November 2016 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2016-Nov 2016-Nov Final 1.0 2 2024-06-30T07:00:00 November 2016 Security Updates 2016-11-08T08:00:00Z 2024-06-30T07:00:00 <p>The November security release consists of security updates for the following software:</p> <ul> <li>Internet Explorer</li> <li>Microsoft Edge</li> <li>Microsoft Windows</li> <li>Microsoft Office and Microsoft Office Services and Web Apps</li> <li>SQL Server</li> <li>Adobe Flash Player</li> </ul> <p>Please note the following information regarding the security updates:</p> <ul> <li>Beginning with the October 2016 release, Microsoft is changing the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. For more information, please see this Microsoft Technet article, <a href="https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/">Further simplifying servicing models forWindows 7 and Windows 8.1.</a></li> <li>Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the <a href="http://catalog.update.microsoft.com/v7/site/Home.aspx">Microsoft Update Catalog</a>.</li> <li>Vulnerabilities addressed in the November 2016 security release might also affect Windows Server 2016 Technical Preview 5. To be protected from these vulnerabilities, Microsoft recommends that customers running this operating system apply the current update, which is available from Windows Update.</li> <li>Updates for Windows RT 8.1 and Microsoft Office RT software are only available via <a href="http://go.microsoft.com/fwlink/?LinkId=21130">Windows Update</a>.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> </ul> <p><strong>Known Issues</strong></p> <ul> <li>Windows, IE: <a href="https://support.microsoft.com/kb/3197867">3197867</a></li> <li>Windows, IE: <a href="https://support.microsoft.com/kb/3197868">3197868</a></li> <li>Windows, IE: <a href="https://support.microsoft.com/kb/3197873">3197873</a></li> <li>Windows, IE: <a href="https://support.microsoft.com/kb/3197874">3197874</a></li> <li>Windows, IE: <a href="https://support.microsoft.com/kb/3197876">3197876</a></li> <li>Windows, IE: <a href="https://support.microsoft.com/kb/3197877">3197877</a></li> <li>Edge: <a href="https://support.microsoft.com/kb/3200970">3200970</a></li> </ul> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Microsoft Windows Hyperlink Object Library on Windows Vista Service Pack 2 Microsoft Windows Hyperlink Object Library on Windows Vista x64 Edition Service Pack 2 Microsoft Windows Hyperlink Object Library on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Hyperlink Object Library on Windows Server 2008 for x64-based Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2 Internet Explorer 9 on Windows Vista Service Pack 2 Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 10 on Windows Server 2012 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows Server 2012 R2 Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2016 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems Internet Explorer 11 on Windows Server 2016 Microsoft Excel 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2016 for Mac Microsoft Excel for Mac 2011 Microsoft Office Compatibility Pack Service Pack 3 Microsoft Excel Viewer 2007 Service Pack 3 Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) Microsoft PowerPoint Viewer Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word for Mac 2011 Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office Word Viewer Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1 Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 for Mac Microsoft Office Web Apps Server 2013 Service Pack 1 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2 Microsoft Office 2007 Service Pack 3 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft SQL Server 2016 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems (CU) Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (CU) Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (CU) Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (CU) Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (CU) Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 (GDR) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 (CU) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (GDR) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (CU) Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 (GDR) Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 (CU) Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (CU) Adobe Flash Player on Windows 8.1 for 32-bit systems Adobe Flash Player on Windows 8.1 for x64-based systems Adobe Flash Player on Windows Server 2012 Adobe Flash Player on Windows Server 2012 R2 Adobe Flash Player on Windows RT 8.1 Adobe Flash Player on Windows 10 for 32-bit Systems Adobe Flash Player on Windows 10 for x64-based Systems Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems Adobe Flash Player on Windows Server 2016 Microsoft Word for Mac 2011 Microsoft Excel for Mac 2011 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Office 2007 Service Pack 3 Microsoft Excel 2007 Service Pack 3 Microsoft Word 2007 Service Pack 3 Microsoft Excel Viewer 2007 Service Pack 3 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Internet Explorer 9 on Windows Vista Service Pack 2 Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2 Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 (Server Core installation) Adobe Flash Player on Windows Server 2012 Adobe Flash Player on Windows 8.1 for 32-bit systems Adobe Flash Player on Windows 8.1 for x64-based systems Adobe Flash Player on Windows Server 2012 R2 Adobe Flash Player on Windows RT 8.1 Adobe Flash Player on Windows 10 for 32-bit Systems Adobe Flash Player on Windows 10 for x64-based Systems Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems Adobe Flash Player on Windows Server 2016 Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 R2 Windows RT 8.1 Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 11 on Windows 8.1 for 32-bit systems Internet Explorer 11 on Windows 8.1 for x64-based systems Internet Explorer 11 on Windows Server 2012 R2 Internet Explorer 11 on Windows RT 8.1 Internet Explorer 11 on Windows 10 for 32-bit Systems Internet Explorer 11 on Windows 10 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems Internet Explorer 11 on Windows Server 2016 Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office Web Apps 2010 Service Pack 2 Windows Server 2012 R2 (Server Core installation) Internet Explorer 10 on Windows Server 2012 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Word 2016 for Mac Microsoft Excel 2016 for Mac Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 (GDR) Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 (GDR) Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows Server 2016 Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 (CU) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (GDR) Microsoft SQL Server 2012 for 32-bit Systems Service Pack 3 (CU) Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 (CU) Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2012 for x64-based Systems Service Pack 3 (CU) Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 1 for 32-bit Systems (CU) Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (GDR) Microsoft SQL Server 2014 Service Pack 1 for x64-based Systems (CU) Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (GDR) Microsoft SQL Server 2014 Service Pack 2 for 32-bit Systems (CU) Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (CU) Microsoft SQL Server 2014 Service Pack 2 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems (CU) Microsoft Windows Hyperlink Object Library on Windows Vista Service Pack 2 Microsoft Windows Hyperlink Object Library on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Hyperlink Object Library on Windows Vista x64 Edition Service Pack 2 Microsoft Windows Hyperlink Object Library on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Office Word Viewer cm1 p7zip 16.02-22 on CBL Mariner 1.0 cbl2 p7zip 16.02-22 on CBL Mariner 2.0 azl3 p7zip 16.02-23 on Azure Linux 3.0 azl3 p7zip 16.02-23 on Azure Linux 3.0 Microsoft PowerPoint Viewer Windows Vista Service Pack 2 Microsoft Office Compatibility Pack Service Pack 3 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2 Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1 A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp as used in the 7z.so library and in 7z applications will cause a crash and a denial of service when decoding malformed 7z files. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2016-9296 NULL Pointer Dereference 16884-17084 16882-16820 16883-16823 16884-16817 16884-17084 16882-16820 16883-16823 16884-16817 Important 16884-17084 Important 16882-16820 Important 16883-16823 Important 16884-16817 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16884-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16882-16820 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16883-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 16884-16817 CBL-Mariner Releases 16884-17084 16884-16817 No Security Update 16.02-23 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16884-17084 16884-16817 CBL-Mariner Releases CBL-Mariner Releases 16882-16820 16883-16823 No Security Update 16.02-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16882-16820 16883-16823 CBL-Mariner Releases 1.0 2021-12-16T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3332 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10729 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10735 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10789 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10788 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10047 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10048 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10481 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10482 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10484 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 9312 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10287 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 9311 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 9318 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 9344 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10050 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10051 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10049 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10378 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10379 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10483 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10855 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10543 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 4393 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 9316 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10852 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10853 7.8 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3333 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10050 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3334 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update <a href="https://twitter.com/long123king">Daniel King</a>, KeenLab, Tencent Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3335 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3338 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3340 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3342 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-3343 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10855 10543 4393 9316 10852 10853 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10855 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10855 Important 10543 Important 4393 Important 9316 Important 10852 Important 10853 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 7.8 6.7 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-0026 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 4393 9316 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 4393 Important 9316 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10047 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10048 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10481 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10482 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10484 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9312 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10287 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9311 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9318 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9344 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10050 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10051 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10049 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 4393 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9316 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-104, 3185319; MS16-111, 3175024; MS16-116, 3184122 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-074, 3164033; MS16-094, 3172727; MS16-101, 3177108 10481 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-074, 3164033; MS16-094, 3172727; MS16-101, 3177108 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-104, 3185319; MS16-111, 3175024; MS16-116, 3184122 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-104, 3185319; MS16-111, 3175024; MS16-116, 3184122 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-074, 3164033; MS16-094, 3172727; MS16-101, 3177108 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-074, 3164033; MS16-094, 3172727; MS16-101, 3177108 10543 Security Only 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update <a href="https://twitter.com/long123king">Daniel King</a>, KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p> Common Log File System Driver CVE-2016-7184 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 10855 4393 9316 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10855 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 10855 Important 4393 Important 9316 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10047 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10048 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10481 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10482 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10484 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9312 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10287 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9311 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9318 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9344 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10050 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10051 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10049 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 4393 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9316 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9312 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 10287 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9311 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9318 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 4393 Yes Security Update 3181707 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3181707 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update <a href="https://twitter.com/long123king">Daniel King</a>, KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Browser Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> <p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong> Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p> <p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong> Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p> <p>For more information about EMET, see the <a href="https://technet.microsoft.com/security/jj653751">Enhanced Mitigation Experience Toolkit</a>.</p> Microsoft Browsers CVE-2016-7195 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10047 10486-10048 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10336-9316 10336-4393 10336-9312 10336-9318 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10486-10816 Remote Code Execution 10555-10378 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10483 Remote Code Execution 10486-10484 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10051 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10789 Remote Code Execution 10486-10788 Remote Code Execution 10486-10852 Information Disclosure 10486-10853 Remote Code Execution 10336-9316 Remote Code Execution 10336-4393 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Remote Code Execution 10486-10816 Moderate 10555-10378 Critical 10486-10481 Critical 10486-10482 Moderate 10486-10483 Critical 10486-10484 Critical 10486-10047 Critical 10486-10048 Moderate 10486-10051 Critical 10486-10729 Critical 10486-10735 Critical 10486-10789 Critical 10486-10788 Critical 10486-10852 Critical 10486-10853 Critical 10336-9316 Critical 10336-4393 Moderate 10336-9312 Moderate 10336-9318 Critical 10724-10729 Critical 10724-10735 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Moderate 10486-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10555-10378 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10481 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10482 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10483 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10484 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10047 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10048 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10729 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10735 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10789 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10788 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10852 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10853 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9316 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-4393 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9312 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9318 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10555-10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10555-10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10486-10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10048 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10051 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9316 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-4393 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9312 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9318 Yes IE Cumulative 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update <a href="http://exp-sky.org/">Kai Song</a> of <a href="http://www.tencent.com/">Tencent’s Xuanwu LAB</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Browser Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> <p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong> Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p> <p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong> Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p> <p>For more information about EMET, see the <a href="https://technet.microsoft.com/security/jj653751">Enhanced Mitigation Experience Toolkit</a>.</p> Microsoft Browsers CVE-2016-7196 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10047 10486-10048 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10486-10816 Remote Code Execution 10555-10378 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10483 Remote Code Execution 10486-10484 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10051 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10789 Remote Code Execution 10486-10788 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Remote Code Execution 10486-10816 Moderate 10555-10378 Critical 10486-10481 Critical 10486-10482 Moderate 10486-10483 Critical 10486-10484 Critical 10486-10047 Critical 10486-10048 Moderate 10486-10051 Critical 10486-10729 Critical 10486-10735 Critical 10486-10789 Critical 10486-10788 Critical 10486-10852 Critical 10486-10853 Critical 10724-10729 Critical 10724-10735 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Moderate 10486-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10555-10378 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10481 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10482 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10483 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10484 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10047 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10048 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10051 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10729 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10735 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10789 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10788 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10852 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10853 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10555-10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10555-10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10486-10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10048 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10051 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update <a href="http://exp-sky.org/">Kai Song</a> of <a href="http://www.tencent.com/">Tencent’s Xuanwu LAB</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Browser Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> <p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong> Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p> <p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong> Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p> <p>For more information about EMET, see the <a href="https://technet.microsoft.com/security/jj653751">Enhanced Mitigation Experience Toolkit</a>.