6 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms16-oct
Oct 11, 2016 - "This bulletin summary lists security bulletins released for October 2016...

Microsoft Security Bulletin MS16-118 - Critical
Cumulative Security Update for Internet Explorer (3192887)
- https://technet.micr...curity/MS16-118
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS16-119 - Critical
Cumulative Security Update for Microsoft Edge (3192890)
- https://technet.micr...curity/MS16-119
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft Edge

Microsoft Security Bulletin MS16-120 - Critical
Security Update for Microsoft Graphics Component (3192884)
- https://technet.micr...curity/MS16-120
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync.

Microsoft Security Bulletin MS16-121 - Important
Security Update for Microsoft Office (3194063)
- https://technet.micr...curity/MS16-121
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services and Web Apps

Microsoft Security Bulletin MS16-122 - Critical
Security Update for Microsoft Video Control (3195360)
- https://technet.micr...curity/MS16-122
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-123 - Important
Security Update for Windows Kernel-Mode Drivers (3192892)
- https://technet.micr...curity/MS16-123
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-124 - Important
Security Update for Windows Registry (3193227)
- https://technet.micr...curity/MS16-124
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-125 - Important
Security Update for Diagnostics Hub (3193229)
- https://technet.micr...curity/MS16-125
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-126 - Moderate
Security Update for Microsoft Internet Messaging API (3196067)
- https://technet.micr...curity/MS16-126
Moderate - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS16-127 - Critical
Security Update for Adobe Flash Player (3194343)
- https://technet.micr...curity/MS16-127
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Adobe Flash Player
___

Re-released:

Compatibility update for keeping Windows up-to-date in Windows 7
- https://support.micr...n-us/kb/2952664
"This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate compatibility on the Windows ecosystem and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update..."
Last Review: 10/11/2016 16:06:00 - Rev. 27.0
Applies to: Windows 7 Service Pack 1
___

MS16-118: http://www.securityt....com/id/1036992
MS16-119: http://www.securityt....com/id/1036993
MS16-120: http://www.securityt....com/id/1036988
MS16-121: http://www.securityt....com/id/1036984
MS16-122: http://www.securityt....com/id/1036983
MS16-123: http://www.securityt....com/id/1036996
MS16-124:
MS16-125: http://www.securityt....com/id/1036997
MS16-126:
MS16-127: http://www.securityt....com/id/1036985
___

- https://blogs.techne...update-release/
Oct 11, 2016

Oct 2016 Office Update Release
- https://blogs.techne...update-release/
Oct 11, 2016 - "... This month, there are -16- security updates (2 bulletins) and 32 non-security updates.
Security bulletins:
MS16-120: https://technet.micr...y/ms16-120.aspx
MS16-121: https://technet.micr...y/ms16-121.aspx
All of the security and non-security updates for October are listed in KB article 3194160:
- https://support.micr...n-us/kb/3194160
A new version of Office 2013 Click-To-Run is available: 15.0.4867.1003
A new version of Office 2010 Click-To-Run is available: 14.0.7174.5001
For information on Office 365 Click-To-Run updates, see Office 365 client update branch releases*."
* https://technet.micr.../en-us/mt465751

.NET Framework Monthly Rollups Explained
- https://blogs.msdn.m...lups-explained/
Oct 11, 2016
___

ISC Analysis: https://isc.sans.edu...l?storyid=21581
2016-10-11 - "Microsoft published -nine- bulletins plus one bulletin affecting Adobe Flash. These bulletins fix 43 vulnerabilities in Microsoft software, and 11 in Flash. Several of the bulletins address vulnerabilities that are already exploited in the wild. Most of these vulnerabilities are information disclosure vulnerabilities. One of them, CVE 2016-3393 is a remote code execution vulnerability which is why I labeled it as "Patch Now"... summary here:
- https://isc.sans.edu...wday=2016-10-11 "

