Microsoft Security Bulletins April 2016
The Microsoft Security Bulletins overview for April 2016 provides you with detailed information about all security and non-security patches Microsoft released in the past 30 days for client and server versions of Windows, as well as other Microsoft products such as Office.
The overview begins with an executive summary highlighting the most important information about this month's Patch Day.
It is followed by patch information for individual client and server operating systems, and other Microsoft products.
What follows is the list of released security bulletins for April 2016, security advisories, and the list of non-security updates released in the past 30 days.
This is followed by download instructions and links to resources that provide you with additional information.
Microsoft Security Bulletins For April 2016
Executive Summary
- Microsoft released a total of 13 bulletins in April 2016.
- Six security bulletins received the highest rating of critical, the remaining seven one of important, the second highest rating.
- All client and server versions of Windows are affected by vulnerabilities described in one or multiple critically rated bulletins.
- Other affected Microsoft products include Microsoft Office and Microsoft SharePoint Server,
Operating System Distribution
All client-based versions of Windows are affected by vulnerabilities fixed by the bulletins MS16-037, MS16-039 and MS16-040 while Windows 10 is also affected by vulnerabilities fixed by MS16-038.
The reason for the additional bulletin is as usual Microsoft Edge which is exclusively available on Windows 10.
MS16-037 is a cumulative update for Internet Explorer, Ms16-039 a security update for the Microsoft Graphics Component, and MS16-040 a security update for Microsoft XML Core Services.
As far as important vulnerabilities are concerned, all client versions are affected by vulnerabilities described in Ms16-047 (Security Update for SAM and LSAD Remote Protocols). Windows 8.1, RT 8.1 and 10 are affected by MS16-048 (security issue in CSRSS), Windows 8.1 and 10 by MS16-045 (security issue in Windows Hyper-V), and Windows 10 by MS16-046 (security issue in Secondary logon).
- Windows Vista: 3 critical, 1 important
- Windows 7: 3 critical, 1 important
- Windows 8.1: 3 critical, 3 important
- Windows RT 8.1: 3 critical, 2 important
- Windows 10: 4 critical, 4 important
- Windows Server 2008: 3 critical, 1 important
- Windows Server 2008 R2: 2 critical, 4 important, 1 moderate
- Windows Server 2012 and 2012 R2: 2 critical, 1 moderate
- Server core: 2 critical, 3 important
Other Microsoft Products
Patches for the following non-Windows Microsoft products were released this month:
- Microsoft Office 2007, 2010: 1 critical, 1 important
- Microsoft Office 2013, 2013 RT: 1 critical
- Microsoft Office 2016: 1 important
- Microsoft Office for Mac 2011, 2016: 1 important
- Microsoft Office Compatibility Pack SP3, Excel Viewer, Word Viewer: 1 critical, 1 important
- Microsoft SharePoint Server 2007: 1 important
- Microsoft SharePoint Server 2010, 2013: 1 critical
- Microsoft Office Web Apps 2010, 2013: 1 critical
- Skype for Business 2016: 1 critical
- Microsoft Lync 2010, 2013: 1 critical
- Microsoft Live Meeting 2007 Console: 1 critical
Security Bulletins
MS16-037 - Cumulative Security Update for Internet Explorer (3148531) - Critical
Remote Code Execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
MS16-038 - Cumulative Security Update for Microsoft Edge (3148532) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
MS16-039 - Security Update for Microsoft Graphics Component (3148522) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
MS16-040 - Security Update for Microsoft XML Core Services (3148541) - Critical - Remote Code Execution
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system.
MS16-041 - Security Update for .NET Framework (3148789) -Â Important - Remote Code Execution
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.
MS16-042 - Security Update for Microsoft Office (3148775)Â - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
MS16-044 - Security Update for Windows OLE (3146706)Â - Important - Remote Code Execution
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input.
MS16-045 - Security Update for Windows Hyper-V (3143118) - Important - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code.
MS16-046 - Security Update for Secondary Logon (3148538) - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows.
MS16-047 - Security Update for SAM and LSAD Remote Protocols (3148527) - Important - Elevation of Privilege
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack.
MS16-048 - Security Update for CSRSS (3148528) - Important - Security Feature Bypass
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.
MS16-049 - Security Update for HTTP.sys (3148795) - Important - Denial of Service
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.
MS16-050Â - Security Update for Adobe Flash Player (3154132) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Security advisories and updates
Microsoft Security Advisory 3152550 - Update to Improve Wireless Mouse Input Filtering
Microsoft is announcing the availability of an update to improve input filtering for certain Microsoft wireless mouse devices. The update enhances security by filtering out QWERTY key packets in keystroke communications issued from receiving USB wireless dongles to wireless mouse devices.