</p> Microsoft Browsers CVE-2016-7198 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10047 10486-10048 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10336-9316 10336-4393 10336-9312 10336-9318 10486-10816 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Remote Code Execution 10555-10378 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10483 Remote Code Execution 10486-10484 Remote Code Execution 10486-10047 Remote Code Execution 10486-10048 Remote Code Execution 10486-10051 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10789 Remote Code Execution 10486-10788 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10336-9316 Remote Code Execution 10336-4393 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-10816 Critical 10724-10729 Critical 10724-10735 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Moderate 10555-10378 Critical 10486-10481 Critical 10486-10482 Moderate 10486-10483 Critical 10486-10484 Critical 10486-10047 Critical 10486-10048 Moderate 10486-10051 Critical 10486-10729 Critical 10486-10735 Critical 10486-10789 Critical 10486-10788 Critical 10486-10852 Critical 10486-10853 Critical 10336-9316 Critical 10336-4393 Moderate 10336-9312 Moderate 10336-9318 Moderate 10486-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10555-10378 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10481 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10482 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10483 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10484 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10047 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10048 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10051 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10729 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10735 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10789 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10788 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10852 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10853 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9316 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-4393 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9312 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9318 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10555-10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10555-10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10486-10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10048 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10051 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9316 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-4393 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9312 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9318 Yes IE Cumulative 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update Liu Long of <a href="http://www.360.cn/">Qihoo 360</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7200 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update <a href="https://twitter.com/S0rryMybad">Qixun Zhao</a> of <a href="http://www.360.com/">Qihoo 360 Vulcan Team</a> Natalie Silvanovich of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7201 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Critical 10724-10729 Critical 10724-10735 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Natalie Silvanovich of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Browsers CVE-2016-7202 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10336-9316 10336-4393 10336-9312 10336-9318 10486-10816 10948-4393 10948-9316 10948-9312 10948-9318 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Remote Code Execution 10555-10378 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10483 Remote Code Execution 10486-10484 Remote Code Execution 10486-10051 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10789 Remote Code Execution 10486-10788 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10336-9316 Remote Code Execution 10336-4393 Remote Code Execution 10336-9312 Remote Code Execution 10336-9318 Remote Code Execution 10486-10816 Remote Code Execution 10948-4393 Remote Code Execution 10948-9316 Remote Code Execution 10948-9312 Remote Code Execution 10948-9318 Important 10724-10729 Important 10724-10735 Important 10724-10789 Important 10724-10788 Moderate 10724-10816 Important 10724-10852 Important 10724-10853 Moderate 10555-10378 Critical 10486-10481 Critical 10486-10482 Moderate 10486-10483 Critical 10486-10484 Moderate 10486-10051 Critical 10486-10729 Critical 10486-10735 Critical 10486-10789 Critical 10486-10788 Critical 10486-10852 Critical 10486-10853 Critical 10336-9316 Critical 10336-4393 Moderate 10336-9312 Moderate 10336-9318 Moderate 10486-10816 Critical 10948-4393 Critical 10948-9316 Moderate 10948-9312 Moderate 10948-9318 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10555-10378 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10481 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10482 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10483 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10484 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10051 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10729 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10735 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10789 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10788 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10852 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10853 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9316 7.5 6.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-4393 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10336-9318 6.4 5.8 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10486-10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3205409 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205409 3197877 10555-10378 Yes Monthly Rollup 3205408 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205408 10555-10378 Yes Security Only 3205401 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205401 10486-10481 Yes Monthly Rollup 3205400 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205400 10486-10481 Yes Security Only 3205401 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205401 10486-10482 Yes Monthly Rollup 3205400 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205400 10486-10482 Yes Security Only 3205401 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205401 10486-10483 Yes Monthly Rollup 3205400 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205400 10486-10483 Yes Security Only 3205401 10486-10484 Yes Monthly Rollup 3207752 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3207752 3197868 10486-10051 Monthly Rollup 3205394 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205394 10486-10051 Yes Security Only 3205383 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205383 10486-10729 Yes Security Update 3205383 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205383 10486-10735 Yes Security Update 3205386 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205386 10486-10789 Yes Security Update 3205386 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205386 10486-10788 Yes Security Update 3206632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3206632 10486-10852 Yes Security Update 3206632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3206632 10486-10853 Yes Security Update 3203621 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203621 3191492 10336-9316 Yes IE Cumulative 3203621 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203621 3191492 10336-4393 Yes IE Cumulative 3203621 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203621 3191492 10336-9312 Yes IE Cumulative 3203621 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203621 3191492 10336-9318 Yes IE Cumulative 3206632 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3206632 10486-10816 Yes Security Update 3208481 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3208481 10948-4393 Yes Security Update 3208481 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3208481 10948-9316 Yes Security Update 3208481 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3208481 10948-9312 Yes Security Update 3208481 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3208481 10948-9318 Yes Security Update Li Kemeng of <a href="http://xteam.baidu.com/">Baidu Security Lab</a> working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a> Scott Bell of Security-Assessment.com Natalie Silvanovich of <a href="http://www.google.com/">Google Project Zero</a> bee13oy of CloverSec Labs, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)<a/> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>To comprehensively address CVE-2016-7202, Microsoft is releasing the December Cumulative updates for Internet Explorer 9 and Internet Explorer 11 installed on Windows 10, the Security Only update for Internet Explorer 10 and Internet Explorer 11, and the Monthly Roll-Up update for Internet Explorer 10 and Internet Explorer 11. Customers who are running Internet Explorer need to install the December cumulative to be protected from the vulnerability. Customers who have already installed the November Cumulative Update for Microsoft Edge installed on Windows 10 do not need to take any action.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7203 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Critical 10724-10729 Critical 10724-10735 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Natalie Silvanovich of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Browser Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain.</p> <p>For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website.</p> <p>This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access.</p> Microsoft Browsers CVE-2016-7199 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10047 10486-10048 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10336-9316 10336-4393 10336-9312 10336-9318 10486-10816 Information Disclosure 10724-10729 Information Disclosure 10724-10735 Information Disclosure 10724-10789 Information Disclosure 10724-10788 Information Disclosure 10724-10816 Information Disclosure 10724-10852 Information Disclosure 10724-10853 Information Disclosure 10555-10378 Information Disclosure 10486-10481 Information Disclosure 10486-10482 Information Disclosure 10486-10483 Information Disclosure 10486-10484 Information Disclosure 10486-10047 Information Disclosure 10486-10048 Information Disclosure 10486-10051 Information Disclosure 10486-10729 Information Disclosure 10486-10735 Information Disclosure 10486-10789 Information Disclosure 10486-10788 Information Disclosure 10486-10852 Information Disclosure 10486-10853 Information Disclosure 10336-9316 Information Disclosure 10336-4393 Information Disclosure 10336-9312 Information Disclosure 10336-9318 Information Disclosure 10486-10816 Moderate 10724-10729 Moderate 10724-10735 Moderate 10724-10789 Moderate 10724-10788 Low 10724-10816 Moderate 10724-10852 Moderate 10724-10853 Low 10555-10378 Moderate 10486-10481 Moderate 10486-10482 Low 10486-10483 Moderate 10486-10484 Moderate 10486-10047 Moderate 10486-10048 Moderate 10486-10051 Moderate 10486-10729 Important 10486-10735 Important 10486-10789 Important 10486-10788 Important 10486-10852 Important 10486-10853 Moderate 10336-9316 Moderate 10336-4393 Low 10336-9312 Low 10336-9318 Moderate 10486-10816 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10729 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10735 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10789 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10788 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10816 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10852 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10853 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10555-10378 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10481 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10482 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10483 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10484 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10047 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10048 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10051 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10729 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10735 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10789 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10788 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10852 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10486-10853 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10336-9316 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10336-4393 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10336-9312 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10336-9318 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10555-10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10555-10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 3185331 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 3185331 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10486-10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10048 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10051 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9316 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-4393 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9312 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9318 Yes IE Cumulative 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Edge Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this vulnerability could trick a user into allowing access to the user’s My Documents folder.</p> <p>For an attack to be successful, an attacker must persuade a user to open a malicious website.</p> <p>The update addresses the vulnerability by changing how Microsoft Edge handles objects in memory.</p> Microsoft Edge CVE-2016-7204 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Information Disclosure 10724-10729 Information Disclosure 10724-10735 Information Disclosure 10724-10789 Information Disclosure 10724-10788 Information Disclosure 10724-10816 Information Disclosure 10724-10852 Information Disclosure 10724-10853 Important 10724-10729 Important 10724-10735 Important 10724-10789 Important 10724-10788 Low 10724-10816 Important 10724-10852 Important 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10729 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10735 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10789 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10788 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10816 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10852 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10853 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Abdulrahman Alqabandi (<a href="https://twitter.com/Qab">@qab</a>) 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Windows Animation Manager Memory Corruption Vulnerability <p>A remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could exploit the vulnerability by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how the Windows Animation Manager handles objects in memory.</p> Microsoft Graphics Component CVE-2016-7205 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 10050 10051 10049 10378 10379 10483 10543 10855 10816 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10789 Remote Code Execution 10788 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 10050 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 10855 Remote Code Execution 10816 Critical 10729 Critical 10735 Critical 10789 Critical 10788 Critical 10852 Critical 10853 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 10050 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 10855 Critical 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10047 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10048 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10481 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10482 7.1 6.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10484 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10050 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10051 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10049 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 6.0 5.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update SkyLined working with <a href=http://www.verisigninc.com/en_US/cyber-security/index.xhtml>VeriSign iDefense Labs</a> Kai Song (<a href="http://exp-sky.org/">exp-sky</a>) of <a href="http://www.tencent.com/">Tencent’s Xuanwu LAB</a> Scott Bell of Security-Assessment.com 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7208 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Microsoft ChakraCore Team 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Browser Spoofing Vulnerability <p>A spoofing vulnerability exists when Microsoft browsers do not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.</p> <p>To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.</p> <p>The update addresses the vulnerability by correcting how Microsoft browsers parse HTTP responses.</p> Microsoft Edge CVE-2016-7209 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Spoofing 10724-10729 Spoofing 10724-10735 Spoofing 10724-10789 Spoofing 10724-10788 Spoofing 10724-10816 Spoofing 10724-10852 Spoofing 10724-10853 Moderate 10724-10729 Moderate 10724-10735 Moderate 10724-10789 Moderate 10724-10788 Low 10724-10816 Moderate 10724-10852 Moderate 10724-10853 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Open Type Font Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when the Adobe Type Manager Font Driver improperly handles specially crafted OpenType fonts. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.</p> <p>The update addresses the vulnerability by correcting how the Adobe Type Manager Font Driver handles OpenType fonts.</p> Microsoft Graphics Component CVE-2016-7210 10852 10853 10729 10735 10789 10788 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 10855 4393 9316 10816 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10789 Information Disclosure 10788 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9311 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10050 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 10855 Information Disclosure 4393 Information Disclosure 9316 Information Disclosure 10816 Important 10852 Important 10853 Important 10729 Important 10735 Important 10789 Important 10788 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 10855 Important 4393 Important 9316 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10852 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10853 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10729 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10735 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10789 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10788 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10047 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10048 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10481 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10482 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10484 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9312 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10287 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9311 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9318 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9344 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10050 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10051 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10049 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10378 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10379 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10483 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10543 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 4393 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9316 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10816 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9312 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 10287 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9311 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9318 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 4393 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update <p><strong>Rename ATMFD.DLL</strong> For 32-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt: cd &quot;%windir%\system32&quot; takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll</li> <li>Restart the system.