows Server 2008 R2
- KB3197874 – Windows 8.1, Windows Server 2012 R2
- KB3197877 – Windows Server 2012
November 2016 Security Only Quality Update
- KB3197867 – Windows 7, Windows Server 2008 R2
- KB3197873 – Windows 8.1, Windows Server 2012 R2
- KB3197876 – Windows Server 2012
November 2016 Security and Quality Rollup for .NET Framework
- November 2016 Security Only Update for .NET Framework
- The KB numbers for .Net are different for each version and in some cases each OS installed.
Cumulative update for Windows 10
- KB3198585 – Original release
- KB3198586 – Version 1511
- KB3200970 – Version 1607 (Anniversary Update)
- Note: Server 2016 uses the same KB as Windows 10 Version 1607
|MS16-129 Cumulative Security Update for Microsoft Edge (3199057)||(Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
|MS16-130 Security Update for Microsoft Windows (3199172)||(Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.
|MS16-131 Security Update for Microsoft Video Control (3199151)||(Microsoft Windows) The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory.
|MS16-132 Security Update for Microsoft Graphics Component (3199120)||(Microsoft Windows) The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage.
|MS16-141 Security Update for Adobe Flash Player (3202790)||(Adobe Flash Player) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows.
|MS16-142 Cumulative Security Update for Internet Explorer (3198467)||(Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS16-133 Security Update for Microsoft Office (3199168)||(Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
|MS16-134 Security Update for Common Log File System Driver (3193706)||(Microsoft Windows) The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.
|MS16-135 Security Update for Windows Kernel-Mode Drivers (3199135)||(Microsoft Windows) The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
|MS16-136 Security Update for SQL Server (3199641)||(Microsoft SQL Server) The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts.
|MS16-137 Security Update for Windows Authentication Methods (3199173)||(Microsoft Windows) The more severe of the vulnerabilities could allow elevation of privilege.
|MS16-138 Security Update to Microsoft Virtual Hard Disk Driver (3199647)||(Microsoft Windows) The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.
|MS16-139 Security Update for Windows Kernel (3199720)||(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information.
|MS16-140 Security Update for Boot Manager (3193479)||(Microsoft Windows) The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.