Microsoft Security Bulletins For February 2016

Martin Brinkmann
Feb 9, 2016
Updated • Sep 9, 2019
Companies, Microsoft
|
16

The Microsoft Security Bulletins overview for February 2016 provides you with detailed information about security and non-security patches that Microsoft released for its Windows operating system and other company products since the January 2016 release.

The overview begins with an executive summary listing the most important facts. What follows afterwards is the patch distribution across different client and server versions of the Windows operating system, and other Microsoft products.

Lists of the security bulletins, advisories, and non-security updates released in February 2016 are listed next. Each offering a short description of the patch or bulletin released, and a link to the Microsoft website for further information.

Last but not least, download instructions are provided and options are listed.

Microsoft Security Bulletins For February 2016

Executive Summary

  • Microsoft released a total of 13 bulletins.
  • 6 bulletins have received the highest severity rating of critical.
  • All Microsoft operating systems, as well as other Microsoft products such as Internet Explorer are affected by security issues.

Operating System Distribution

All client versions of Windows are affected by at least two bulletins that have been rated critical. Windows 8.1 and Windows 10 are affected by the most, with Windows 8.1 being affected by four critical and 3 important bulletins, and Windows 10 by 5 critical and 3 important vulnerabilities.

As has been the case in the past, the additional critical bulletin is for the Microsoft Edge browser which is a Windows 10 exclusive.

  • Windows Vista: 2 critical, 2 important
  • Windows 7:  2 critical, 3 important
  • Windows 8 and 8.1: 4 critical, 3 important
  • Windows RT and RT 8.1: 2 critical, 2 important
  • Windows 10: 5 critical, 3 important
  • Windows Server 2008:  1 critical, 3 important, 1 moderate
  • Windows Server 2008 R2: 1 critical, 3 important, 1 moderate
  • Windows Server 2012 and 2012 R2: 3 critical, 5 important, 1 moderate
  • Server core: 1 critical, 5 important

Other Microsoft Products

  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016: 1 critical
  • Microsoft Office for Mac: 1 critical
  • Microsoft Office Compatibility Pack Service Pack 3: 1 important
  • Microsoft Excel Viewer and Microsoft Word Viewer: 1 important
  • Microsoft SharePoint Server 2007, 2010 and 2013: 1 important
  • Microsoft Office Web Apps 2010 and 2013: 1 important
  • Microsoft SharePoint Foundation 2013: 1 important

Security Bulletins

MS16-009 - Cumulative Security Update for Internet Explorer (3134220) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS16-011 - Cumulative Security Update for Microsoft Edge (3134225) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-012 - Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system.

MS16-013 - Security Update for Windows Journal to Address Remote Code Execution (3134811) - Critical - Remote Code Execution

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.

MS16-014  - Security Update for Microsoft Windows to Address Remote Code Execution (3134228)- Important - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

MS16-015 - Security Update for Microsoft Office to Address Remote Code Execution (3134226)  - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

MS16-016 - Security Update for WebDAV to Address Elevation of Privilege (3136041) - Important -
Elevation of Privilege

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.

MS16-017 - Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700) - Important - Elevation of Privilege

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

MS16-018 - Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082) - Important - Elevation of Privilege

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-019 - Security Update for .NET Framework to Address Denial of Service (3137893) - Important -
Denial of Service

This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.

MS16-020 - Security Update for Active Directory Federation Services to Address Denial of Service (3134222) - Important - Denial of Service

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.

MS16-021 - Security Update for NPS RADIUS Server to Address Denial of Service (3133043)  - Important - Denial of Service

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.

MS16-022 - Security Update for Adobe Flash Player (3135782) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Security Advisories and updates

Advisory 3127909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering

Non-security related updates

  • Update for Windows 8.1 and Windows 7 (KB3123862) - Updated capabilities to upgrade Windows 8.1 and Windows 7
  • Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
  • Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows
  • Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
  • Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3135445) - Windows Update Client for Windows 7 and Windows Server 2008 R2: February 2016
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3135449) - Windows Update Client for Windows 8.1 and Windows Server 2012 R2: February 201
  • Dynamic Update for Windows 10 (KB3124261) - Compatibility update for upgrading to Windows 10 Version 1511: January 27, 2016
  • Update for Windows 10 (KB3124262) - Cumulative Update for Windows 10 Version 1511: January 27, 2016
  • Dynamic Update for Windows 10 (KB3136561) - Compatibility update for upgrading to Windows 10 Version 1511: January 27, 2016
  • Microsoft .NET Framework 4.6.1 for Windows 7 (KB3102433) - The .NET Framework 4.6.1 and its corresponding language packs for Windows 7 SP1 are available on Windows Update
  • Microsoft .NET Framework 4.6.1 for Upgrade Language Packs (KB3102433)
  • Microsoft .NET Framework 4.6.1 for Language Packs (KB3102433)
  • Microsoft .NET Framework 4.6.1 for Windows Server 2012 R2 (KB3102467) - The .NET Framework 4.6.1 for Windows Server 2012 R2 on Windows Update
  • Microsoft .NET Framework 4.6.1 Language Packs for Windows Server 2012 R2 for x64 (KB3102521) - Microsoft .NET Framework 4.6.1 language packs for Windows Server 2012 R2 on Windows Update
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3102429) - Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows

How to download and install the February 2016 security updates

security bulletins february 2016

Windows users can install all security patches for their operating system and also optional non-security patches using Windows Update.

Windows Update is an automated updating tool that is built-in to Windows to download and install patches that Microsoft releases.

Update checks are run frequently but not in real-time. Run a manual check for Windows updates if you want to grab the updates as soon as they are available.

You can do so in the following way:

  1. Tap on the Windows-key, type Windows Update and hit enter.
  2. The Windows Update program opens.
  3. Locate and click on "check for updates". This queries Microsoft's server for updates.

Depending on how Windows Update is configured, Windows may download these updates automatically, or present them to you only giving you options to select the updates that you want installed on your system.

Windows patches are made available on Microsoft's Download Center site as well from where they can be downloaded individually. You may also download a monthly security ISO image that Microsoft releases that contains all patches for all supported operating systems released in that month.

Consult our Windows Update guide linked below for additional options and troubleshooting information.

Additional resources

Summary
Microsoft Security Bulletins For February 2016
Article Name
Microsoft Security Bulletins For February 2016
Description
The Microsoft Security Bulletin overview for February 2016 offers in-depth information about the February 2016 patch day.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.