</li> </ol> <p>For 64-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt: cd &quot;%windir%\system32&quot; takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll cd &quot;%windir%\syswow64&quot; takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll</li> <li>Restart the system.</li> </ol> <p><strong>Optional procedure for Windows 8 and later operating systems (disable ATMFD):</strong> <strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the &quot;Changing Keys And Values&quot; Help topic in Registry Editor (Regedit.exe) or view the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe.</p> <p><strong>Method 1 (manually edit the system registry):</strong></p> <ol> <li>Run <strong>regedit.exe</strong> as Administrator.</li> <li>In Registry Editor, navigate to the following sub key (or create it) and set its DWORD value to 1: <code>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 1</code></li> <li>Close Registry Editor and restart the system.</li> </ol> <p><strong>Method 2 (use a managed deployment script):</strong></p> <ol> <li>Create a text file named ATMFD-disable.reg that contains the following text:</li> </ol> <pre><code> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] &quot;DisableATMFD&quot;=dword:00000001 </code></pre> <ol start="3"> <li>Run regedit.exe.</li> <li>In Registry Editor, click the <strong>File</strong> menu and then click <strong>Import</strong>.</li> <li>Navigate to and select the ATMFD-disable.reg file that you created in the first step. (<strong>Note</strong> If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to <strong>All Files</strong>).</li> <li>Click <strong>Open</strong> and then click <strong>OK</strong> to close Registry Editor.</li> </ol> <p><strong>Impact of workaround</strong>. Applications that rely on embedded font technology will not display properly. Disabling ATMFD.DLL could cause certain applications to stop working properly if they use OpenType fonts. Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change.</p> <p><strong>How to undo the workaround.</strong> For 32-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt:</li> </ol> <pre><code> cd &quot;%windir%\system32&quot; rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner &quot;NT SERVICE\TrustedInstaller&quot; icacls.exe . /restore atmfd.dll.acl </code></pre> <ol start="2"> <li>Restart the system.</li> </ol> <p>For 64-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt:</li> </ol> <pre><code> cd &quot;%windir%\system32&quot; rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner &quot;NT SERVICE\TrustedInstaller&quot; icacls.exe . /restore atmfd.dll.acl cd &quot;%windir%\syswow64&quot; rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner &quot;NT SERVICE\TrustedInstaller&quot; icacls.exe . /restore atmfd.dll.acl </code></pre> <ol start="2"> <li>Restart the system.</li> </ol> <p><strong>Optional procedure for Windows 8 and later operating systems (enable ATMFD)</strong>: <strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the &quot;Changing Keys And Values&quot; Help topic in Registry Editor (Regedit.exe) or view the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe.</p> <p><strong>Method 1 (manually edit the system registry):</strong></p> <ol> <li>Run <strong>regedit.exe</strong> as Administrator.</li> <li>In Registry Editor, navigate to the following sub key and set its DWORD value to 0: <code>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 0</code></li> <li>Close Registry Editor and restart the system.</li> </ol> <p><strong>Method 2 (use a managed deployment script):</strong></p> <ol> <li>Create a text file named <strong>ATMFD-enable.reg</strong> that contains the following text:</li> </ol> <pre><code> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] &quot;DisableATMFD&quot;=dword:00000000 </code></pre> <ol start="2"> <li>Run regedit.exe.</li> <li>In Registry Editor, click the <strong>File</strong> menu and then click <strong>Import</strong>.</li> <li>Navigate to and select the <strong>ATMFD-enable.reg</strong> file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to <strong>All Files</strong>).</li> <li>Click <strong>Open</strong> and then click <strong>OK</strong> to close Registry Editor.</li> </ol> Hossein Lotfi, <a href="http://www.flexerasoftware.com/enterprise/company/about/secunia-research/">Secunia Research at Flexera Software</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when Windows image file loading functionality does not properly handle malformed image files. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to load a malformed image file from either a webpage or an email message.</p> <p>The update addresses the vulnerability by helping to ensure that image files contents are properly validated.</p> Microsoft Windows CVE-2016-7212 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 4393 9316 10855 10816 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10789 Remote Code Execution 10788 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9311 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10050 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 4393 Remote Code Execution 9316 Remote Code Execution 10855 Remote Code Execution 10816 Critical 10729 Critical 10735 Critical 10789 Critical 10788 Critical 10852 Critical 10853 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9311 Critical 9318 Critical 9344 Critical 10050 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 4393 Critical 9316 Critical 10855 Critical 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10789 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10788 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9311 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10050 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4393 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9316 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 9312 Yes Security Update 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 10287 Yes Security Update 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 9311 Yes Security Update 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 9318 Yes Security Update 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 4393 Yes Security Update 3196718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3196718 3184122 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Aral Yaman of <a href="http://www.noser.com/">Noser Engineering AG</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7213 10152 10489 10490 10656 10654 10655 10739 10740 10672 10027 4497 Remote Code Execution 10152 Remote Code Execution 10489 Remote Code Execution 10490 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10672 Remote Code Execution 10027 Remote Code Execution 4497 Important 10152 Important 10489 Important 10490 Important 10656 Important 10654 Important 10655 Important 10739 Important 10740 Important 10672 Important 10027 Important 4497 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 3118395 https://www.microsoft.com/downloads/details.aspx?familyid=011ed6a4-8eba-4c2b-a90a-eb9ab5147058 3115459 10152 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=bff15a3a-7b5a-4405-a1eb-e366ca074e50 3118316 10489 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=e08495b0-aa17-4b60-854f-849a93ab3571 3118316 10490 Maybe Security Update 3127921 3118284 10656 Maybe Security Update 3127921 https://www.microsoft.com/downloads/details.aspx?familyid=55c2298e-e21c-435f-a6c3-4eef8dcf3a5e 3118284 10654 Maybe Security Update 3127921 https://www.microsoft.com/downloads/details.aspx?familyid=992735dc-943e-4f8a-898f-1e1a8c1e9460 3118284 10655 Maybe Security Update 3127904 https://www.microsoft.com/downloads/details.aspx?familyid=c68fa15a-c7ea-49d0-bf11-68fafcb00902 3118290 10739 Maybe Security Update 3127904 https://www.microsoft.com/downloads/details.aspx?familyid=5643c954-fad8-478e-ae72-2ac8c042a873 3118290 10740 Maybe Security Update 3198798 https://go.microsoft.com/fwlink/?LinkId=831159 3193438 10672 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127889 https://www.microsoft.com/downloads/details.aspx?familyid=f5a8a4ad-986d-48eb-8d17-343e6fe20c40 3115462 4497 Maybe Security Update JChen of <a href="https://www.paloaltonetworks.com/">Palo Alto Networks</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Windows Kernel Information Disclosure Vulnerability <p>An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a <a href="https://technet.microsoft.com/en-us/library/security/dn848375.aspx#ASLR">Kernel Address Space Layout Randomization (ASLR)</a> bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.</p> Windows Kernel-Mode Drivers CVE-2016-7214 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 4393 9316 10816 10855 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10789 Information Disclosure 10788 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9311 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10050 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 4393 Information Disclosure 9316 Information Disclosure 10816 Information Disclosure 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 4393 Important 9316 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10729 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10735 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10789 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10788 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10852 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10853 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10047 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10048 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10481 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10482 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10484 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9312 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10287 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9311 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9318 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9344 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10050 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10051 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10049 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10378 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10379 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10483 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10543 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 4393 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 9316 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10816 4.4 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9312 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 10287 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9311 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9318 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 4393 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Win32k Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p> Windows Kernel-Mode Drivers CVE-2016-7215 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 4393 9316 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 4393 Important 9316 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10789 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10788 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9311 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10050 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4393 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9316 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9312 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 10287 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9311 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9318 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 4393 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update bee13oy of CloverSec Labs, working with <a href="http://www.zerodayinitiative.com/">Trend Micro’s Zero Day Initiative (ZDI)</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.</p> <p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.</p> Windows Kernel CVE-2016-7216 10047 10048 9312 10287 9311 9318 9344 10050 10051 10049 4393 9316 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 4393 Elevation of Privilege 9316 Important 10047 Important 10048 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 4393 Important 9316 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10047 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10048 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9312 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10287 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9311 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9318 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9344 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10050 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10051 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10049 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 4393 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9316 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 9312 Yes Security Update 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 10287 Yes Security Update 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 9311 Yes Security Update 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 9318 Yes Security Update 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 4393 Yes Security Update 3198483 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198483 9316 Yes Security Update Mateusz Jurczyk of <a href="http://www.google.com/">Google Project Zero</a> James Forshaw of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Media Foundation Memory Corruption Vulnerability <p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.</p> Microsoft Graphics Component CVE-2016-7217 10481 10482 10729 10735 10789 10788 10852 10853 10816 10855 10378 10483 10484 10379 10543 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10789 Remote Code Execution 10788 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10483 Remote Code Execution 10484 Remote Code Execution 10379 Remote Code Execution 10543 Important 10481 Important 10482 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10483 Important 10484 Important 10379 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10481 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10482 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10853 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10855 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10484 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10379 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10543 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 10484 Yes Monthly Rollup 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only Liu Long of <a href="http://www.360.cn/">Qihoo 360</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows Bowser.sys Information Disclosure Vulnerability <p>An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory to which they should not have access.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application in user mode.</p> <p>The update addresses the vulnerability by correcting how the browser.sys kernel-mode driver handles objects in memory.</p> Windows Kernel-Mode Drivers CVE-2016-7218 10816 10855 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 4393 9316 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10789 Information Disclosure 10788 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10047 Information Disclosure 10048 Information Disclosure 10481 Information Disclosure 10482 Information Disclosure 10484 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9311 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10050 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 4393 Information Disclosure 9316 Important 10816 Important 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 4393 Important 9316 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10816 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10855 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10729 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10735 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10789 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10788 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10852 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10853 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10047 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10048 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10481 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10482 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10484 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 9312 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10287 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 9311 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 9318 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 9344 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10050 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10051 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 10049 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 4393 5.8 5.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C 9316 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 9312 Yes Security Update 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 10287 Yes Security Update 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 9311 Yes Security Update 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 9318 Yes Security Update 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 4393 Yes Security Update 3194371 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194371 3177725 9316 Yes Security Update <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> may be helpful in your situation: An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.</p> Peter Hlavaty (<a href="https://twitter.com/zer0mem">@zer0mem</a>), KeenLab, <a href="http://www.tencent.com/">Tencent</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Virtual Secure Mode Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when Windows Virtual Secure Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system.</p> <p>To exploit the vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.</p> <p>The security update addresses the vulnerability by correcting how Windows Virtual Secure Mode handles objects in memory.</p> Windows Authentication Methods CVE-2016-7220 10729 10735 Information Disclosure 10729 Information Disclosure 10735 Important 10729 Important 10735 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely;DOS:N/A 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Windows IME Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Microsoft Windows when Windows Input Method Editor (IME) improperly handles DLL loading. There is no impact without IME present.</p> <p>To exploit this vulnerability, a locally authenticated attacker could run a specially crafted application.</p> <p>The security update addresses this vulnerability by correcting how Windows IME loads DLLs.