Home > Microsoft Security > Microsoft Security Bulletin June 2016

Microsoft Security Bulletin June 2016

Contents

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! The vulnerabilities could allow remote code execution if a user visits a specially crafted website. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. http://technologyprometheus.com/microsoft-security/microsoft-security-bulletin-may-2016.html

To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. This is an informational change only. Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to other

Microsoft Security Bulletin June 2016

You’ll be auto redirected in 1 second. How do I use this table? Note You may have to install several security updates for a single vulnerability. This is an informational change only.

Other versions are past their support life cycle. Not applicable Not applicable Not applicable MS16-094: Security Update for Secure Boot (3177404) CVE-2016-3287 Secure Boot Security Feature Bypass 1 - Exploitation More Likely 1 - Exploitation More Likely Not applicable The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. Microsoft Patch Tuesday July 2016 Security Advisories and Bulletins Security Bulletin Summaries 2016 2016 MS16-APR MS16-APR MS16-APR MS16-DEC MS16-NOV MS16-OCT MS16-SEP MS16-AUG MS16-JUL MS16-JUN MS16-MAY MS16-APR MS16-MAR MS16-FEB MS16-JAN TOC Collapse the table of content Expand

Other versions are past their support life cycle. Critical Remote Code Execution May require restart 3148775 Microsoft Office,Microsoft Office Services and Web Apps MS16-044 Security Update for Windows OLE (3146706) This security update resolves a vulnerability in Microsoft Windows. We appreciate your feedback. https://technet.microsoft.com/en-us/library/security/ms16-jun.aspx Version:1.0File Name:BulletinSearch.xlsxBulletinSearch2001-2008.xlsxMSRC-CVRF.zipDate Published:12/13/2016File Size:1.9 MB506 KB1.8 MB This download offers the following items: 1.

When you try to access a domain DFS namespace (such as \\contoso.com\SYSVOL) on a computer that is configured to require mutual authentication (by using the UNC Hardened Access feature), you receive Microsoft Patch Tuesday August 2016 For more information about this by-design behavior change, see Microsoft Knowledge Base Article 3163622. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. We appreciate your feedback.

Microsoft Patch Tuesday Schedule

Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. Security Advisories and Bulletins Security Bulletin Summaries 2016 2016 MS16-JUL MS16-JUL MS16-JUL MS16-DEC MS16-NOV MS16-OCT MS16-SEP MS16-AUG MS16-JUL MS16-JUN MS16-MAY MS16-APR MS16-MAR MS16-FEB MS16-JAN TOC Collapse the table of content Expand Microsoft Security Bulletin June 2016 An attacker could exploit the vulnerability to execute malicious code. Microsoft Security Bulletin May 2016 Security Bulletins 2016 For bulletin summaries that list the security bulletins released for each month see Security Bulletin Summaries.

This documentation is archived and is not being maintained. http://technologyprometheus.com/microsoft-security/microsoft-patch-tuesday-june-2016.html Please note that the 3138327 update for Microsoft Outlook 2016 for Mac was not released on March 16. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. No updated version of the Microsoft Windows Malicious Software Removal Tool is available for out-of-band security bulletin releases. Microsoft Security Bulletin July 2016

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. The Update Compatibility Evaluator components included with Application Compatibility Toolkit aid in streamlining the testing and validation of Windows updates against installed applications. check over here Important Denial of Service Requires restart --------- Microsoft Windows MS16-082 Security Update for Microsoft Windows Search Component (3165270)This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. Microsoft Security Bulletin August 2016 Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates.

IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community.

Support The affected software listed has been tested to determine which versions are affected. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and Microsoft Security Patches Other Information Microsoft Windows Malicious Software Removal Tool For the bulletin release that occurs on the second Tuesday of each month, Microsoft has released an updated version of the Microsoft Windows

You should review each software program or component listed to see whether any security updates pertain to your installation. The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. Critical Remote Code Execution Requires restart --------- Microsoft Windows MS16-072 Security Update for Group Policy (3163622)This security update resolves a vulnerability in Microsoft Windows. this content The vulnerability could allow remote code execution if an authenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.

To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners listed in Microsoft Active Protections Program (MAPP) Partners. See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]> TechNet Products Products Windows Windows Server System Center Browser V1.1 (April 13, 2016): Added a Known Issues reference to the Executive Summaries table for MS16-039. Important Elevation of Privilege Requires restart --------- Microsoft Windows MS16-048 Security Update for CSRSS (3148528)This security update resolves a vulnerability in Microsoft Windows.

CVE ID                     Vulnerability Title Exploitability Assessment forLatest Software Release Exploitability Assessment forOlder Software Release Denial of ServiceExploitability Assessment MS16-063: Cumulative Security Update for Internet Explorer (3163649) CVE-2016-0199 Internet Explorer Memory Corruption Vulnerability 1 - Exploitation More Likely 1 - Exploitation More Likely Not applicable  Note You may have to install several security updates for a single vulnerability. Not applicable Not applicable Not applicable MS16-065: Security Update for .NET Framework (3156757) CVE-2016-0149 TLS/SSL Information Disclosure Vulnerability 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not applicable MS16-066: Security Update You can find them most easily by doing a keyword search for "security update".

Use these tables to learn about the security updates that you may need to install. If a software program or component is listed, then the severity rating of the software update is also listed. V2.2 (August 09, 2016): For MS16-077, bulletin revised to include an additional vulnerability, CVE-2016-3299. Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!

Critical Remote Code Execution Requires restart --------- Microsoft Windows MS16-056 Security Update for Windows Journal (3156761)This security update resolves a vulnerability in Microsoft Windows. Windows Operating Systems and Components (Table 2 of 2) Windows Vista Bulletin Identifier                                                  MS16-045 MS16-046 MS16-047 MS16-048 MS16-049 MS16-050 Aggregate Severity Rating None None Important None None None Windows Vista Service