Microsoft Security Bulletins For March 2016
The Security Bulletins overview for March 2016 provides you with information about security and non-security patches that Microsoft released for supported versions of the Windows operating system and other company products such as Office on the March 2016 Patch Day and after February 2016's Patch Day.
It starts with an executive summary listing the most important information on a glance. What follows is the distribution of updates by operating system and other Microsoft products.
After that, all security bulletins released in March 2016 and all non-security updates are listed, each with links to Microsoft Support pages that you can use for additional research.
You find information on downloading the updates and further resources listed in the last two sections of the overview.
Microsoft Security Bulletins For March 2016
Executive Summary
- Microsoft released a total of 13 bulletins.
- 5 bulletins have received the highest severity rating of critical.
- The remaining 8 bulletins have been rated as important, the second highest rating.
- All Microsoft operating systems, as well as other Microsoft products such as Internet Explorer are affected by security issues.
Operating System Distribution
Windows Vista and Windows Server 2008 are the only operating systems affected by MS16-025 (Security Update for Windows Library Loading to Address Remote Code Execution).
Windows Vista and 7, and Windows Server 2008 and 2008 R2, are affected by MS16-031 ( Security Update for Microsoft Windows to Address Elevation of Privilege) while all newer versions of Windows are not.
The additional critical bulletin listed for Windows 10 is for Microsoft Edge.
- Windows Vista: 2 critical, 5 important
- Windows 7:Â 2 critical, 4 important
- Windows 8 and 8.1: 2 critical, 3 important
- Windows RT and RT 8.1: 2 critical, 3 important
- Windows 10: 3 critical, 3 important
- Windows Server 2008:Â 1 critical, 5 important, 1 moderate
- Windows Server 2008 R2: 1 critical, 4 important, 1 moderate
- Windows Server 2012 and 2012 R2: 1 critical, 3 important, 1 moderate
- Server core: 1 critical, 5 important
Other Microsoft Products
All products are affected by vulnerabilities patched by the security bulletin MS16-029.
- Microsoft Office 2007, 2010, 2013, 2013 RT, 2016: 1 important
- Microsoft Office for Mac 2011, 2016: 1 important
- Microsoft Office Compatibility Pack Service Pack 3: 1 important
- Microsoft Word Viewer: 1 important
- Microsoft SharePoint Server 2010, 2013: 1 important
- Microsoft Office Web Apps 2010, 2013: 1 important
Security Bulletins
MS16-023 - Cumulative Security Update for Internet Explorer (3142015) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
If you are running Windows 7 or 8.1, check out this article which highlights that it includes a new "get Windows 10" offer option.
MS16-024 - Cumulative Security Update for Microsoft Edge (3142019) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
MS16-025 - Security Update for Windows Library Loading to Address Remote Code Execution (3140709) - Important - Remote Code Execution
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local system with the ability to execute a malicious application.
MS16-026 - Security Update for Graphic Fonts to Address Remote Code Execution (3143148)Â - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts.
MS16-027 - Security Update for Windows Media to Address Remote Code Execution (3143146) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website.
MS16-028 - Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file.
MS16-029 - Security Update for Microsoft Office to Address Remote Code Execution (3141806) - Important - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
MS16-030 - Security Update for Windows OLE to Address Remote Code Execution (3143136) - Important - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
MS16-031 - Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker is able to log on to a target system and run a specially crafted application.
MS16-032 - Security Update for Secondary Logon to Address Elevation of Privilege (3143141)Â - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory.
MS16-033 - Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege (3143142) - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.