</p> Microsoft Windows CVE-2016-7221 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 4393 9316 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 4393 Important 9316 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10047 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10048 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10481 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10482 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10484 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9312 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10287 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9311 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9318 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9344 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10050 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10051 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10049 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 4393 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 9316 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 9312 Yes Security Update 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 10287 Yes Security Update 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 9311 Yes Security Update 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 9318 Yes Security Update 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 4393 Yes Security Update 3193418 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3193418 3033889 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Takashi Yoshikawa of <a href="https://www.mbsd.jp/">Mitsui Bussan Secure Directions, Inc.</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Task Scheduler Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Task Scheduler when a user creates a task that uses UNC paths. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.</p> <p>To exploit the vulnerability, a locally authenticated attacker could use Windows Task Scheduler to schedule a new task with a specially crafted UNC path.</p> <p>This security update addresses the vulnerability by correcting how Task Scheduler handles specially crafted UNC paths.</p> Windows Task Scheduler CVE-2016-7222 10729 10735 10789 10788 10852 10853 10855 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10855 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10855 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:Permanent 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.5 5.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> may be helpful in your situation: An enterprise perimeter firewall can be used to prevent this type of attack. See <a href="https://support.microsoft.com/kb/3185535">Knowledge Base Article 3185535</a> for guidance on configuring an enterprise perimeter firewall.</p> <a href="https://linkedin.com/in/shanti-lindstr%c3%b6m-399112a8">Shanti Lindström</a>, Individual 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 1.1 2016-11-23T08:00:00Z <p>Updated the vulnerability description for CVE-2016-7222. This is an informational change only.</p> VHD Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.</p> <p>To exploit the vulnerability, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.</p> <p>The security update addresses the vulnerability by correcting how the kernel API restricts access to these files.</p> Microsoft Virtual Hard Drive CVE-2016-7223 10729 10735 10789 10788 10852 10853 10481 10482 10484 10378 10379 10483 10543 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10481 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10482 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10484 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update James Forshaw of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> VHD Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.</p> <p>To exploit the vulnerability, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.</p> <p>The security update addresses the vulnerability by correcting how the kernel API restricts access to these files.</p> Microsoft Virtual Hard Drive CVE-2016-7224 10729 10735 10789 10788 10852 10853 10481 10482 10484 10378 10379 10483 10543 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10481 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10482 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10484 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10378 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10379 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10483 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10543 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update James Forshaw of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> VHD Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.</p> <p>To exploit the vulnerability, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.</p> <p>The security update addresses the vulnerability by correcting how the kernel API restricts access to these files.</p> Microsoft Virtual Hard Drive CVE-2016-7225 10729 10735 10789 10788 10852 10853 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:Permanent 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update James Forshaw of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> VHD Driver Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.</p> <p>To exploit the vulnerability, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.</p> <p>The security update addresses the vulnerability by correcting how the kernel API restricts access to these files.</p> Microsoft Virtual Hard Drive CVE-2016-7226 10729 10735 10789 10788 10852 10853 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10729 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10735 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10789 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10788 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10852 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10853 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10816 6.8 6.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update James Forshaw of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Browser Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.</p> <p>In addition, compromised websites and websites that accept or host user-generated content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.</p> <p>An attacker who successfully exploited the vulnerability could potentially read data that was not intended to be disclosed. Note that the vulnerability would not allow an attacker to either execute code or to elevate a user’s rights directly, but the vulnerability could be used to obtain information in an attempt to further compromise the affected system.</p> <p>The security update addresses the vulnerability by helping to restrict what information is returned to affected Microsoft browsers.</p> Microsoft Browsers CVE-2016-7227 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10047 10486-10048 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10336-9316 10336-4393 10336-9312 10336-9318 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10486-10816 Information Disclosure 10555-10378 Information Disclosure 10486-10481 Information Disclosure 10486-10482 Information Disclosure 10486-10483 Information Disclosure 10486-10484 Information Disclosure 10486-10047 Information Disclosure 10486-10048 Information Disclosure 10486-10051 Information Disclosure 10486-10729 Information Disclosure 10486-10735 Information Disclosure 10486-10789 Information Disclosure 10486-10788 Information Disclosure 10486-10852 Information Disclosure 10486-10853 Information Disclosure 10336-9316 Information Disclosure 10336-4393 Information Disclosure 10336-9312 Information Disclosure 10336-9318 Information Disclosure 10724-10729 Information Disclosure 10724-10735 Information Disclosure 10724-10789 Information Disclosure 10724-10788 Information Disclosure 10724-10816 Information Disclosure 10724-10852 Information Disclosure 10724-10853 Information Disclosure 10486-10816 Low 10555-10378 Important 10486-10481 Important 10486-10482 Low 10486-10483 Important 10486-10484 Important 10486-10047 Important 10486-10048 Low 10486-10051 Important 10486-10729 Important 10486-10735 Important 10486-10789 Important 10486-10788 Important 10486-10852 Important 10486-10853 Important 10336-9316 Important 10336-4393 Low 10336-9312 Low 10336-9318 Moderate 10724-10729 Moderate 10724-10735 Moderate 10724-10789 Moderate 10724-10788 Low 10724-10816 Moderate 10724-10852 Moderate 10724-10853 Low 10486-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10555-10378 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10481 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10482 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10483 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10484 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10047 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10048 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10486-10051 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10729 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10735 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10789 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10788 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10852 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10486-10853 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10336-9316 5.5 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C 10336-4393 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9312 6.4 5.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C 10336-9318 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10729 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10735 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10789 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10788 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10816 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10852 4.3 3.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C 10724-10853 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10555-10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10555-10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10486-10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10048 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10051 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9316 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-4393 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9312 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9318 Yes IE Cumulative 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update Masato Kinugawa of <a href="https://cure53.de/">Cure53</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7228 10152 10489 10490 10656 10654 10655 10739 10740 10672 10027 4497 Remote Code Execution 10152 Remote Code Execution 10489 Remote Code Execution 10490 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10672 Remote Code Execution 10027 Remote Code Execution 4497 Important 10152 Important 10489 Important 10490 Important 10656 Important 10654 Important 10655 Important 10739 Important 10740 Important 10672 Important 10027 Important 4497 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 3118395 https://www.microsoft.com/downloads/details.aspx?familyid=011ed6a4-8eba-4c2b-a90a-eb9ab5147058 3115459 10152 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=bff15a3a-7b5a-4405-a1eb-e366ca074e50 3118316 10489 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=e08495b0-aa17-4b60-854f-849a93ab3571 3118316 10490 Maybe Security Update 3127921 3118284 10656 Maybe Security Update 3127921 https://www.microsoft.com/downloads/details.aspx?familyid=55c2298e-e21c-435f-a6c3-4eef8dcf3a5e 3118284 10654 Maybe Security Update 3127921 https://www.microsoft.com/downloads/details.aspx?familyid=992735dc-943e-4f8a-898f-1e1a8c1e9460 3118284 10655 Maybe Security Update 3127904 https://www.microsoft.com/downloads/details.aspx?familyid=c68fa15a-c7ea-49d0-bf11-68fafcb00902 3118290 10739 Maybe Security Update 3127904 https://www.microsoft.com/downloads/details.aspx?familyid=5643c954-fad8-478e-ae72-2ac8c042a873 3118290 10740 Maybe Security Update 3198798 https://go.microsoft.com/fwlink/?LinkId=831159 3193438 10672 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127889 https://www.microsoft.com/downloads/details.aspx?familyid=f5a8a4ad-986d-48eb-8d17-343e6fe20c40 3115462 4497 Maybe Security Update JChen of <a href="https://www.paloaltonetworks.com/">Palo Alto Networks</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7229 10152 10489 10490 10656 10654 10655 10739 10740 10672 10027 10279 4497 Remote Code Execution 10152 Remote Code Execution 10489 Remote Code Execution 10490 Remote Code Execution 10656 Remote Code Execution 10654 Remote Code Execution 10655 Remote Code Execution 10739 Remote Code Execution 10740 Remote Code Execution 10672 Remote Code Execution 10027 Remote Code Execution 10279 Remote Code Execution 4497 Important 10152 Important 10489 Important 10490 Important 10656 Important 10654 Important 10655 Important 10739 Important 10740 Important 10672 Important 10027 Important 10279 Important 4497 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 3118395 https://www.microsoft.com/downloads/details.aspx?familyid=011ed6a4-8eba-4c2b-a90a-eb9ab5147058 3115459 10152 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=bff15a3a-7b5a-4405-a1eb-e366ca074e50 3118316 10489 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=e08495b0-aa17-4b60-854f-849a93ab3571 3118316 10490 Maybe Security Update 3127921 3118284 10656 Maybe Security Update 3127921 https://www.microsoft.com/downloads/details.aspx?familyid=55c2298e-e21c-435f-a6c3-4eef8dcf3a5e 3118284 10654 Maybe Security Update 3127921 https://www.microsoft.com/downloads/details.aspx?familyid=992735dc-943e-4f8a-898f-1e1a8c1e9460 3118284 10655 Maybe Security Update 3127904 https://www.microsoft.com/downloads/details.aspx?familyid=c68fa15a-c7ea-49d0-bf11-68fafcb00902 3118290 10739 Maybe Security Update 3127904 https://www.microsoft.com/downloads/details.aspx?familyid=5643c954-fad8-478e-ae72-2ac8c042a873 3118290 10740 Maybe Security Update 3198798 https://go.microsoft.com/fwlink/?LinkId=831159 3193438 10672 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127893 https://www.microsoft.com/downloads/details.aspx?familyid=a8484f6a-78fc-4027-af5a-a1c8aea44266 3115463 10279 Maybe Security Update 3127889 https://www.microsoft.com/downloads/details.aspx?familyid=f5a8a4ad-986d-48eb-8d17-343e6fe20c40 3115462 4497 Maybe Security Update JChen of <a href="https://www.paloaltonetworks.com/">Palo Alto Networks</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p> <p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7230 10498 10499 256 10525 Remote Code Execution 10498 Remote Code Execution 10499 Remote Code Execution 256 Remote Code Execution 10525 Important 10498 Important 10499 Important 256 Important 10525 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation More Likely 3118378 https://www.microsoft.com/downloads/details.aspx?familyid=3305d937-9bd9-4311-813c-4666e0346aa4 3115467 10498 Maybe Security Update 3118378 https://www.microsoft.com/downloads/details.aspx?familyid=d1bb4c42-dc62-400f-b00f-5022d5810397 3115467 10499 Maybe Security Update 3118382 https://www.microsoft.com/downloads/details.aspx?familyid=c03f20f4-2198-4b0f-ab94-4b69ea489637 3054969 256 Maybe Security Update 3127954 https://www.microsoft.com/downloads/details.aspx?familyid=a779cdaf-de65-4e2b-9ba8-555a754af70d 3118384 10525 Maybe Security Update Steven Vittitoe of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7231 10152 10027 10279 4497 Remote Code Execution 10152 Remote Code Execution 10027 Remote Code Execution 10279 Remote Code Execution 4497 Important 10152 Important 10027 Important 10279 Important 4497 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3118395 https://www.microsoft.com/downloads/details.aspx?familyid=011ed6a4-8eba-4c2b-a90a-eb9ab5147058 3115459 10152 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127893 https://www.microsoft.com/downloads/details.aspx?familyid=a8484f6a-78fc-4027-af5a-a1c8aea44266 3115463 10279 Maybe Security Update 3127889 https://www.microsoft.com/downloads/details.aspx?familyid=f5a8a4ad-986d-48eb-8d17-343e6fe20c40 3115462 4497 Maybe Security Update JChen of <a href="https://www.paloaltonetworks.com/">Palo Alto Networks</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. see Microsoft Knowledge Base Article 3198807. and Microsoft Knowledge Base Article 3198798. for more information and download links.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7232 10162 10513 10514 10025 10521 10522 4497 Remote Code Execution 10162 Remote Code Execution 10513 Remote Code Execution 10514 Remote Code Execution 10025 Remote Code Execution 10521 Remote Code Execution 10522 Remote Code Execution 4497 Important 10162 Important 10513 Important 10514 Important 10025 Important 10521 Important 10522 Important 4497 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3127949 https://www.microsoft.com/downloads/details.aspx?familyid=2228787d-6dca-4599-8683-f3db9b31ee52 3118308 10162 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=ee6b96bc-4795-4f16-8bbb-0cd8560df286 3118312 10513 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=17a90a47-583c-4c05-9e4f-b73a9e436f66 3118312 10514 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10025 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=6738bf6c-8317-4f65-ab6c-445426590465 3118311 10521 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=bdf1de31-23e0-4825-b8fc-afbfce89e886 3118311 10522 Maybe Security Update 3127948 https://www.microsoft.com/downloads/details.aspx?familyid=ff5a87e3-4994-4285-ba24-5557f674397f 3118307 4497 Maybe Security Update Rocco Calvi and Steven Seeley of <a href="http://srcincite.io/">Source Incite</a>, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Microsoft Office Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p> <p>The security update addresses the vulnerability by properly initializing the affected variable.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7233 1160 10162 10513 10514 10025 10027 10525 4497 10521 10522 9432-10607 Information Disclosure 1160 Information Disclosure 10162 Information Disclosure 10513 Information Disclosure 10514 Remote Code Execution 10025 Remote Code Execution 10027 Information Disclosure 10525 Information Disclosure 4497 Information Disclosure 10521 Information Disclosure 10522 Information Disclosure 9432-10607 Important 1160 Important 10162 Important 10513 Important 10514 Important 10025 Important 10027 Important 10525 Important 4497 Important 10521 Important 10522 Important 9432-10607 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3127962 https://www.microsoft.com/downloads/details.aspx?familyid=5988fdf9-05d9-4480-8918-38357c2f75a1 3127898 1160 Maybe Security Update 3127949 https://www.microsoft.com/downloads/details.aspx?familyid=2228787d-6dca-4599-8683-f3db9b31ee52 3118308 10162 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=ee6b96bc-4795-4f16-8bbb-0cd8560df286 3118312 10513 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=17a90a47-583c-4c05-9e4f-b73a9e436f66 3118312 10514 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10025 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127954 https://www.microsoft.com/downloads/details.aspx?familyid=a779cdaf-de65-4e2b-9ba8-555a754af70d 3118384 10525 Maybe Security Update 3127948 https://www.microsoft.com/downloads/details.aspx?familyid=ff5a87e3-4994-4285-ba24-5557f674397f 3118307 4497 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=6738bf6c-8317-4f65-ab6c-445426590465 3118311 10521 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=bdf1de31-23e0-4825-b8fc-afbfce89e886 3118311 10522 Maybe Security Update 3127927 https://www.microsoft.com/downloads/details.aspx?familyid=3bbb50a3-66aa-4a87-b51a-61b0d84b156b 3118352 9432-10607 Maybe Security Update Rocco Calvi and Steven Seeley of <a href="http://srcincite.io/">Source Incite</a>, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7234 10162 10513 10514 10606 10604 10605 10670 10025 10521 10522 10027 4497 10525 10611 9432-10607 9432-10495 Remote Code Execution 10162 Remote Code Execution 10513 Remote Code Execution 10514 Remote Code Execution 10606 Remote Code Execution 10604 Remote Code Execution 10605 Remote Code Execution 10670 Remote Code Execution 10025 Remote Code Execution 10521 Remote Code Execution 10522 Remote Code Execution 10027 Remote Code Execution 4497 Remote Code Execution 10525 Remote Code Execution 10611 Remote Code Execution 9432-10607 Remote Code Execution 9432-10495 Important 10162 Important 10513 Important 10514 Important 10606 Important 10604 Important 10605 Important 10670 Important 10025 Important 10521 Important 10522 Important 10027 Important 4497 Important 10525 Important 10611 Important 9432-10607 Important 9432-10495 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3127949 https://www.microsoft.com/downloads/details.aspx?familyid=2228787d-6dca-4599-8683-f3db9b31ee52 3118308 10162 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=ee6b96bc-4795-4f16-8bbb-0cd8560df286 3118312 10513 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=17a90a47-583c-4c05-9e4f-b73a9e436f66 3118312 10514 Maybe Security Update 3127932 3118345 10606 Maybe Security Update 3127932 https://www.microsoft.com/downloads/details.aspx?familyid=f0fbed48-60c3-4d7a-b13c-b4021d6946e8 3118345 