Tuesday, November 08, 2016

Microsoft Security Bulletin Release for November, 2016


As this is the second Tuesday of the month, there will be one  security monthly rollup for Windows 7 and 8.1 as well as Server 2008 and 2012.  The details of the updates included are listed below.

Another change available this month is a preview of the new Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the "Security Updates Guide" includes the ability to view and search security vulnerability information in a single online database.  After the January 2017 Update Tuesday release, bulletins will be eliminated and the information will only be available from the new Security Updates Guide.

The guide, described as a "portal" by the MSRC Team in Furthering our commitment to security updates, includes the following features:
  • Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
  • Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
  • Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.

November Security Update Details:

Microsoft released fourteen (14) bulletins.  six (6) bulletins are identified as Critical and eight (8) rated Moderate in severity

The updates address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft SQL Server and Adobe Flash Player for Windows 8.1 and above. 

Addressed in the updates are Remote Code Execution, Elevation of Privilege and Security Feature Bypass.

Information about the update for Windows 10 is available at Windows 10 update history.

Critical:
  • MS16-129 -- Cumulative Security Update for Microsoft Edge (3199057)
  • MS16-130 -- Security Update for Microsoft Windows (3199172)
  • MS16-131  -- Security Update for Microsoft Video Control (3199151)
  • MS16-132 -- Security Update for Microsoft Graphics Component (3199120
  • MS16-141 -- Security Update for Adobe Flash Player (3202790)
  • MS16-142 -- Cumulative Security Update for Internet Explorer (3198467)


Important:
  • MS16-133 -- Security Update for Microsoft Office (3199168)
  • MS16-134 -- Security Update for Common Log File System Driver (3193706)
  • MS16-135 -- Security Update for Windows Kernel-Mode Drivers (3199135)
  • MS16-136 -- Security Update for SQL Server (3199641)
  • MS16-137 -- Security Update for Windows Authentication Methods (3199173)
  • MS16-138 -- Security Update to Microsoft Virtual Hard Disk Driver (3199647)
  • MS16-139 -- Security Update for Windows Kernel (3199720)
  • MS16-140 -- Security Update for Boot Manager (3193479)

    Additional Update Notes

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
    • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.
    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

    References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      1 comment:

      Anonymous said...

      Well done! If be the case, non-admin account still seems to be the brat choice.