Qualys Analysis: https://blog.qualys....ive-0-day-fixes
Oct 11, 2016 - "Today Microsoft started rolling out a new way to patch systems, and I explain the different components which are included and their timeline:
> Patch Tuesday (second Tuesday of every month or B week): Two main components will be released on Patch Tuesday:
- A security-only update: This is a single update containing all new security fixes for that month. It will be released on Windows Server Update Services (WSUS) where it can be consumed by other tools like ConfigMgr, and the Windows Update Catalog. This package will NOT be available for consumer PCs which get updated via Windows Update.
- A security monthly rollup: A single update containing all new security fixes for that month (same as the security-only update) as well as fixes from all previous monthly rollups. This will be available for consumer PCs which get updated via Windows Update.
> Third Tuesday of every month (C Week): This is a monthly rollup containing a preview of new non-security fixes that will be included in the next monthly rollup, as well as fixes from all previous monthly rollup.  This is included for users to test their systems before next month. This will be available on WSUS, Windows update and Windows Update Catalog.
Internet Explorer updates are included in the security-only -and- monthly security rollup. .NET will follow a similar formula as monthly rollup and security-only updates.
Since today is Patch Tuesday i.e. B week or second Tuesday week, here is a list of security fixes that administrators should focus on:
A total of ten security updates were released affecting Browsers, Office, GDI, Kernel Drivers, Registry, Messaging and also update for Adobe Flash. Five updates are critical, four are important while one is moderate.  What’s interesting is that five updated have at least one vulnerability each which a fixes a 0-day. These are the vulnerabilities that are already actively exploited in the wild..."

.

Edited by AplusWebMaster, 12 October 2016 - 03:56 AM.

[AplusWebMaster]

FYI...

October 2016 'security monthly' quality rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
"Summary: This security updates includes improvements and fixes from an update that was shipped earlier by update 3185278. To learn more about the non-security improvements and fixes in this update, see the September 20, 2016 — 3185278 section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history.
This security update also resolves the following vulnerabilities in Windows:
    MS16-101 Security update for Windows authentication methods
    MS16-118 Cumulative security update for Internet Explorer
    MS16-120 Security update for Microsoft graphics component
    MS16-122 Security update for Microsoft video control
    MS16-123 Security update for kernel-mode drivers
    MS16-124 Security update for Windows registry
    MS16-126 Security update for Microsoft Internet Messaging API
More information:
Important:
    The security fixes listed above that are included in this security update 3185330 are also included in this October 2016 month’s Security Only Quality Update 3192391*, which only includes those fixes. Installing either update will include the security fixes listed above, and the Security Monthly Quality Rollup also includes improvements and fixes from previous Monthly Rollups.
    If you use update management processes other than Windows Update and automatically approve all Security updates classifications for deployment, note that both the Security Only Quality Update 3192391* and the Security Monthly Quality Rollup for the month 3185330 will be deployed. We recommend that you review your update deployment rules to ensure the desired updates are deployed.
    If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows."
- https://support.micr...n-us/kb/3185330
Last Review: 10/11/2016 18:51:00 - Rev: 1.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
___

October 2016 'security only' quality update for Windows 7 SP1 and Windows Server 2008 R2 SP1
"Summary: This security update resolves the following vulnerabilities in Windows 7 and Windows Server 2008 R2:
    MS16-101 Security update for Windows authentication methods
    MS16-118 Cumulative security update for Internet Explorer
    MS16-120 Security update for Microsoft graphics component
    MS16-122 Security update for Microsoft video control
    MS16-123 Security update for kernel-mode drivers
    MS16-124 Security update for Windows registry
    MS16-126 Security update for Microsoft Internet Messaging API
More information..."
* https://support.micr...n-us/kb/3192391
Last Review: 10/11/2016 17:49:00 - Rev: 1.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
___

September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
"The September 2016 update rollup includes some new improvements and fixes for the Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 platform. We recommend that you apply this update rollup as part of your regular maintenance routines.
Improvements and fixes: To learn more about the non-security improvements and fixes in this update, see the "September 20, 2016 – KB3185278" section in Windows 7 SP1 and Windows Server 2008 R2 SP1 update history[1].
Known issues in this update:
Symptoms: Assume that you are running Enhanced Mitigation Experience Toolkit (EMET) on Windows 7 Service Pack 1 (SP1) on a computer on which update 3175024 is installed. When you try to start an application, the application freezes very early in the process and does not completely start.
Cause: This issue occurs because the Export Address table Filtering (EAF) mitigation is active on the application..." (More...)
- https://support.micr...n-us/kb/3185278
Last Review: 09/20/2016 16:20:00 - Rev: 1.0

1] http://go.microsoft..../?LinkId=821934
Last Review: Oct 10, 2016 - Rev: 41
Applies to: Windows 7
___

- https://krebsonsecur...hoose-patching/
Oct 11, 2016 - "... Consumers on Win7 SP1 and Win8.1 will henceforth receive what Redmond is calling a “Monthly Rollup,” which addresses both security issues and reliability issues in a single update. The “Security-only updates” option — intended for enterprises and -not- available via Windows Update — will only include new security patches that are released for that month. What this means is that if any part of the patch bundle breaks, the only option is to remove the entire bundle (instead of the offending patch, as was previously possible)..."
 