10604 Maybe Security Update 3127932 https://www.microsoft.com/downloads/details.aspx?familyid=1788fc03-2608-4954-ab3a-fd4b5199fd2a 3118345 10605 Maybe Security Update 3198798 https://go.microsoft.com/fwlink/?LinkId=831159 3193438 10670 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10025 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=6738bf6c-8317-4f65-ab6c-445426590465 3118311 10521 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=bdf1de31-23e0-4825-b8fc-afbfce89e886 3118311 10522 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127948 https://www.microsoft.com/downloads/details.aspx?familyid=ff5a87e3-4994-4285-ba24-5557f674397f 3118307 4497 Maybe Security Update 3127954 https://www.microsoft.com/downloads/details.aspx?familyid=a779cdaf-de65-4e2b-9ba8-555a754af70d 3118384 10525 Maybe Security Update 3127929 https://www.microsoft.com/downloads/details.aspx?familyid=649a7d55-35eb-49e8-ade9-cd1f01ff349e 3118360 10611 Maybe Security Update 3127927 https://www.microsoft.com/downloads/details.aspx?familyid=3bbb50a3-66aa-4a87-b51a-61b0d84b156b 3118352 9432-10607 Maybe Security Update 3127950 https://www.microsoft.com/downloads/details.aspx?familyid=a4e153ec-d1bb-44d4-a531-bcfc4e2d2c05 3118377 9432-10495 Maybe Security Update Rocco Calvi and Steven Seeley of <a href="http://srcincite.io/">Source Incite</a>, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a> <a href="https://twitter.com/j00sean">@j00sean</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7235 10162 10513 10514 10025 10521 10522 10027 4497 Remote Code Execution 10162 Remote Code Execution 10513 Remote Code Execution 10514 Remote Code Execution 10025 Remote Code Execution 10521 Remote Code Execution 10522 Remote Code Execution 10027 Remote Code Execution 4497 Important 10162 Important 10513 Important 10514 Important 10025 Important 10521 Important 10522 Important 10027 Important 4497 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3127949 https://www.microsoft.com/downloads/details.aspx?familyid=2228787d-6dca-4599-8683-f3db9b31ee52 3118308 10162 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=ee6b96bc-4795-4f16-8bbb-0cd8560df286 3118312 10513 Maybe Security Update 3127953 https://www.microsoft.com/downloads/details.aspx?familyid=17a90a47-583c-4c05-9e4f-b73a9e436f66 3118312 10514 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10025 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=6738bf6c-8317-4f65-ab6c-445426590465 3118311 10521 Maybe Security Update 3127951 https://www.microsoft.com/downloads/details.aspx?familyid=bdf1de31-23e0-4825-b8fc-afbfce89e886 3118311 10522 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3127948 https://www.microsoft.com/downloads/details.aspx?familyid=ff5a87e3-4994-4285-ba24-5557f674397f 3118307 4497 Maybe Security Update Rocco Calvi and Steven Seeley of <a href="http://srcincite.io/">Source Incite</a>, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p>IMPORTANT: Please note that the security updates for Microsoft Office for Mac 2011 (3198807) and Microsoft Office 2016 for Mac (3198798) are not yet available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this bulletin.</p> <p>As of November 15, 2016, the 3198807 update is available for Microsoft Office for Mac 2011, and the 3198798 update is available for Microsoft Office 2016 for Mac. For more information, see <a href="https://support.microsoft.com/en-us/kb/3198807">Microsoft Knowledge Base Article 3198807</a> and <a href="https://support.microsoft.com/en-us/kb/3198798">Microsoft Knowledge Base Article 3198798</a>. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</p> <p><strong>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</strong> For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7236 10489 10490 10672 10027 9171-10495 Remote Code Execution 10489 Remote Code Execution 10490 Remote Code Execution 10672 Remote Code Execution 10027 Remote Code Execution 9171-10495 Important 10489 Important 10490 Important 10672 Important 10027 Important 9171-10495 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=bff15a3a-7b5a-4405-a1eb-e366ca074e50 3118316 10489 Maybe Security Update 3118390 https://www.microsoft.com/downloads/details.aspx?familyid=e08495b0-aa17-4b60-854f-849a93ab3571 3118316 10490 Maybe Security Update 3198798 https://go.microsoft.com/fwlink/?LinkId=831159 3193438 10672 Maybe Security Update 3198807 https://go.microsoft.com/fwlink/?LinkId=831164 3193442 10027 Maybe Security Update 3118381 https://www.microsoft.com/downloads/details.aspx?familyid=f0adc7b9-49a7-4a06-a57f-cbc148162bda 3115119 9171-10495 Maybe Security Update Steven Seeley of <a href="http://srcincite.io/">Source Incite</a>, working with <a href="http://www.verisigninc.com/en_US/cyber-security/index.xhtml">VeriSign iDefense Labs</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-11-15T08:00:00Z <p>Bulletin revised to announce the availability of the 14.7.0 update for Microsoft Office for Mac 2011 (3186805) and the 15.28 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action see Microsoft Knowledge Base Article 3198807 and Microsoft Knowledge Base Article 3198798 for more information and download links.</p> Local Security Authority Subsystem Service Denial of Service Vulnerability <p>A denial of service vulnerability exists in the Windows Local Security Authority Subsystem Service (LSASS). A remote, but authenticated, attacker who successfully exploited this vulnerability could cause the target system to become nonresponsive.</p> <p>To exploit the vulnerability, a remote attacker would first have to log on to the system and send a specially crafted request to the target system.</p> <p>The security update addresses the vulnerability by changing the way that LSASS handles specially crafted requests.</p> Windows Authentication Methods CVE-2016-7237 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 10816 4393 9316 10855 Denial of Service 10729 Denial of Service 10735 Denial of Service 10789 Denial of Service 10788 Denial of Service 10852 Denial of Service 10853 Denial of Service 10047 Denial of Service 10048 Denial of Service 10481 Denial of Service 10482 Denial of Service 10484 Denial of Service 9312 Denial of Service 10287 Denial of Service 9311 Denial of Service 9318 Denial of Service 9344 Denial of Service 10050 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Denial of Service 10816 Denial of Service 4393 Denial of Service 9316 Denial of Service 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 10816 Important 4393 Important 9316 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10729 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10735 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10789 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10788 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10852 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10853 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10047 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10048 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10481 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10482 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10484 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 9312 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10287 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 9311 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 9318 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 9344 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10050 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10051 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10049 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10378 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10379 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10483 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10543 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10816 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 4393 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 9316 6.5 5.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9312 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 10287 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9311 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9318 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9344 Maybe Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-104, 3185319; MS16-111, 3175024; MS16-116, 3184122 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 4393 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9316 Maybe Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update Laurent Gaffie 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Windows NTLM Elevation of Privilege Vulnerability <p>A local elevation of privilege vulnerability exists when Windows fails to properly handle NTLM password change requests. An attacker who successfully exploited this vulnerability could elevate the attacker's permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts.</p> <p>To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. The attacker could subsequently attempt to elevate privilege by locally executing a specially crafted application designed to manipulate NTLM authentication requests.</p> <p>The update addresses the vulnerability by updating Windows NTLM to harden the password change cache.</p> Windows Authentication Methods CVE-2016-7238 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 10855 4393 9316 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10855 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 10855 Important 4393 Important 9316 Important 10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10047 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10048 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9312 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10287 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9311 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9318 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9344 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10050 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10051 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10049 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 4393 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 9316 6.6 5.7 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9312 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 10287 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9311 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9318 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9344 Maybe Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 4393 Maybe Security Update 3198510 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198510 3081320 9316 Maybe Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Browser Information Disclosure Vulnerability <p>An information disclosure vulnerability exists when the Microsoft browser XSS filter is abused to leak sensitive page information. An attacker who successfully exploited the vulnerability could obtain sensitive information from certain web pages.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The update addresses the vulnerability by changing how the XSS filter handles RegEx.</p> Microsoft Browsers CVE-2016-7239 10555-10378 10486-10481 10486-10482 10486-10483 10486-10484 10486-10047 10486-10048 10486-10051 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10336-9316 10336-4393 10336-9312 10336-9318 10486-10816 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Information Disclosure 10555-10378 Information Disclosure 10486-10481 Information Disclosure 10486-10482 Information Disclosure 10486-10483 Information Disclosure 10486-10484 Information Disclosure 10486-10047 Information Disclosure 10486-10048 Information Disclosure 10486-10051 Information Disclosure 10486-10729 Information Disclosure 10486-10735 Information Disclosure 10486-10789 Information Disclosure 10486-10788 Information Disclosure 10486-10852 Information Disclosure 10486-10853 Information Disclosure 10336-9316 Information Disclosure 10336-4393 Information Disclosure 10336-9312 Information Disclosure 10336-9318 Information Disclosure 10486-10816 Information Disclosure 10724-10729 Information Disclosure 10724-10735 Information Disclosure 10724-10789 Information Disclosure 10724-10788 Information Disclosure 10724-10816 Information Disclosure 10724-10852 Information Disclosure 10724-10853 Low 10555-10378 Moderate 10486-10481 Moderate 10486-10482 Low 10486-10483 Moderate 10486-10484 Moderate 10486-10047 Moderate 10486-10048 Low 10486-10051 Moderate 10486-10729 Moderate 10486-10735 Moderate 10486-10789 Moderate 10486-10788 Moderate 10486-10852 Moderate 10486-10853 Moderate 10336-9316 Moderate 10336-4393 Low 10336-9312 Low 10336-9318 Moderate 10486-10816 Moderate 10724-10729 Moderate 10724-10735 Moderate 10724-10789 Moderate 10724-10788 Low 10724-10816 Moderate 10724-10852 Moderate 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10555-10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10555-10378 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10486-10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10048 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10486-10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10486-10051 Security Only 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9316 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-4393 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9312 Yes IE Cumulative 3197655 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197655 3191492 10336-9318 Yes IE Cumulative 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Masato Kinugawa via Google VRP 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7240 10724-10816 10724-10789 10724-10788 10724-10852 10724-10853 Remote Code Execution 10724-10816 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Moderate 10724-10816 Critical 10724-10789 Critical 10724-10788 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Natalie Silvanovich of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Browser Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> <p><strong>I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?</strong> Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.</p> <p><strong>Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?</strong> Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.</p> <p>For more information about EMET, see the <a href="https://technet.microsoft.com/security/jj653751">Enhanced Mitigation Experience Toolkit</a>.</p> Microsoft Browsers CVE-2016-7241 10724-10729 10724-10735 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 10486-10481 10486-10482 10486-10483 10486-10484 10486-10729 10486-10735 10486-10789 10486-10788 10486-10852 10486-10853 10486-10816 Remote Code Execution 10724-10729 Remote Code Execution 10724-10735 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Remote Code Execution 10486-10481 Remote Code Execution 10486-10482 Remote Code Execution 10486-10483 Remote Code Execution 10486-10484 Remote Code Execution 10486-10729 Remote Code Execution 10486-10735 Remote Code Execution 10486-10789 Remote Code Execution 10486-10788 Remote Code Execution 10486-10852 Remote Code Execution 10486-10853 Remote Code Execution 10486-10816 Critical 10724-10729 Critical 10724-10735 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Critical 10486-10481 Critical 10486-10482 Moderate 10486-10483 Critical 10486-10484 Critical 10486-10729 Critical 10486-10735 Critical 10486-10789 Critical 10486-10788 Critical 10486-10852 Critical 10486-10853 Moderate 10486-10816 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10729 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10735 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10481 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10482 6.4 6.1 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10483 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10484 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10729 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10735 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10789 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10788 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10852 7.5 7.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RC:C 10486-10853 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10724-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10482 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10486-10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10486-10483 Security Only 3197874 10486-10484 Yes Monthly Rollup 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10486-10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10486-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10853 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10486-10816 Yes Security Update Natalie Silvanovich of <a href="http://www.google.com/">Google Project Zero</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7242 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update <a href="www.weibo.com/babyboaes">Qixun Zhao</a> of <a href="http://skyeye.360safe.com/">Qihoo 360 Skyeye Labs</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Scripting Engine Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.</p> <p>The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.</p> Microsoft Edge CVE-2016-7243 10724-10789 10724-10788 10724-10816 10724-10852 10724-10853 Remote Code Execution 10724-10789 Remote Code Execution 10724-10788 Remote Code Execution 10724-10816 Remote Code Execution 10724-10852 Remote Code Execution 10724-10853 Critical 10724-10789 Critical 10724-10788 Moderate 10724-10816 Critical 10724-10852 Critical 10724-10853 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:N/A 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10789 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10788 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10816 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10852 4.2 3.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C 10724-10853 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10724-10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10724-10853 Yes Security Update Nicolas Joly of MSRCE UK 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Office Denial of Service Vulnerability <p>A denial of service vulnerability exists when a specially crafted file is opened in Microsoft Office. An attacker who successfully exploited the vulnerability could cause Office to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.</p> <p>For an attack to be successful, this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.</p> <p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p> <p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7244 10150 Denial of Service 10150 Important 10150 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Unlikely 3118396 https://www.microsoft.com/downloads/details.aspx?familyid=00db01c3-57b5-427d-a4df-36cadae7a105 3118300 10150 Maybe Security Update Dmitri Kaslov , Independent Security Researcher 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Office Memory Corruption Vulnerability <p>A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.</p> <p><strong>I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?</strong></p> <p>When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.</p> <p>For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.</p> <p>For more information on this behavior and recommended actions, see <a href="https://support.microsoft.com/kb/830335">Microsoft Knowledge Base Article 830335</a>. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.</p> Microsoft Office CVE-2016-7245 10521 10522 10603 10601 10602 10753 10754 10150 Remote Code Execution 10521 Remote Code Execution 10522 Remote Code Execution 10603 Remote Code Execution 10601 Remote Code Execution 10602 Remote Code Execution 10753 Remote Code Execution 10754 Remote Code Execution 10150 Important 10521 Important 10522 Important 10603 Important 10601 Important 10602 Important 10753 Important 10754 Important 10150 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 3115120 https://www.microsoft.com/downloads/details.aspx?familyid=954256d8-3517-445d-97ff-155701769ff6 2965310 10521 Maybe Security Update 3115120 https://www.microsoft.com/downloads/details.aspx?familyid=fb070b0a-20f8-4e22-8621-7f75ff4f7466 2965310 10522 Maybe Security Update 3115153 3039734 10603 Maybe Security Update 3115153 https://www.microsoft.com/downloads/details.aspx?familyid=4c88ad0b-066a-43c8-82e6-79b7265144e4 3039734 10601 Maybe Security Update 3115153 https://www.microsoft.com/downloads/details.aspx?familyid=2c0d5cc8-2628-4507-b126-3cb8339e7890 3039734 10602 Maybe Security Update 3115135 https://www.microsoft.com/downloads/details.aspx?familyid=d9634bdb-5bd9-43b5-9eae-73c167431ff4 10753 Maybe Security Update 3115135 https://www.microsoft.com/downloads/details.aspx?familyid=ed926c33-ea80-40c7-ac06-da90a9ce84b9 10754 Maybe Security Update 2986253 https://www.microsoft.com/downloads/details.aspx?familyid=bc98e9a2-c488-4254-8c42-cb99227e60d3 2687409 10150 Maybe Security Update Haifei Li of <a href="http://www.intelsecurity.com/">Intel Security</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p> Windows Kernel-Mode Drivers CVE-2016-7246 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 10050 10051 10049 10378 10379 10483 10543 10816 10855 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10789 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10788 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10050 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 7.8 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-104, 3185319; MS16-111, 3175024; MS16-116, 3184122 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update Anonymous, working with <a href="http://www.zerodayinitiative.com/">Trend Micro's Zero Day Initiative (ZDI)</a> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Secure Boot Component Security Feature Bypass Vulnerability <p>A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.