Microsoft Security Bulletins April 2016

The Microsoft Security Bulletins overview for April 2016 provides you with detailed information about all security and non-security patches Microsoft released in the past 30 days for client and server versions of Windows, as well as other Microsoft products such as Office.
The overview begins with an executive summary highlighting the most important information about this month's Patch Day.
It is followed by patch information for individual client and server operating systems, and other Microsoft products.
What follows is the list of released security bulletins for April 2016, security advisories, and the list of non-security updates released in the past 30 days.
This is followed by download instructions and links to resources that provide you with additional information.
Microsoft Security Bulletins For April 2016
Executive Summary
- Microsoft released a total of 13 bulletins in April 2016.
- Six security bulletins received the highest rating of critical, the remaining seven one of important, the second highest rating.
- All client and server versions of Windows are affected by vulnerabilities described in one or multiple critically rated bulletins.
- Other affected Microsoft products include Microsoft Office and Microsoft SharePoint Server,
Operating System Distribution
All client-based versions of Windows are affected by vulnerabilities fixed by the bulletins MS16-037, MS16-039 and MS16-040 while Windows 10 is also affected by vulnerabilities fixed by MS16-038.
The reason for the additional bulletin is as usual Microsoft Edge which is exclusively available on Windows 10.
MS16-037 is a cumulative update for Internet Explorer, Ms16-039 a security update for the Microsoft Graphics Component, and MS16-040 a security update for Microsoft XML Core Services.
As far as important vulnerabilities are concerned, all client versions are affected by vulnerabilities described in Ms16-047 (Security Update for SAM and LSAD Remote Protocols). Windows 8.1, RT 8.1 and 10 are affected by MS16-048 (security issue in CSRSS), Windows 8.1 and 10 by MS16-045 (security issue in Windows Hyper-V), and Windows 10 by MS16-046 (security issue in Secondary logon).
- Windows Vista: 3 critical, 1 important
- Windows 7: 3 critical, 1 important
- Windows 8.1: 3 critical, 3 important
- Windows RT 8.1: 3 critical, 2 important
- Windows 10: 4 critical, 4 important
- Windows Server 2008: 3 critical, 1 important
- Windows Server 2008 R2: 2 critical, 4 important, 1 moderate
- Windows Server 2012 and 2012 R2: 2 critical, 1 moderate
- Server core: 2 critical, 3 important
Other Microsoft Products
Patches for the following non-Windows Microsoft products were released this month:
- Microsoft Office 2007, 2010: 1 critical, 1 important
- Microsoft Office 2013, 2013 RT: 1 critical
- Microsoft Office 2016: 1 important
- Microsoft Office for Mac 2011, 2016: 1 important
- Microsoft Office Compatibility Pack SP3, Excel Viewer, Word Viewer: 1 critical, 1 important
- Microsoft SharePoint Server 2007: 1 important
- Microsoft SharePoint Server 2010, 2013: 1 critical
- Microsoft Office Web Apps 2010, 2013: 1 critical
- Skype for Business 2016: 1 critical
- Microsoft Lync 2010, 2013: 1 critical
- Microsoft Live Meeting 2007 Console: 1 critical
Security Bulletins
MS16-037 - Cumulative Security Update for Internet Explorer (3148531) - Critical
Remote Code Execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
MS16-038 - Cumulative Security Update for Microsoft Edge (3148532) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
MS16-039 - Security Update for Microsoft Graphics Component (3148522) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
MS16-040 - Security Update for Microsoft XML Core Services (3148541) - Critical - Remote Code Execution
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system.
MS16-041 - Security Update for .NET Framework (3148789) -Â Important - Remote Code Execution
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.
MS16-042 - Security Update for Microsoft Office (3148775)Â - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
MS16-044 - Security Update for Windows OLE (3146706)Â - Important - Remote Code Execution
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input.
MS16-045 - Security Update for Windows Hyper-V (3143118) - Important - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code.
MS16-046 - Security Update for Secondary Logon (3148538) - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows.
MS16-047 - Security Update for SAM and LSAD Remote Protocols (3148527) - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack.