MS16-034 - Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145) - Important - Elevation of Privilege
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
MS16-035 - Security Update for .NET Framework to Address Security Feature Bypass (3141780) - Important - Security Feature Bypass
This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
Non-security related updates
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3139921) - "No computer account for trust" error when you change domain account password in Windows 8.1 or Windows 7
- Update for Windows 10 (KB3141032) - Servicing stack update for Windows 10: March 8, 2016
- Dynamic Update for Windows 10 (KB3142588) - Compatibility update for upgrading to and recovering Windows 10 Version 1511: March 8, 2016
- Windows Malicious Software Removal Tool - March 2016 (KB890830)/Windows Malicious Software Removal Tool - March 2016 (KB890830) - Internet Explorer Version
- Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
- Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
- Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
- Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3138612) - Windows Update Client for Windows 7 and Windows Server 2008 R2: March 2016
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3138615) - Windows Update Client for Windows 8.1 and Windows Server 2012 R2: March 2016
- Update for Windows 10 (KB3139907) - Servicing stack update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: March 1, 2016
- Cumulative Update for Windows 10 (KB3140743) - See Windows 10 update history for changelog.
- Dynamic Update for Windows 10 (KB3140744) - Compatibility update for upgrading to Windows 10 Version 1511: March 1, 2016
- Update for Windows 8.1 and Windows 7 (KB3035583) - Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- Update for Windows Server 2012 (KB3055343)Â - Stop error code 0xD1, 0x139, or 0x3B and cluster nodes go down in Windows Server 2012 R2 or Windows Server 2012
- Update for Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3063109) - Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host
- Update Rollup for Microsoft Windows MultiPoint Server 2012 (KB3075566) - Update Rollup 3 for Windows MultiPoint Server 2012
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3103699) - You can't offer Remote Assistance to another user when you use a mandatory profile in Windows 8.1 or Windows Server 2012 R2
- Update for Windows MultiPoint Server 2012 (KB3104431) - Update to improve performance degradations in Mstscax.dll in Windows MultiPoint Server 2012
- Update for Windows 8.1 and Windows Server 2012 R2 (KB3106637) - Incorrect results in LDAP query, domain controller restarts, or user logons are denied in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3118401) - Update for Universal C Runtime in Windows
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3121255) - "0x00000024" Stop error in FsRtlNotifyFilterReportChange and VSS backup of PI Data server fails in Windows
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3121260) - "0x800706BE" error when you query disk details in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3121261) - System fails back to a host copy instead of an array copy or storages go down after LUN reset in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard and Windows Server 2012 (KB3123242) - Reassociated WFP context in same flow doesn't work in Windows
- Update for Windows Server 2012 R2 (KB3123595) - "0x0000009E" Stop error when cluster node crashes in Windows Server 2012 R2
- Update for Windows Server 2012 R2 (KB3123913) - Remote Desktop Gateway server crashes during certain user disconnect scenarios in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3125210) - Badpwdcount on PDC isn't reset when you use NTLM authentication to log on to Windows Server 2012 R2
- Update for Windows 8.1 and Windows RT 8.1 (KB3126030) - Incorrect log in Event Viewer after you install an antivirus software in Windows 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3126033) - Error occurs when you use Remote Desktop in Restricted Admin mode in Windows 8.1 or Windows Server 2012 R2
- Update for Windows Server 2012 R2 (KB3127060) - Data scrubbing jobs freeze and fail in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3128650) - Access to COM+ role-based security is denied in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3130896) - System crashes with Stop error 0x00000139 in Windows 8.1 and Windows Server 2012 R2
- Update for Windows Server 2012 (KB3130902) - Stop error 0x9E and failover cluster can't come online in Windows Server 2012
- Update for Windows Server 2012 R2 (KB3130934) - NLB cluster communication gets interrupted when MAC impersonation security feature is enabled in Windows Server 2012 R2
- Update for Windows Server 2012 R2 (KB3130939) - Nonpaged pool memory leak occurs in a Windows Server 2012 R2-based failover cluster
- Update for Windows Embedded 8 Standard and Windows Server 2012 (KB3133679) - Windows Server Backup fails when you back up multiple volumes in Windows Server 2012
- Update for Windows Server 2012 R2 (KB3133717) - Incorrect response when DNS server uses wildcard CNAME and DNSSEC validation failures in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3133924) - "Code 10 Device Cannot Start" error for EHCI USB Controller devices in Device Manager in Windows Server 2012 R2
- Update for Windows Server 2012 R2 and Windows Server 2012 (KB3134242) - DNS server freezes and service restart fails during the service restart in Windows Server 2012 R2 or Windows Server 2012
- Update for Windows 8.1 and Windows Server 2012 R2 (KB3134812) - You can't change settings from FSRM GUI in Windows Server 2012 R2
- Update for Windows Server 2012 R2 (KB3134813) - Windows Server Backup may hit process freeze and backup operation fails in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3134815) - CryptDuplicateKey function doesn't save state for an RC2 40-Bit key in Windows 8.1 or Windows Server 2012 R2
How to download and install the March 2016 security updates
You can download the March 2016 security patches and updates for your version of Windows via Windows Update.