</p> <p>To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.</p> <p>The security update addresses the vulnerability by revoking affected boot policies in the firmware. The revocation protection level depends upon platform firmware. The Windows event channel Microsoft-Windows-Kernel-Boot may be used to determine the protection level provided. Note that an additional reboot is needed to view the event:</p> <ul> <li>Windows versions prior to Windows 10 do not log the event by default. You must enable “analytic” logging for this channel prior to installation of the patch.</li> <li>Windows versions 10 and higher log the event by default. Event ID 155 indicates baseline protection. Event ID 154 indicates enhanced protection.</li> </ul> <p>For systems that provide baseline protection, firmware updates from your OEM may be available that upgrade systems to enhanced protection.</p> Boot Manager CVE-2016-7247 10816 10855 10729 10735 10789 10788 10852 10853 10481 10482 10484 10378 10379 10483 10543 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10789 Security Feature Bypass 10788 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10481 Security Feature Bypass 10482 Security Feature Bypass 10484 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 10816 Important 10855 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10481 Important 10482 Important 10484 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10816 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10855 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10729 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10735 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10789 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10788 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10852 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10853 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10481 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10482 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10484 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10378 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10379 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10483 6.2 5.4 CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:R 10543 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 1.1 2016-11-23T08:00:00Z <p>Revised bulletin to announce a detection change for certain servers running Windows Servers 2012, Windows Server 2012 R2, and Windows Server 2016. Affected servers will not automatically receive the security update. For more information about the servers affected by this detection change, see Knowledge Base Article 3193479.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates. ◦Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. ◦Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. ◦Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. ◦Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. ◦Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. ◦Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> Microsoft Video Control Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or application from either a webpage or an email message. The security update addresses the vulnerability by correcting how Microsoft Video Control handles objects in memory.</p> <p>Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.</p> Microsoft Video Control CVE-2016-7248 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 4393 9316 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10789 Remote Code Execution 10788 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 4393 Remote Code Execution 9316 Critical 10729 Critical 10735 Critical 10789 Critical 10788 Critical 10852 Critical 10853 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 4393 Critical 9316 Publicly Disclosed:No;Exploited:No 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3198218 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198218 3190847 4393 Yes Security Update 3198218 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198218 3190847 9316 Yes Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197873 for Windows 8.1. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> SQL RDBMS Engine Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.</p> <p>An attacker who successfully exploited this vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.</p> <p>The security update addresses the vulnerability by correcting how SQL Server handles pointer casting.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong> First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</p> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>3194719</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 GDR: November 8, 2016</td> <td>11.0.5058.0 - 11.0.5387.0</td> <td>MS15-058</td> </tr> <tr> <td>3194725</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 CU: November 8, 2016</td> <td>11.0.5500.0 - 11.0.5675.0</td> <td>SQL Server 2012 SP2 CU15</td> </tr> <tr> <td>3194721</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</td> <td>11.0.6020.0 - 11.0.6247.0</td> <td>SQL Server 2012 SP3</td> </tr> <tr> <td>3194724</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</td> <td>11.0.6300.0 - 11.0.6566.0</td> <td>SQL Server 2012 SP3 CU6</td> </tr> <tr> <td>3194720</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</td> <td>12.0.4100.0 - 12.0.4231.0</td> <td>Important Update for SQL Server 2014 SP1 (KB3070446)</td> </tr> <tr> <td>3194722</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</td> <td>12.0.4400.0 - 12.0.4486.0</td> <td>SQL Server 2014 SP1 CU9</td> </tr> <tr> <td>3194714</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</td> <td>12.0.5000.0 - 12.0.5202.0</td> <td>SQL Server 2014 SP2</td> </tr> <tr> <td>3194718</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</td> <td>12.0.5400.0 - 12.0.5531.0</td> <td>SQL Server 2014 SP2 CU2</td> </tr> <tr> <td>3194716</td> <td>MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</td> <td>13.0.1605.0 - 13.0.1721.0</td> <td>Critical Update for SQL Server 2016 Analysis Services (KB3179258)</td> </tr> <tr> <td>3194717</td> <td>MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</td> <td>13.0.2100.0 - 13.0.2182.0</td> <td>SQL Server 2016 CU3</td> </tr> </tbody> </table> <p>For additional installation instructions, see the Security Update Information subsection for your SQL Server edition in the <strong>Update Information</strong> section.</p> <p><strong>What are the GDR and CU update designations and how do they differ?</strong> The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that CU branches cumulatively include all updates for a given baseline, while GDR branches include only cumulative critical updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.</p> <p>For any given baseline, either the GDR or CU branch updates are options if you are at the baseline or have only installed a previous GDR update for that baseline. The CU branch is the only option if you have installed a previous SQL Server CU for the baseline you are on.</p> <p><strong>Will these security updates be offered to SQL Server clusters?</strong> Yes. The updates will also be offered to SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM instances that are clustered. Updates for SQL Server clusters will require user interaction. If the SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM cluster has a passive node, to reduce downtime, Microsoft recommends that you scan and apply the update to the inactive node first, then scan and apply it to the active node. When all components have been updated on all nodes, the update will no longer be offered.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong> Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server CVE-2016-7249 10946 10947 Elevation of Privilege 10946 Elevation of Privilege 10947 Important 10946 Important 10947 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:N/A 3194716 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194716 10946 Maybe Security Update 3194717 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194717 10947 Maybe Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> SQL RDBMS Engine Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.</p> <p>An attacker who successfully exploited this vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.</p> <p>The security update addresses the vulnerability by correcting how SQL Server handles pointer casting.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong> First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</p> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>3194719</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 GDR: November 8, 2016</td> <td>11.0.5058.0 - 11.0.5387.0</td> <td>MS15-058</td> </tr> <tr> <td>3194725</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 CU: November 8, 2016</td> <td>11.0.5500.0 - 11.0.5675.0</td> <td>SQL Server 2012 SP2 CU15</td> </tr> <tr> <td>3194721</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</td> <td>11.0.6020.0 - 11.0.6247.0</td> <td>SQL Server 2012 SP3</td> </tr> <tr> <td>3194724</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</td> <td>11.0.6300.0 - 11.0.6566.0</td> <td>SQL Server 2012 SP3 CU6</td> </tr> <tr> <td>3194720</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</td> <td>12.0.4100.0 - 12.0.4231.0</td> <td>Important Update for SQL Server 2014 SP1 (KB3070446)</td> </tr> <tr> <td>3194722</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</td> <td>12.0.4400.0 - 12.0.4486.0</td> <td>SQL Server 2014 SP1 CU9</td> </tr> <tr> <td>3194714</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</td> <td>12.0.5000.0 - 12.0.5202.0</td> <td>SQL Server 2014 SP2</td> </tr> <tr> <td>3194718</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</td> <td>12.0.5400.0 - 12.0.5531.0</td> <td>SQL Server 2014 SP2 CU2</td> </tr> <tr> <td>3194716</td> <td>MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</td> <td>13.0.1605.0 - 13.0.1721.0</td> <td>Critical Update for SQL Server 2016 Analysis Services (KB3179258)</td> </tr> <tr> <td>3194717</td> <td>MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</td> <td>13.0.2100.0 - 13.0.2182.0</td> <td>SQL Server 2016 CU3</td> </tr> </tbody> </table> <p>For additional installation instructions, see the Security Update Information subsection for your SQL Server edition in the <strong>Update Information</strong> section.</p> <p><strong>What are the GDR and CU update designations and how do they differ?</strong> The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that CU branches cumulatively include all updates for a given baseline, while GDR branches include only cumulative critical updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.</p> <p>For any given baseline, either the GDR or CU branch updates are options if you are at the baseline or have only installed a previous GDR update for that baseline. The CU branch is the only option if you have installed a previous SQL Server CU for the baseline you are on.</p> <p><strong>Will these security updates be offered to SQL Server clusters?</strong> Yes. The updates will also be offered to SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM instances that are clustered. Updates for SQL Server clusters will require user interaction. If the SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM cluster has a passive node, to reduce downtime, Microsoft recommends that you scan and apply the update to the inactive node first, then scan and apply it to the active node. When all components have been updated on all nodes, the update will no longer be offered.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong> Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server CVE-2016-7250 10936 10937 10938 10939 10940 10941 10942 10943 10946 10947 Elevation of Privilege 10936 Elevation of Privilege 10937 Elevation of Privilege 10938 Elevation of Privilege 10939 Elevation of Privilege 10940 Elevation of Privilege 10941 Elevation of Privilege 10942 Elevation of Privilege 10943 Elevation of Privilege 10946 Elevation of Privilege 10947 Important 10936 Important 10937 Important 10938 Important 10939 Important 10940 Important 10941 Important 10942 Important 10943 Important 10946 Important 10947 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 3194720 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194720 10936 Maybe Security Update 3194722 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194722 10937 Maybe Security Update 3194720 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194720 10938 Maybe Security Update 3194722 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194722 10939 Maybe Security Update 3194714 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194714 10940 Maybe Security Update 3194718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194718 10941 Maybe Security Update 3194718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194718 10942 Maybe Security Update 3194714 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194714 10943 Maybe Security Update 3194716 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194716 10946 Maybe Security Update 3194717 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194717 10947 Maybe Security Update Scott Sutherland of <a href="http://www.netspi.com/">netSPI<a/> 1.1 2020-05-27T07:00:00Z <p>Corrected security updates table. This is an informational change only.</p> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> MDS API XSS Vulnerability <p>A cross-site scripting vulnerability exists in SQL Server MDS that could allow an attacker to inject a client-side script into the user's browser instance. The vulnerability is caused when the SQL Server MDS does not properly validate a request parameter on the SQL Server site. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.</p> <p>To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.</p> <p>The security update addresses the vulnerability by correcting how SQL Server MDS validates the request parameter.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong> First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</p> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>3194719</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 GDR: November 8, 2016</td> <td>11.0.5058.0 - 11.0.5387.0</td> <td>MS15-058</td> </tr> <tr> <td>3194725</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 CU: November 8, 2016</td> <td>11.0.5500.0 - 11.0.5675.0</td> <td>SQL Server 2012 SP2 CU15</td> </tr> <tr> <td>3194721</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</td> <td>11.0.6020.0 - 11.0.6247.0</td> <td>SQL Server 2012 SP3</td> </tr> <tr> <td>3194724</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</td> <td>11.0.6300.0 - 11.0.6566.0</td> <td>SQL Server 2012 SP3 CU6</td> </tr> <tr> <td>3194720</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</td> <td>12.0.4100.0 - 12.0.4231.0</td> <td>Important Update for SQL Server 2014 SP1 (KB3070446)</td> </tr> <tr> <td>3194722</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</td> <td>12.0.4400.0 - 12.0.4486.0</td> <td>SQL Server 2014 SP1 CU9</td> </tr> <tr> <td>3194714</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</td> <td>12.0.5000.0 - 12.0.5202.0</td> <td>SQL Server 2014 SP2</td> </tr> <tr> <td>3194718</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</td> <td>12.0.5400.0 - 12.0.5531.0</td> <td>SQL Server 2014 SP2 CU2</td> </tr> <tr> <td>3194716</td> <td>MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</td> <td>13.0.1605.0 - 13.0.1721.0</td> <td>Critical Update for SQL Server 2016 Analysis Services (KB3179258)</td> </tr> <tr> <td>3194717</td> <td>MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</td> <td>13.0.2100.0 - 13.0.2182.0</td> <td>SQL Server 2016 CU3</td> </tr> </tbody> </table> <p>For additional installation instructions, see the Security Update Information subsection for your SQL Server edition in the <strong>Update Information</strong> section.</p> <p><strong>What are the GDR and CU update designations and how do they differ?</strong> The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that CU branches cumulatively include all updates for a given baseline, while GDR branches include only cumulative critical updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.</p> <p>For any given baseline, either the GDR or CU branch updates are options if you are at the baseline or have only installed a previous GDR update for that baseline. The CU branch is the only option if you have installed a previous SQL Server CU for the baseline you are on.</p> <p><strong>Will these security updates be offered to SQL Server clusters?</strong> Yes. The updates will also be offered to SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM instances that are clustered. Updates for SQL Server clusters will require user interaction. If the SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM cluster has a passive node, to reduce downtime, Microsoft recommends that you scan and apply the update to the inactive node first, then scan and apply it to the active node. When all components have been updated on all nodes, the update will no longer be offered.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong> Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server CVE-2016-7251 10946 10947 Elevation of Privilege 10946 Elevation of Privilege 10947 Important 10946 Important 10947 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:N/A;DOS:N/A 3194716 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194716 10946 Maybe Security Update 3194717 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194717 10947 Maybe Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft SQL Server Analysis Services Information Disclosure Vulnerability <p>An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.</p> <p>An attacker who successfully exploited the vulnerability could gain additional database and file information.</p> <p>The security update addresses the vulnerability by correcting how SQL Server Analysis Services enforces permissions.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong> First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</p> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>3194719</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 GDR: November 8, 2016</td> <td>11.0.5058.0 - 11.0.5387.0</td> <td>MS15-058</td> </tr> <tr> <td>3194725</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 CU: November 8, 2016</td> <td>11.0.5500.0 - 11.0.5675.0</td> <td>SQL Server 2012 SP2 CU15</td> </tr> <tr> <td>3194721</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</td> <td>11.0.6020.0 - 11.0.6247.0</td> <td>SQL Server 2012 SP3</td> </tr> <tr> <td>3194724</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</td> <td>11.0.6300.0 - 11.0.6566.0</td> <td>SQL Server 2012 SP3 CU6</td> </tr> <tr> <td>3194720</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</td> <td>12.0.4100.0 - 12.0.4231.0</td> <td>Important Update for SQL Server 2014 SP1 (KB3070446)</td> </tr> <tr> <td>3194722</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</td> <td>12.0.4400.0 - 12.0.4486.0</td> <td>SQL Server 2014 SP1 CU9</td> </tr> <tr> <td>3194714</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</td> <td>12.0.5000.0 - 12.0.5202.0</td> <td>SQL Server 2014 SP2</td> </tr> <tr> <td>3194718</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</td> <td>12.0.5400.0 - 12.0.5531.0</td> <td>SQL Server 2014 SP2 CU2</td> </tr> <tr> <td>3194716</td> <td>MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</td> <td>13.0.1605.0 - 13.0.1721.0</td> <td>Critical Update for SQL Server 2016 Analysis Services (KB3179258)</td> </tr> <tr> <td>3194717</td> <td>MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</td> <td>13.0.2100.0 - 13.0.2182.0</td> <td>SQL Server 2016 CU3</td> </tr> </tbody> </table> <p>For additional installation instructions, see the Security Update Information subsection for your SQL Server edition in the <strong>Update Information</strong> section.