MS16-048 - Security Update for CSRSS (3148528) - Important - Security Feature Bypass
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.
MS16-049 - Security Update for HTTP.sys (3148795) - Important - Denial of Service
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.
MS16-050Â - Security Update for Adobe Flash Player (3154132) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Security advisories and updates
Microsoft Security Advisory 3152550 - Update to Improve Wireless Mouse Input Filtering
Microsoft is announcing the availability of an update to improve input filtering for certain Microsoft wireless mouse devices. The update enhances security by filtering out QWERTY key packets in keystroke communications issued from receiving USB wireless dongles to wireless mouse devices.
Non-security related updates
- Update for Windows 10 Version 1511 (KB3147458) - This update includes quality improvements and security fixes. No new operating system features are being introduced in this update.
- Update for Windows 10 (KB3125217) - Disk cleanup for Windows 10 cumulative updates
- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3147071) - Connection to Oracle database fails when you use Microsoft ODBC or OLE DB Driver for Oracle or Microsoft DTC in Windows
- Dynamic Update for Windows 10 (KB3147460) - Compatibility update for upgrading to Windows 10 Version 1511: April 12, 2016
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded (KB3148851) - Time zone changes for Russia in Windows
- Windows Malicious Software Removal Tool - April 2016 (KB890830)/Windows Malicious Software Removal Tool - April 2016 (KB890830) - Internet Explorer Version -
- Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
- Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
- Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
- Update for Windows 8.1 and Windows 7 (KB3035583) - Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- Update for Windows 10 (KB3140741) - Servicing stack update for Windows 10 Version 1511: March 22, 2016
How to download and install the April 2016 security updates
Updates are as usually delivered via Windows Update, the primary updating service built into all versions of the Windows operating system.
We suggest you research updates before installation, but if you are in a hurry, suggest to backup the system before you update your PC.
To check for updates manually. tap on the Windows-key on your keyboard, type Windows Update and hit enter. On the page that opens, click on "check for updates" to run a manual check for new updates.
Depending on your settings, updates that are found during the scan are either shown to you, downloaded only, or downloaded and installed right away.
You may download updates individually from Microsoft's Download Center instead, or download one of the security ISO images that Microsoft releases each month.
Additional resources
- Microsoft Security Bulletin Summary for April 2016
- List of software updates for Microsoft products
- List of security advisories of 2016
- Our in-depth update guide for Windows
- Windows 10 Update History


Martin, I would appreciate that you do not censor this post, as it’s informative writing.
Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).
For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.
You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.
If you used AI to help write this article, it has failed miserably.
EMRE ÇITAK posts are useless because they are fraught with inaccuracies and are irrelevant.
AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI
Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.
Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.
Don’t tell me!
Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!
Bring in the dictatorship!!!
And screw Rreedom of Association – too radical for Ghacks maybe
GateKeeper ?
That’s called “appointing” businesses to do the state’s dirty work!!!!!
But the article says itself that those appointed were not happy – implying they had not choice!!!!!!
Rreedom of Association is one of our most important rights. Some people think it’s Freedom, but no, I say Rreedom is far more important. There are many STATE-MANDATED associations that save jobs, that’s right MANDATED. I can’t name any of them, but rest assured they are bad, because saving jobs are bad, and people having jobs leads to dictatorship!!! Anyone who disagrees is too radical for Ghacks maybe, because I’m not sure.
@The Dark Lady,
@KeZa,
@Database failure,
@Howard Pearce,
@Howard Allan Pearce,
Note: I replaced the quoted URI scheme: https:// with “>>” and posted.
The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
>> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
>> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
How to display only articles by a specific author:
Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
>> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033
By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
>> github.com/martinrotter/rssguard#readme
We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.
“Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”
Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.
No, they didn’t lmao.
https://twitter.com/vxunderground/status/1706523877478670542
What does this article about Musk/Tesla have to do with computing, devices, phones?
More irelevant filler.
yeah sure… they are always the victims and it is only against them ????
Believe them 100% and never question anything. This lawsuit sounds like the type you heard when people were eating batteries.