Home > Microsoft Security > December 2016 Microsoft Patches

December 2016 Microsoft Patches

Contents

V1.1 (December 9, 2015): Bulletin Summary revised to correct the Exploitability Assessment for CVE-2015-6124. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows In the columns below, "Latest Software Release" refers to the subject software, and "Older Software Releases" refers to all older, supported releases of the subject software, as listed in the "Affected Critical Remote Code ExecutionMay require restartMicrosoft Office MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)   This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability Check This Out

Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2017 Microsoft © 2017 Microsoft https://technet.microsoft.com/en-us/library/security/ms10-dec.aspx

December 2016 Microsoft Patches

Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion Other versions are past their support life cycle. Back to Top Cisco Security Center To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners listed in Microsoft Active Protections Program (MAPP) Partners.

You can find them most easily by doing a keyword search for "security update". For more information about Configuration Manager, visit System Center Configuration Manager. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Kb3205401 Microsoft Message Queuing (MSMQ) must be installed and the Windows Pragmatic General Multicast (PGM) protocol specifically enabled for a system to be vulnerable.

An attacker would have to convince users to visit the website, typically by getting them to click a link in an email message that takes them to the attacker's website. Microsoft December Patch Tuesday 2016 Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems. The next release of SMS, System Center Configuration Manager 2007, is now available; see the earlier section, System Center Configuration Manager 2007. https://technet.microsoft.com/en-us/library/security/ms16-dec.aspx For more information see the TechNet Update Management Center.

Visit the Microsoft website to acquire the fixes. Ms16-144 Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack) to install these updates. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Security updates are also available at the Microsoft Download Center.

Microsoft December Patch Tuesday 2016

Impact:An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. https://technet.microsoft.com/en-us/library/security/ms13-dec.aspx To view the vulnerability signature version in your account, from the QualysGuard HOME menu, select the Account Info tab. December 2016 Microsoft Patches For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Ms16-146 An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-august-2016.html Important Remote Code ExecutionMay require restartMicrosoft Windows MS10-098 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) This security update resolves one publicly disclosed vulnerability and several privately reported CVP 4.x and 7.0 components tested on Windows Server 2003 SP2. This security update is rated Moderate for Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems. Kb3207752

An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-march-2016.html Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Ms16-149 Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Updates from Past Months for Windows Server Update Services.

For details on affected software, see the next section, Affected Software. For information about these and other tools that are available, see Security Tools for IT Pros.  Acknowledgments Microsoft recognizes the efforts of those in the security community who help us protect Solution:Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 1 and Ms16-148 The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.

This vulnerability allows attackers to execute arbitrary code on the user's system. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.The vulnerability could allow remote code execution if a user These vulnerabilities have been publicly disclosed. http://itivityglobal.com/microsoft-security/microsoft-security-bulletin-october-2016.html However, as a defense-in-depth measure, Microsoft recommends that customers of this software apply this security update to help protect against any possible new attack vectors identified in the future.   Microsoft

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion How do I use this table? CTI OS 7.2(7) 7.5(9) 8.0(3) Y CTI OS 7.x components tested on Windows Server 2003 R2 SP2; Agent Desktop 7.2 tested on Windows XP SP3; Agent Desktop 7.5 tested on Windows

Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Solution:Patch: Following are links for downloading patches to fix the vulnerabilities:

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 The affected control path is then triggered when the user navigates to the share in Windows Explorer, allowing the specially crafted font to take complete control over an affected system. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

You can find them most easily by doing a keyword search for "security update". Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)This security update Critical Remote Code Execution May require restart --------- Microsoft Office MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162) This security update resolves vulnerabilities in Microsoft Windows. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates.

Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and For more information, see Microsoft Knowledge Base Article 913086. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. This can trigger incompatibilities and increase the time it takes to deploy security updates.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To resolve the issue, install hotfix 3125446. Page generated 2014-12-05 14:49Z-08:00. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, pci compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.