</p> <p><strong>What are the GDR and CU update designations and how do they differ?</strong> The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that CU branches cumulatively include all updates for a given baseline, while GDR branches include only cumulative critical updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.</p> <p>For any given baseline, either the GDR or CU branch updates are options if you are at the baseline or have only installed a previous GDR update for that baseline. The CU branch is the only option if you have installed a previous SQL Server CU for the baseline you are on.</p> <p><strong>Will these security updates be offered to SQL Server clusters?</strong> Yes. The updates will also be offered to SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM instances that are clustered. Updates for SQL Server clusters will require user interaction. If the SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM cluster has a passive node, to reduce downtime, Microsoft recommends that you scan and apply the update to the inactive node first, then scan and apply it to the active node. When all components have been updated on all nodes, the update will no longer be offered.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong> Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server CVE-2016-7252 10947 Information Disclosure 10947 Important 10947 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:N/A 3194717 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194717 10947 Maybe Security Update 1.1 2020-05-27T07:00:00Z <p>Corrected security updates table. This is an informational change only.</p> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft SQL Server Agent Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Microsoft SQL Server Engine when SQL Server Agent incorrectly checks ACLs on atxcore.dll. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.</p> <p>An attacker who successfully exploited the vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.</p> <p>The security update addresses the vulnerability by correcting how SQL Server Engine handles ACLs.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong> First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</p> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>3194719</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 GDR: November 8, 2016</td> <td>11.0.5058.0 - 11.0.5387.0</td> <td>MS15-058</td> </tr> <tr> <td>3194725</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 CU: November 8, 2016</td> <td>11.0.5500.0 - 11.0.5675.0</td> <td>SQL Server 2012 SP2 CU15</td> </tr> <tr> <td>3194721</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</td> <td>11.0.6020.0 - 11.0.6247.0</td> <td>SQL Server 2012 SP3</td> </tr> <tr> <td>3194724</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</td> <td>11.0.6300.0 - 11.0.6566.0</td> <td>SQL Server 2012 SP3 CU6</td> </tr> <tr> <td>3194720</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</td> <td>12.0.4100.0 - 12.0.4231.0</td> <td>Important Update for SQL Server 2014 SP1 (KB3070446)</td> </tr> <tr> <td>3194722</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</td> <td>12.0.4400.0 - 12.0.4486.0</td> <td>SQL Server 2014 SP1 CU9</td> </tr> <tr> <td>3194714</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</td> <td>12.0.5000.0 - 12.0.5202.0</td> <td>SQL Server 2014 SP2</td> </tr> <tr> <td>3194718</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</td> <td>12.0.5400.0 - 12.0.5531.0</td> <td>SQL Server 2014 SP2 CU2</td> </tr> <tr> <td>3194716</td> <td>MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</td> <td>13.0.1605.0 - 13.0.1721.0</td> <td>Critical Update for SQL Server 2016 Analysis Services (KB3179258)</td> </tr> <tr> <td>3194717</td> <td>MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</td> <td>13.0.2100.0 - 13.0.2182.0</td> <td>SQL Server 2016 CU3</td> </tr> </tbody> </table> <p>For additional installation instructions, see the Security Update Information subsection for your SQL Server edition in the <strong>Update Information</strong> section.</p> <p><strong>What are the GDR and CU update designations and how do they differ?</strong> The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that CU branches cumulatively include all updates for a given baseline, while GDR branches include only cumulative critical updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.</p> <p>For any given baseline, either the GDR or CU branch updates are options if you are at the baseline or have only installed a previous GDR update for that baseline. The CU branch is the only option if you have installed a previous SQL Server CU for the baseline you are on.</p> <p><strong>Will these security updates be offered to SQL Server clusters?</strong> Yes. The updates will also be offered to SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM instances that are clustered. Updates for SQL Server clusters will require user interaction. If the SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM cluster has a passive node, to reduce downtime, Microsoft recommends that you scan and apply the update to the inactive node first, then scan and apply it to the active node. When all components have been updated on all nodes, the update will no longer be offered.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong> Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server CVE-2016-7253 10704 10930 10931 10932 10705 10933 10934 10935 10936 10937 10938 10939 10940 10941 10942 10943 Elevation of Privilege 10704 Elevation of Privilege 10930 Elevation of Privilege 10931 Elevation of Privilege 10932 Elevation of Privilege 10705 Elevation of Privilege 10933 Elevation of Privilege 10934 Elevation of Privilege 10935 Elevation of Privilege 10936 Elevation of Privilege 10937 Elevation of Privilege 10938 Elevation of Privilege 10939 Elevation of Privilege 10940 Elevation of Privilege 10941 Elevation of Privilege 10942 Elevation of Privilege 10943 Important 10704 Important 10930 Important 10931 Important 10932 Important 10705 Important 10933 Important 10934 Important 10935 Important 10936 Important 10937 Important 10938 Important 10939 Important 10940 Important 10941 Important 10942 Important 10943 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Unlikely 3194719 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194719 10704 Maybe Security Update 3194725 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194725 10930 Maybe Security Update 3194721 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194721 10931 Maybe Security Update 3194724 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194724 10932 Maybe Security Update 3194719 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194719 10705 Maybe Security Update 3194725 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194725 10933 Maybe Security Update 3194721 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194721 10934 Maybe Security Update 3194724 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194724 10935 Maybe Security Update 3194720 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194720 10936 Maybe Security Update 3194722 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194722 10937 Maybe Security Update 3194720 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194720 10938 Maybe Security Update 3194722 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194722 10939 Maybe Security Update 3194714 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194714 10940 Maybe Security Update 3194718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194718 10941 Maybe Security Update 3194718 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194718 10942 Maybe Security Update 3194714 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194714 10943 Maybe Security Update 1.1 2020-05-27T07:00:00Z <p>Corrected security updates table. This is an informational change only.</p> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> SQL RDBMS Engine Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly handles pointer casting. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.</p> <p>An attacker who successfully exploited this vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.</p> <p>The security update addresses the vulnerability by correcting how SQL Server handles pointer casting.</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong> First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185. Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</p> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>3194719</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 GDR: November 8, 2016</td> <td>11.0.5058.0 - 11.0.5387.0</td> <td>MS15-058</td> </tr> <tr> <td>3194725</td> <td>MS16-136: Description of the security update for SQL Server 2012 SP2 CU: November 8, 2016</td> <td>11.0.5500.0 - 11.0.5675.0</td> <td>SQL Server 2012 SP2 CU15</td> </tr> <tr> <td>3194721</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 GDR: November 8, 2016</td> <td>11.0.6020.0 - 11.0.6247.0</td> <td>SQL Server 2012 SP3</td> </tr> <tr> <td>3194724</td> <td>MS16-136: Description of the security update for SQL Server 2012 Service Pack 3 CU: November 8, 2016</td> <td>11.0.6300.0 - 11.0.6566.0</td> <td>SQL Server 2012 SP3 CU6</td> </tr> <tr> <td>3194720</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 GDR: November 8, 2016</td> <td>12.0.4100.0 - 12.0.4231.0</td> <td>Important Update for SQL Server 2014 SP1 (KB3070446)</td> </tr> <tr> <td>3194722</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 1 CU: November 8, 2016</td> <td>12.0.4400.0 - 12.0.4486.0</td> <td>SQL Server 2014 SP1 CU9</td> </tr> <tr> <td>3194714</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 GDR: November 8, 2016</td> <td>12.0.5000.0 - 12.0.5202.0</td> <td>SQL Server 2014 SP2</td> </tr> <tr> <td>3194718</td> <td>MS16-136: Description of the security update for SQL Server 2014 Service Pack 2 CU: November 8, 2016</td> <td>12.0.5400.0 - 12.0.5531.0</td> <td>SQL Server 2014 SP2 CU2</td> </tr> <tr> <td>3194716</td> <td>MS16-136: Description of the security update for SQL Server 2016 GDR: November 8, 2016</td> <td>13.0.1605.0 - 13.0.1721.0</td> <td>Critical Update for SQL Server 2016 Analysis Services (KB3179258)</td> </tr> <tr> <td>3194717</td> <td>MS16-136: Description of the security update for SQL Server 2016 CU: November 8, 2016</td> <td>13.0.2100.0 - 13.0.2182.0</td> <td>SQL Server 2016 CU3</td> </tr> </tbody> </table> <p>For additional installation instructions, see the Security Update Information subsection for your SQL Server edition in the <strong>Update Information</strong> section.</p> <p><strong>What are the GDR and CU update designations and how do they differ?</strong> The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different update servicing branches in place for SQL Server. The primary difference between the two is that CU branches cumulatively include all updates for a given baseline, while GDR branches include only cumulative critical updates for a given baseline. A baseline can be the initial RTM release or a Service Pack.</p> <p>For any given baseline, either the GDR or CU branch updates are options if you are at the baseline or have only installed a previous GDR update for that baseline. The CU branch is the only option if you have installed a previous SQL Server CU for the baseline you are on.</p> <p><strong>Will these security updates be offered to SQL Server clusters?</strong> Yes. The updates will also be offered to SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM instances that are clustered. Updates for SQL Server clusters will require user interaction. If the SQL Server 2012 SP2/SP3, SQL Server 2014 SP1/SP2, and SQL Server 2016 RTM cluster has a passive node, to reduce downtime, Microsoft recommends that you scan and apply the update to the inactive node first, then scan and apply it to the active node. When all components have been updated on all nodes, the update will no longer be offered.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong> Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server CVE-2016-7254 10704 10931 10932 10705 10933 10934 10935 10930 Elevation of Privilege 10704 Elevation of Privilege 10931 Elevation of Privilege 10932 Elevation of Privilege 10705 Elevation of Privilege 10933 Elevation of Privilege 10934 Elevation of Privilege 10935 Elevation of Privilege 10930 Important 10704 Important 10931 Important 10932 Important 10705 Important 10933 Important 10934 Important 10935 Important 10930 Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely 3194719 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194719 10704 Maybe Security Update 3194721 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194721 10931 Maybe Security Update 3194724 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194724 10932 Maybe Security Update 3194719 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194719 10705 Maybe Security Update 3194725 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194725 10933 Maybe Security Update 3194721 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194721 10934 Maybe Security Update 3194724 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194724 10935 Maybe Security Update 3194725 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3194725 10930 Maybe Security Update 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p>An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.</p> Windows Kernel-Mode Drivers CVE-2016-7255 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 10855 4393 9316 10816 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10789 Elevation of Privilege 10788 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10047 Elevation of Privilege 10048 Elevation of Privilege 10481 Elevation of Privilege 10482 Elevation of Privilege 10484 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9311 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10050 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 10855 Elevation of Privilege 4393 Elevation of Privilege 9316 Elevation of Privilege 10816 Important 10729 Important 10735 Important 10789 Important 10788 Important 10852 Important 10853 Important 10047 Important 10048 Important 10481 Important 10482 Important 10484 Important 9312 Important 10287 Important 9311 Important 9318 Important 9344 Important 10050 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 10855 Important 4393 Important 9316 Important 10816 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation Detected 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10729 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10735 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10789 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10788 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10852 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10853 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10047 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10048 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10481 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10482 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10484 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 9312 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10287 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 9311 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 9318 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 9344 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10050 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10051 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10049 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10378 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10379 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10483 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10543 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 4393 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 9316 6.1 5.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C 10816 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9312 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 10287 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9311 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9318 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS11-019, 2511455; MS11-071, 2570947; MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-104, 3185319; MS16-111, 3175024; MS16-116, 3184122 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS16-051, 3154070; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 4393 Yes Security Update 3198234 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198234 3177725 9316 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update Feike Hacquebord, Peter Pi, and Brooks Li of <a href="http://www.trendmicro.com/">Trend Micro</a> Neel Mehta and Billy Leonard of <a href="http://www.google.com/">Google’s</a> Threat Analysis Group 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p> November 2016 Adobe Flash Security Update <p>This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin <a href="http://helpx.adobe.com/security/products/flash-player/apsb16-37.html">APSB16-37</a>:</p> <p>CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865</p> <p><strong>How could an attacker exploit these vulnerabilities?</strong> In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> <p>In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.</p> Adobe Flash Player ADV160009 10384-10481 10384-10482 10384-10378 10384-10483 10384-10484 10384-10729 10384-10735 10384-10789 10384-10788 10384-10852 10384-10853 10384-10816 Remote Code Execution 10384-10481 Remote Code Execution 10384-10482 Remote Code Execution 10384-10378 Remote Code Execution 10384-10483 Remote Code Execution 10384-10484 Remote Code Execution 10384-10729 Remote Code Execution 10384-10735 Remote Code Execution 10384-10789 Remote Code Execution 10384-10788 Remote Code Execution 10384-10852 Remote Code Execution 10384-10853 Remote Code Execution 10384-10816 Critical 10384-10481 Critical 10384-10482 Moderate 10384-10378 Moderate 10384-10483 Critical 10384-10484 Critical 10384-10729 Critical 10384-10735 Critical 10384-10789 Critical 10384-10788 Critical 10384-10852 Critical 10384-10853 Critical 10384-10816 Publicly Disclosed:No;Exploited:No 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10481 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10482 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10378 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10483 Yes Security Update 3202790 3201860 10384-10484 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10729 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10735 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10789 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10788 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10852 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10853 Yes Security Update 3202790 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3202790 3201860 10384-10816 Yes Security Update <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> may be helpful in your situation:</p> <ul> <li>In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a website that contains a webpage that is used to exploit any of these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or instant message that takes users to the attacker's website.</li> <li>Internet Explorer in the Windows 8-style UI will only play Flash content from sites listed on the Compatibility View (CV) list. This restriction requires an attacker to first compromise a website already listed on the CV list. An attacker could then host specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an instant message that takes users to the attacker's website, or by opening an attachment sent through email.</li> <li>By default, all supported versions of Microsoft Outlook and Windows Live Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables scripts and ActiveX controls, helps reduce the risk of an attacker being able to use any of these vulnerabilities to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of any of these vulnerabilities through the web-based attack scenario.</li> <li>By default, Internet Explorer on Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode that is known as <a href="https://technet.microsoft.com/library/dd883248.aspx">Enhanced Security Configuration</a>. This mode can help reduce the likelihood of the exploitation of these Adobe Flash Player vulnerabilities in Internet Explorer.</li> </ul> <p>Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.