This is an automated system that checks for updates regularly, and downloads and installs those that are found automatically or on user-request.
You can run a manual check for updates at any time. To do that, do the following:
- Tap on the Windows-key on your keyboard, type Windows Update and hit enter.
- Locate the "check for updates" link on the page that opens and click on it.
Updates are also made available individually on Microsoft's Download Center, and via monthly security ISO images the company releases.
Additional resources
- Microsoft Security Bulletin Summary for March 2016
- List of software updates for Microsoft products
- List of security advisories of 2016
- Our in-depth update guide for Windows
- Windows 10 Update History
KB2952664 Update Compatibility
KB3035583 (GWX.EXE) ??!!
How many times has MS tried to get these onto our systems since last July ??
Persistent little sods aren’t they !!!
Well, they will certainly push it until they end the free upgrade promo, cannot say what will happen afterwards.
“…cannot say what will happen afterwards.”
They will extend the offer.
Thanks.
Any sneaking Win 10 updates?
Yes.
The security update for Internet Explorer KB3139929 information, says it includes nonsecurity-related KB3146449, which “update adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.”
See:
http://www.wilderssecurity.com/threads/bork-tuesday-any-problems-yet.370217/page-74#post-2571060
Woody Leonhard on KB3139929 and KB3146449:
http://www.infoworld.com/article/3042155/microsoft-windows/windows-patch-kb-3139929-when-a-security-update-is-not-a-security-update.html
“Update for Windows 8.1 and Windows 7 (KB3035583) – Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1”
This is so blatant, it’s almost comical. Every month this gets re-released so that it will bypass hidden status. FU MS.
Oh, and thank you, Martin, for the info!
edit: had an idea, Martin: in your list, you could highlight updates that are sneaky by putting them in red text!
Wow that is shocking!
KB 3139929, says:
“This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer… Additionally, this security update includes several nonsecurity-related fixes for Internet Explorer.
Later in the same KB article, Microsoft lists six “nonsecurity-related fixes that are included in this security update,” including this: 3146449 Updated Internet Explorer 11 capabilities to upgrade Windows 8.1 and Windows 7″
So you have to either expose yourself to potential remote code execution or else allow M$ to generate a popup add in IE prompting you to upgrade to Windows 10.
To my mind they have now crossed the bridge and become little more than kidnappers. “If you want security then you’d better let us put whatever we want on your computer”.
Thanks for these reports Martin. I’ll install the other ‘safe’ updates this month (and avoid all use of Internet Explorer ever again) and then after that I won’t be installing any more Windows updates at all.
KB2952664 seems to be forced onto your computer with this latest update.
So even if removed and then hidden as an update, it will auto re-install back onto your computer with no way to remove it permanently…yet. I think this happened with the latest update for this month. The old method of remove and hide no longer works so Microsoft has found a way around that.
So look for it even though you’ve hidden it previously but have installed the latest updates for this month.
Thanks Martin for the news.
Always interesting to receive your newsletter.
Have a good day!