Edited by AplusWebMaster, 12 October 2016 - 07:43 AM.

[AplusWebMaster]

FYI...

New rules for updating Win7
- http://windowssecret...ting-windows-7/
Oct 12, 2016 - "Only Microsoft could make Windows updating both easier and harder at the same time. This month we move from individual Win7 security updates to the new roll-up model. But Microsoft also released some individual updates alongside the rollups. To get through this transition, here are some steps to make the updating process less painful. Working with the big change in Win7 updating:
Microsoft’s new roll-up model for Windows 7 has a significant impact... I can no longer give you patch-by-patch recommendations on what to install now and what to put off — or never install. October’s patch release seemed especially confusing because some fixes are being addressed by both roll-up updates and separate patches. (Most of those separate updates are for corporate environments.) Whether this is a temporary expediency by Microsoft is something we’ll have to wait to see. For Patch Watch followers who stuck with Win7, I’m taking a slightly different tack in this column. I’d like you to review your system and determine how “crusty” it is — and how much you depend on it. If you have several Win7 computers, I recommend taking a cue from IT administrators: At least for this first use of the roll-up update system, install the updates on one system and carefully test that machine. Check, for example, that printer connections continue to work and there are no issues with your key applications."
___

> https://technet.micr...curity/ms16-oct
Revisions:
•V1.1 (October 12, 2016): Bulletin Summary revised to change the severity of MS16-121 to Critical. This is an informational change only.
 

Edited by AplusWebMaster, 14 October 2016 - 09:25 AM.

[AplusWebMaster]

FYI...

Bugs in latest Windows/Office patch bundles ...
- http://www.infoworld...-confusion.html
Oct 21, 2016
___

Oct 2016 security monthly quality rollup for Win7 SP1 and Windows Server 2008 R2 SP1
- https://support.micr...n-us/kb/3185330
Last Review: 10/21/2016 15:17:00 - Rev 2.0
 

Edited by AplusWebMaster, 24 October 2016 - 04:52 AM.

[AplusWebMaster]

FYI...

MS Security Bulletin MS16-128 - Critical
Security Update for Adobe Flash Player (3201860)
- https://technet.micr...y/ms16-128.aspx
Oct 27, 2016 - "This security update resolves a vulnerability in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge..."
 

[AplusWebMaster]

FYI...

Oct 2016 security monthly quality rollup for Win7SP1 and Windows Server 2008 R2 SP1
- https://support.micr...n-us/kb/3185330
Last Review: 10/26/2016 20:28:00 - Rev: 3.0
Applies to: Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1
 

[AplusWebMaster]

FYI...

Nov 2016 Non-Security Office Update Release
- https://blogs.techne...update-release/
Nov 1, 2016
"Listed below are the 'non-security' updates we released on the Download Center and Microsoft Update today.
See the linked KB articles for more information.
Office 2010
Update for Microsoft Project 2010 (KB3118393)
Office 2013
Update for Microsoft Office 2013 (KB3039750)
Update for Microsoft OneDrive for Business (KB3118350)
Update for Microsoft Office 2013 (KB3127916)
Update for Skype for Business 2015 (KB3127934)
Update for Microsoft Office 2013 (KB3127915)
Update for Microsoft Office 2013 (KB3118343)
Update for Microsoft Office 2013 (KB3118346)
Update for Microsoft Outlook 2013 (KB3127919)
Update for Microsoft PowerPoint 2013 (KB3118353)
Update for Microsoft Project 2013 (KB3127959)
Update for Microsoft Word 2013 (KB3039719)
Office 2016
Update for Microsoft Office 2016 (KB3127906)
Update for Skype for Business 2016 (KB3127939)
Update for Microsoft Office 2016 (KB3127909)
Update for Microsoft Office 2016 (KB3118338)
Update for Microsoft Office 2016 (KB3118336)
Update for Microsoft Office 2016 (KB3118340)
Update for Microsoft Office 2016 (KB3127905)
Update for Microsoft OneDrive for Business (KB3118341)
Update for Microsoft Outlook 2016 (KB3127912)
Update for Microsoft PowerPoint 2016 (KB3127902)
Update for Microsoft Office 2016 (KB3115280)
Update for Microsoft Project 2016 (KB3127960)
Update for Microsoft Word 2016 (KB3127941) "