</p> <p><strong>Prevent Adobe Flash Player from running</strong> You can disable attempts to instantiate Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010, by setting the kill bit for the control in the registry.</p> <p><strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for the control in the registry, perform the following steps:</p> <ol> <li><p>Paste the following into a text file and save it with the .reg file extension.</p> <pre><code> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] &quot;Compatibility Flags&quot;=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] &quot;Compatibility Flags&quot;=dword:00000400 </code></pre> </li> <li><p>Double-click the .reg file to apply it to an individual system.</p> <p>You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection.</p> </li> </ol> <p><strong>Note</strong> You must restart Internet Explorer for your changes to take effect. <strong>Impact of workaround</strong>. There is no impact as long as the object is not intended to be used in Internet Explorer. <strong>How to undo the workaround.</strong> Delete the registry keys that were added in implementing this workaround. <strong>Prevent Adobe Flash Player from running in Internet Explorer through Group Policy</strong> <strong>Note</strong> The Group Policy MMC snap-in can be used to set policy for a machine, for an organizational unit, or for an entire domain. For more information about Group Policy, visit the following Microsoft Web sites:</p> <p><a href="https://technet.microsoft.com/library/hh831791">Group Policy Overview</a> <a href="https://technet.microsoft.com/library/cc737816%28v=ws.10%29.aspx">What is Group Policy Object Editor?</a> <a href="https://technet.microsoft.com/library/cc784165%28v=ws.10%29.aspx">Core Group Policy tools and settings</a></p> <p>To disable Adobe Flash Player in Internet Explorer through Group Policy, perform the following steps: <strong>Note</strong> This workaround does not prevent Flash from being invoked from other applications, such as Microsoft Office 2007 or Microsoft Office 2010.</p> <ol> <li>Open the Group Policy Management Console and configure the console to work with the appropriate Group Policy object, such as local machine, OU, or domain GPO.</li> <li>Navigate to the following node: <strong>Administrative Templates -&gt; Windows Components -&gt; Internet Explorer -&gt; Security Features -&gt; Add-on Management</strong></li> <li>Double-click <strong>Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects</strong>.</li> <li>Change the setting to Enabled.</li> <li>Click <strong>Apply</strong> and then click <strong>OK</strong> to return to the Group Policy Management Console.</li> <li>Refresh Group Policy on all systems or wait for the next scheduled Group Policy refresh interval for the settings to take effect. <strong>Prevent Adobe Flash Player from running in Office 2010 on affected systems</strong> <strong>Note</strong> This workaround does not prevent Adobe Flash Player from running in Internet Explorer. <strong>Warning</strong> If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in the article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.</li> </ol> <p>To disable Adobe Flash Player in Office 2010 only, set the kill bit for the ActiveX control for Adobe Flash Player in the registry using the following steps:</p> <ol> <li>Create a text file named Disable_Flash.reg with the following contents:</li> </ol> <pre><code> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM\Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}] &quot;Compatibility Flags&quot;=dword:00000400 </code></pre> <ol start="2"> <li>Double-click the .reg file to apply it to an individual system.</li> <li><strong>Note</strong> You must restart Internet Explorer for your changes to take effect. You can also apply this workaround across domains by using Group Policy. For more information about Group Policy, see the TechNet article, <a href="http://go.microsoft.com/fwlink/?LinkID=215719">Group Policy collection</a>. <strong>Prevent ActiveX controls from running in Office 2007 and Office 2010</strong></li> </ol> <p>To disable all ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, including Adobe Flash Player in Internet Explorer, perform the following steps:</p> <ol> <li>Click File, click Options, click Trust Center, and then click Trust Center Settings.</li> <li>Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications.</li> <li>Click OK to save your settings. <strong>Impact of workaround</strong>. Office documents that use embedded ActiveX controls may not display as intended. <strong>How to undo the workaround</strong>.</li> </ol> <p>To re-enable ActiveX controls in Microsoft Office 2007 and Microsoft Office 2010, perform the following steps:</p> <ol> <li>Click File, click Options, click Trust Center, and then click Trust Center Settings.</li> <li>Click ActiveX Settings in the left-hand pane, and then deselect Disable all controls without notifications.</li> <li>Click OK to save your settings. <strong>Set Internet and Local intranet security zone settings to &quot;High&quot; to block ActiveX Controls and Active Scripting in these zones</strong> You can help protect against exploitation of these vulnerabilities by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.</li> </ol> <p>To raise the browsing security level in Internet Explorer, perform the following steps:</p> <ol> <li>On the Internet Explorer <strong>Tools</strong> menu, click** Internet Option**s.</li> <li>In the <strong>Internet Options</strong> dialog box, click the <strong>Security</strong> tab, and then click <strong>Internet</strong>.</li> <li>Under <strong>Security level for this zone</strong>, move the slider to <strong>High</strong>. This sets the security level for all websites you visit to High.</li> <li>Click <strong>Local intranet</strong>.</li> <li>Under <strong>Security level for this zone</strong>, move the slider to <strong>High</strong>. This sets the security level for all websites you visit to High.</li> <li>Click <strong>OK</strong> to accept the changes and return to Internet Explorer. <strong>Note</strong> If no slider is visible, click <strong>Default Level</strong>, and then move the slider to <strong>High</strong>. <strong>Note</strong> Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High. <strong>Impact of workaround</strong>. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites on the Internet or an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in &quot;Add sites that you trust to the Internet Explorer Trusted sites zone&quot;. <strong>Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone</strong></li> </ol> <p>You can help protect against exploitation of these vulnerabilities by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:</p> <ol> <li>In Internet Explorer, click <strong>Internet Options</strong> on the <strong>Tools</strong> menu.</li> <li>Click the <strong>Security</strong> tab.</li> <li>Click <strong>Internet</strong>, and then click <strong>Custom Level</strong>.</li> <li>Under <strong>Settings</strong>, in the <strong>Scripting</strong> section, under <strong>Active Scripting</strong>, click <strong>Prompt</strong> or <strong>Disable</strong>, and then click <strong>OK</strong>.</li> <li>Click <strong>Local intranet</strong>, and then click <strong>Custom Level</strong>.</li> <li>Under <strong>Settings</strong>, in the <strong>Scripting</strong> section, under <strong>Active Scripting</strong>, click <strong>Prompt</strong> or <strong>Disable</strong>, and then click <strong>OK</strong>.</li> <li>Click <strong>OK</strong> to return to Internet Explorer, and then click <strong>OK</strong> again. <strong>Note</strong> Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly. <strong>Impact of workaround</strong>. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click <strong>Yes</strong> to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in &quot;Add sites that you trust to the Internet Explorer Trusted sites zone&quot;. <strong>Add sites that you trust to the Internet Explorer Trusted sites zone</strong> After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.</li> </ol> <p>To do this, perform the following steps:</p> <ol> <li>In Internet Explorer, click <strong>Tools</strong>, click <strong>Internet Options</strong>, and then click the <strong>Security</strong> tab.</li> <li>In the <strong>Select a web content zone to specify its current security settings</strong> box, click <strong>Trusted Sites</strong>, and then click <strong>Sites</strong>.</li> <li>If you want to add sites that do not require an encrypted channel, click to clear the <strong>Require server verification (https:) for all sites in this zone</strong> check box.</li> <li>In the <strong>Add this website to the zone</strong> box, type the URL of a site that you trust, and then click <strong>Add</strong>.</li> <li>Repeat these steps for each site that you want to add to the zone.</li> <li>Click <strong>OK</strong> two times to accept the changes and return to Internet Explorer. <strong>Note</strong> Add any sites that you trust not to take malicious action on your system. Two sites in particular that you may want to add are *<strong>.windowsupdate.microsoft.com</strong> and *<strong>.update.microsoft.com</strong>. These are the sites that will host the update, and they require an ActiveX control to install the update.</li> </ol> 1.1 2017-05-31T07:00:00Z <p>Changed identifier to reduce confusion with CVE IDs. This is an informational change only.</p> 1.0 2016-11-08T08:00:00Z <p>Information published.</p> Microsoft Graphics Remote Code Execution Vulnerability <p>A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.</li> <li>In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file.</li> </ul> <p>The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.</p> Microsoft Graphics Component CVE-2016-7256 10855 10729 10735 10789 10788 10852 10853 10047 10048 10481 10482 10484 9312 10287 9311 9318 9344 10050 10051 10049 10378 10379 10483 10543 10816 4393 9316 Remote Code Execution 10855 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10789 Remote Code Execution 10788 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10047 Remote Code Execution 10048 Remote Code Execution 10481 Remote Code Execution 10482 Remote Code Execution 10484 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9311 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10050 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 10816 Remote Code Execution 4393 Remote Code Execution 9316 Critical 10855 Critical 10729 Critical 10735 Critical 10789 Critical 10788 Critical 10852 Critical 10853 Critical 10047 Critical 10048 Critical 10481 Critical 10482 Critical 10484 Critical 9312 Critical 10287 Critical 9311 Critical 9318 Critical 9344 Critical 10050 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 10816 Critical 4393 Critical 9316 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Detected 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10855 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10729 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10735 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10789 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10788 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10852 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10853 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10047 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10048 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10481 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10482 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10484 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9312 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10287 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9311 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9318 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9344 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10050 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10051 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10049 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10378 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10379 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10483 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10543 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 10816 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 4393 8.8 7.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 9316 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10855 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10729 Yes Security Update 3198585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585 10735 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10789 Yes Security Update 3198586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586 10788 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10852 Yes Security Update 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10853 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10047 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3184122 10047 Yes Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10048 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10048 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10481 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10481 Yes Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10482 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10482 Security Only 3197874 10484 Yes Monthly Rollup 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9312 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 10287 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9311 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9318 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9344 Yes Security Update 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10050 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 MS15-020, 3033889; MS15-097, 3087039; MS15-111, 3088195; MS15-115, 3101746; MS15-121, 3081320; MS15-122, 3101246; MS16-005, 3124000; MS16-007, 3121918; MS16-008, 3121212; MS16-018, 3134214; MS16-026, 3140735; MS16-030, 3139940; MS16-031, 3140410; MS16-034, 3139852; MS16-060, 3153171; MS16-062, 3153199; MS16-073, 3161664; MS16-074, 3164033; MS16-098, 3177725; MS16-101, 3167679; MS16-111, 3175024; MS16-116, 3184122; MS11-071, 2570947 10050 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10051 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10051 Security Only 3197868 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197868 3185330 10049 Monthly Rollup 3197867 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197867 3185330 10049 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10378 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10378 Security Only 3197877 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197877 3197876 10379 Monthly Rollup 3197876 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197876 MS15-020, 3033889; MS15-097, 3087039; MS16-030, 3139940; MS16-044, 3146706; MS16-063, 3160005; MS16-073, 3161664; MS16-074, 3164033; MS16-084, 3170106; MS16-090, 3168965; MS16-092, 3170377; MS16-094, 3172727; MS16-095, 3175443; MS16-098, 3177725; MS16-101, 3177108; MS16-104, 3185319; MS16-110, 3187754 10379 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10483 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10483 Security Only 3197874 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197874 10543 Yes Monthly Rollup 3197873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3197873 10543 Security Only 3200970 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970 10816 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 4393 Yes Security Update 3203859 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3203859 3164033 9316 Yes Security Update <p><strong>Rename ATMFD.DLL</strong> For 32-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt: cd &quot;%windir%\system32&quot; takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll</li> <li>Restart the system.</li> </ol> <p>For 64-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt: cd &quot;%windir%\system32&quot; takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll cd &quot;%windir%\syswow64&quot; takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll</li> <li>Restart the system.</li> </ol> <p><strong>Optional procedure for Windows 8 and later operating systems (disable ATMFD):</strong> <strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the &quot;Changing Keys And Values&quot; Help topic in Registry Editor (Regedit.exe) or view the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe.</p> <p><strong>Method 1 (manually edit the system registry):</strong></p> <ol> <li>Run <strong>regedit.exe</strong> as Administrator.</li> <li>In Registry Editor, navigate to the following sub key (or create it) and set its DWORD value to 1: <code>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 1</code></li> <li>Close Registry Editor and restart the system.</li> </ol> <p><strong>Method 2 (use a managed deployment script):</strong></p> <ol> <li>Create a text file named ATMFD-disable.reg that contains the following text:</li> </ol> <pre><code> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] &quot;DisableATMFD&quot;=dword:00000001 </code></pre> <ol start="3"> <li>Run regedit.exe.</li> <li>In Registry Editor, click the <strong>File</strong> menu and then click <strong>Import</strong>.</li> <li>Navigate to and select the ATMFD-disable.reg file that you created in the first step. (<strong>Note</strong> If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to <strong>All Files</strong>).</li> <li>Click <strong>Open</strong> and then click <strong>OK</strong> to close Registry Editor.</li> </ol> <p><strong>Impact of workaround</strong>. Applications that rely on embedded font technology will not display properly. Disabling ATMFD.DLL could cause certain applications to stop working properly if they use OpenType fonts. Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change.</p> <p><strong>How to undo the workaround.</strong> For 32-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt:</li> </ol> <pre><code> cd &quot;%windir%\system32&quot; rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner &quot;NT SERVICE\TrustedInstaller&quot; icacls.exe . /restore atmfd.dll.acl </code></pre> <ol start="2"> <li>Restart the system.</li> </ol> <p>For 64-bit systems:</p> <ol> <li>Enter the following commands at an administrative command prompt:</li> </ol> <pre><code> cd &quot;%windir%\system32&quot; rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner &quot;NT SERVICE\TrustedInstaller&quot; icacls.exe . /restore atmfd.dll.acl cd &quot;%windir%\syswow64&quot; rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner &quot;NT SERVICE\TrustedInstaller&quot; icacls.exe . /restore atmfd.dll.acl </code></pre> <ol start="2"> <li>Restart the system.</li> </ol> <p><strong>Optional procedure for Windows 8 and later operating systems (enable ATMFD)</strong>: <strong>Note</strong> Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the &quot;Changing Keys And Values&quot; Help topic in Registry Editor (Regedit.exe) or view the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe.</p> <p><strong>Method 1 (manually edit the system registry):</strong></p> <ol> <li>Run <strong>regedit.exe</strong> as Administrator.</li> <li>In Registry Editor, navigate to the following sub key and set its DWORD value to 0: <code>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 0</code></li> <li>Close Registry Editor and restart the system.</li> </ol> <p><strong>Method 2 (use a managed deployment script):</strong></p> <ol> <li>Create a text file named <strong>ATMFD-enable.reg</strong> that contains the following text:</li> </ol> <pre><code> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] &quot;DisableATMFD&quot;=dword:00000000 </code></pre> <ol start="2"> <li>Run regedit.exe.</li> <li>In Registry Editor, click the <strong>File</strong> menu and then click <strong>Import</strong>.</li> <li>Navigate to and select the <strong>ATMFD-enable.reg</strong> file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to <strong>All Files</strong>).</li> <li>Click <strong>Open</strong> and then click <strong>OK</strong> to close Registry Editor.</li> </ol> Kijong Son of KrCERT/CC in Korean Internet & Security Agency (KISA) 1.0 2016-11-08T08:00:00Z <p>Information published.</p> 2.0 2016-12-13T08:00:00Z <p>Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.</p> <p>• Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867. • Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868. • Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876. • Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. • Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873. • Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.</p> <p>These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.</p>