6 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms16-aug
Aug 9, 2016 - "This bulletin summary lists security bulletins released for August 2016...
(Total of -9-)

Microsoft Security Bulletin MS16-095 - Critical
Cumulative Security Update for Internet Explorer (3177356)
- https://technet.micr...curity/MS16-095
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-096 - Critical
Cumulative Security Update for Microsoft Edge (3177358)
- https://technet.micr...curity/MS16-096
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-097 - Critical
Security Update for Microsoft Graphics Component (3177393)
- https://technet.micr...curity/MS16-097
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Communications Platforms and Software

Microsoft Security Bulletin MS16-098 - Important
Security Update for Windows Kernel-Mode Drivers (3178466)
- https://technet.micr...curity/MS16-098
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-099 - Critical
Security Update for Microsoft Office (3177451)
- https://technet.micr...curity/MS16-099
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-100 - Important
Security Update for Secure Boot (3179577)
- https://technet.micr...curity/MS16-100
Important - Security Feature Bypass - Does not require restart - Microsoft Windows

Microsoft Security Bulletin MS16-101 - Important
Security Update for Windows Authentication Methods (3178465)
- https://technet.micr...curity/MS16-101
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-102 - Critical
Security Update for Microsoft Windows PDF Library (3182248)
- https://technet.micr...curity/MS16-102
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-103 - Important
Security Update for ActiveSyncProvider (3182332)
- https://technet.micr...curity/MS16-103
Important - Information Disclosure - Requires restart - Microsoft Windows
___

MS16-095: http://www.securityt....com/id/1036562
MS16-096: http://www.securityt....com/id/1036569
MS16-097: http://www.securityt....com/id/1036564
MS16-098: http://www.securityt....com/id/1036572
MS16-099: http://www.securityt....com/id/1036559
MS16-100: http://www.securityt....com/id/1036573
MS16-101: http://www.securityt....com/id/1036576
MS16-102: http://www.securityt....com/id/1036561
MS16-103: http://www.securityt....com/id/1036577
___

- https://blogs.techne...update-release/
Aug 9, 2016

- https://technet.micr...y/mt631688.aspx

Microsoft Security Advisory 3179528
Update for Kernel Mode Blacklist
- https://technet.micr...ty/3179528.aspx
Aug 9, 2016

August 2016 Office Update Release
- https://blogs.techne...update-release/
Aug 9, 2016 - "... This month, there are -28- security updates (3 bulletins) and 40 non-security updates.
Security bulletins:
    MS16-054 - https://technet.micr...y/ms16-054.aspx
    MS16-097 - https://technet.micr...y/ms16-097.aspx
    MS16-099 - https://technet.micr...y/ms16-099.aspx
All of the security and non-security updates for August are listed in KB article 3181038:
> http://support.micro....com/kb/3181038
A new version of Office 2013 Click-To-Run is available: 15.0.4849.1003
A new version of Office 2010 Click-To-Run is available: 14.0.7172.5001
A new version of Office 2013 Click-To-Run is available: 15.0.4849.1003
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases:
> https://technet.micr.../en-us/mt465751

Non-Security Office Update Release - August 2016
- https://blogs.techne...update-release/
Aug 2, 2016
___

ISC Analysis
- https://isc.sans.edu...wday=2016-08-09
Aug 9, 2016

Qualys Analysis
- https://blog.qualys....day-august-2016
Aug 9, 2016

.

Edited by AplusWebMaster, 10 August 2016 - 05:52 AM.

[AplusWebMaster]

FYI...

Installing Win10 1607 proves to be a mixed bag
- http://windowssecret...be-a-mixed-bag/
Aug 10, 2016

- http://www.infoworld...1024017071.html
Aug 10, 2016

August I/E patch is incomplete
- http://windowssecret...ugust-patching/
Aug 10, 2016
 

  

Edited by AplusWebMaster, 11 August 2016 - 09:51 AM.

[AplusWebMaster]

FYI...

MS16-098: Description of the security update for Windows kernel-mode drivers...
- http://www.infoworld...kb-3176493.html
Aug 15, 2016 - "... Microsoft's latest Patch Tuesday bug appears to affect Vista, Windows 7, 8.1, RT 8.1, as well as Server 2008, 2008 R2, 2012, and 2012 R2. More than that, it appears to clobber all versions of Windows 10. In other words, if you applied the latest cumulative update to any version of Windows 10, your printer won't work right...
Microsoft has admitted to distributing the bug, but there's no indication when it will issue a fix..."
* https://answers.micr...04633262?auth=1
Dan Mattson - Microsoft: "... we are actively investigating this issue and have updated some of the KB articles involved with a 'Known Issues' section:
"After you apply this security update and you print multiple documents in succession, the first two documents may print successfully. However, the third and subsequent documents may not print."
Links: https://support.micr...n-us/kb/3177725
- https://support.micr...n-us/kb/3178466
If publicly available information on this topic changes, we will provide an update here as well."

- https://support.micr...n-us/kb/3177725
Last Review: 08/12/2016 17:37:00 - Rev: 3.0
- https://support.micr...n-us/kb/3178466
Last Review: 08/12/2016 17:38:00 - Rev: 3.0
 

Edited by AplusWebMaster, 17 August 2016 - 01:54 PM.

[AplusWebMaster]

FYI...

> https://technet.micr...y/ms16-aug.aspx
Updated: August 18, 2016 - Version: 1.4
Revisions:
V1.0 (August 9, 2016): Bulletin Summary published.
V1.1 (August 10, 2016): For MS16-101, Bulletin Summary revised to correct the security impact for CVE-2016-3237 from elevation of privilege to security feature bypass. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
V1.2 (August 11, 2016): For MS16-102, Bulletin Summary revised to remove Windows Server 2012 R2 (Server Core installation) from the affected software table because the Server Core version of Windows Server 2012 R2 is not affected. These are informational changes only. Customers who have already successfully installed the update do not need to take any action.
V1.3 (August 12, 2016): For MS16-102, Bulletin Summary revised to remove Windows 10 version 1607 from the affected software table because it is not affected. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
V1.4 (August 18, 2016): For MS16-095, MS16-096, MS16-097, MS16-098, MS16-101, MS16-102, and MS16-103, Bulletin Summary revised to add 'Known Issues' references to the Executive Summaries table. See the relevant Knowledge Base articles for more information.

MS16-097: https://support.micr...n-us/kb/3177393
"... articles may contain 'known issue' information"
MS16-098: https://support.micr...n-us/kb/3178466
"Known issues: After you apply this security update and you print multiple documents in succession, the first two documents may print successfully. However, the third and subsequent documents may not print."
MS16-101: https://support.micr...n-us/kb/3179577
"... articles may contain 'known issue' information"
MS16-102: https://support.micr...n-us/kb/3182248
"... articles may contain 'known issue' information"
MS16-103: https://support.micr...n-us/kb/3182332
"... articles may contain 'known issue' information"
 

  

Edited by AplusWebMaster, 19 August 2016 - 12:18 PM.

[AplusWebMaster]

FYI...

Print functionality is broken after any of the MS16-098 security updates are installed
- https://support.micr...n-us/kb/3187022
Last Review: 08/30/2016 16:24:00 - Rev: 3.0
"Prerequisites: To apply this update, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed in Windows 8.1 or Windows Server 2012 R2.
Or, install Service Pack 1 for Windows 7 or Windows Server 2008 R2..."
___

Fix for print bug in MS16-098 for Win7 and 8.1 – not Win10
> http://www.infoworld...windows-10.html
Aug 25, 2016 - "... Microsoft rolled out a fix to the bug and assigned a different KB number, KB 3187022:
'Print functionality is broken after any of the MS16-098 security updates are installed'
If you're running Windows 7, Win8.1, or WinRT, that patch should've appeared last night in your Windows Update queue. But here's the rub. Microsoft didn't release the fix for Windows 10 in any version. Instead, Win10 users are stuck with the bug... Vista users, it seems, aren't in the picture..."
 

Edited by AplusWebMaster, 10 September 2016 - 06:50 AM.

[AplusWebMaster]

FYI...

Description of Software Update Services and Windows Server Update Services changes in content for 2016
- https://support.micr...en-us/kb/894199
Last Review: 08/30/2016 16:24:00 - Rev: 36.0
[See] "... summary of the new and changed content scheduled for release on Tuesday, August 30, 2016..."
> https://support.micr...99#bookmark-ref
___

MS Security Bulletin MS16-099 - Critical
Security Update for Microsoft Office (3177451)
- https://technet.micr...curity/MS16-099
Revisions:
V1.0 (August 9, 2016): Bulletin published.
V1.1 (August 11, 2016): Bulletin revised to correct the Updates Replaced entries for Microsoft Word Viewer updates 3115479 and 3115480. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
V2.0 (August 22, 2016): Bulletin revised to announce the availability of the 14.6.7 update for Microsoft Office for Mac 2011 (3179162) and the 15.25 update for Microsoft Office 2016 for Mac (3179163). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3179162 and Microsoft Knowledge Base Article 3179163 for more information and download links.
___

MS Security Bulletin MS16-102 - Critical
Security Update for Microsoft Windows PDF Library (3182248)
- https://technet.micr...curity/MS16-102
Revisions:
V1.0 (August 9, 2016): Bulletin published.
V1.1 (August 11, 2016): Bulletin revised to remove Windows Server 2012 R2 (Server Core installation) from the affected software table because the Server Core version of Windows Server 2012 R2 is not affected. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
V1.2 (August 12, 2016): Bulletin revised to correct the updates replaced for Window 8.1, Windows Server 2012, and Windows Server 2012 R2. Bulletin revised to remove Windows 10 version 1607 from the affected software table because it is not affected. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
___

> https://blogs.techne...ervicing-model/
Aug 30, 2016 - "... a discussion on the upcoming changes to our monthly patch releases to align down-level supported operating systems, updating practices to coincide with the Windows 10 Service Model... Beginning in October 2016 onwards, don’t expect to see individual KB’s but instead expect to see the following in the monthly patch release cycle:
1. Security-Only Update:
- Collects all of the security patches for that month into a single update
2. Cumulative Update:
- Security Updates from previous bullet point
- Collective update of all Updates, Rollups, Bug Fixes, and Security Updates
3. .Net Framework Security-Only Update:
- Contains only security updates
4. .Net Framework Rollup
- .Net Framework Security Updates from Previous Bullet Point
- Reliability updates
This change brings up a key question: 'With the new Windows as a Service: Service Model, can we back out a single patch (KB) if it causes issues since they are all rolled up?' The short answer is 'No', you can’t control which KB’s can be applied, so the complete roll up would need to be backed out. But the answer is more complex than a simple no. The point of rollups is to correct the fragmentation caused by systems containing a mix of individual updates. It will not be possible to uninstall specific KB’s of a rollup. If there is a problem the partner will need to open up a case and provide business justification to drive the discussion with Microsoft..."
 

Edited by AplusWebMaster, 31 August 2016 - 01:45 PM.

[AplusWebMaster]

FYI...

Windows Journal update for Vista SP2
- https://support.micr...n-us/kb/3185662
Last Review: 09/06/2016 16:06:00 - Rev: 1.0