Non-security related updates
- Update for Windows 10 Version 1511 (KB3147458) - This update includes quality improvements and security fixes. No new operating system features are being introduced in this update.
- Update for Windows 10 (KB3125217) - Disk cleanup for Windows 10 cumulative updates
- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3147071) - Connection to Oracle database fails when you use Microsoft ODBC or OLE DB Driver for Oracle or Microsoft DTC in Windows
- Dynamic Update for Windows 10 (KB3147460) - Compatibility update for upgrading to Windows 10 Version 1511: April 12, 2016
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded (KB3148851) - Time zone changes for Russia in Windows
- Windows Malicious Software Removal Tool - April 2016 (KB890830)/Windows Malicious Software Removal Tool - April 2016 (KB890830) - Internet Explorer Version -
- Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
- Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
- Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
- Update for Windows 8.1 and Windows 7 (KB3035583) - Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- Update for Windows 10 (KB3140741) - Servicing stack update for Windows 10 Version 1511: March 22, 2016
How to download and install the April 2016 security updates
Updates are as usually delivered via Windows Update, the primary updating service built into all versions of the Windows operating system.
We suggest you research updates before installation, but if you are in a hurry, suggest to backup the system before you update your PC.
To check for updates manually. tap on the Windows-key on your keyboard, type Windows Update and hit enter. On the page that opens, click on "check for updates" to run a manual check for new updates.
Depending on your settings, updates that are found during the scan are either shown to you, downloaded only, or downloaded and installed right away.
You may download updates individually from Microsoft's Download Center instead, or download one of the security ISO images that Microsoft releases each month.
Additional resources
- Microsoft Security Bulletin Summary for April 2016
- List of software updates for Microsoft products
- List of security advisories of 2016
- Our in-depth update guide for Windows
- Windows 10 Update History
Have an old Toshiba laptop thats been stable on Vista 32 since 2007 ish, windows updated the other night (restart done automatically when the updater is in manual mode) and now have lost the desktop, black screen and nothing runs right…problem is cannot run certain professional programs on it as the important programs dont exist for anything higher (wind turbine inverter programming suites where the manufacturer went out of business in 2009)….unable to roll back, unable to access windows update… been screwed again
It’s absolutely maddening when this happens. The last time I had to install everything from scratch (which was when I switched from Windows XP to Windows 7), it took me over three days full time to install, update, and configure everything more or less to my liking.
This is why I maintain a bootable clone of my system drive (using Macrium Reflect). Before each Patch Tuesday, provided my system is running well, I redo the clone. (With around 1TB of data on 5400rpm 2TB hard drives on SATA II ports, it takes around three hours, and once Reflect has made the shadow copies it clones from, which takes around five minutes, I can continue to make light use of the computer during the cloning operation.) That way, if my system drive ever fails, or something gets irreversibly corrupted, or Windows Update borks my system (ahem), I can swap in the clone drive for the system drive and continue working without skipping a beat. I also sync data files and important config files to the clone drive in real time using FreeFileSync with RealTimeSync, so I wouldn’t lose those, either. Basically, if I ever had to swap in my clone drive for my system drive, I might have to re-install a recently installed app or two and re-do recent updates to previously installed apps, but that’s about it. I wouldn’t have to re-install and reconfigure Windows from scratch; I wouldn’t have to re-install and reconfigure all of my apps from scratch; and I probably wouldn’t lose any of my data. On other people’s systems, I actually maintain more than one clone, for an extra margin of safety. It has saved them days of recovery time on more than one occasion, most recently a few Patch Tuesdays ago. (I’ve been lucky for several years now.)
Mechanical hard drives have become pretty cheap, but some people who don’t want to devote an entire drive to a single system backup instead maintain multiple images of their system drive on backup media. The downside to this is that images are harder to test than clones — you can’t be sure they work until you actually restore them, for which you need … an extra drive. Also, I’m pretty sure you can’t sync recently changed data files to them in real time, although you can make more frequent incremental images.
Anyway, it’s something to think about once you have rebuilt your system. Good luck. I feel for you. This is why I used to have a foam bat next to my computer.
First I had the problem of installing selected updates. Second I had the problem of stuck in “searching for updates”. I;m trying to avoid the ever increasingly important tagged ‘nagware’. I ran the Win7Pro64-bit system troubleshooting but it came up empty. Ran MWBytes, SASpyware, and they found nothing. After that I ran security software and it found nothing. I ended up closing down the computer and turning my modem off for about 5-10 minutes and back on. Left the computer off and when I brought it back up the next morning everything was working. Who knows what the deal is. This has happened a time or two before with updates. Just my experience.
For solve the Windows Update Hangs do this:
Install KB3145739 manually
Restart the pc and check updates. Wait 5-10 minuts.
Tell me if it worked to you as to me :)
I am having the exact same problem with no resolvment to date—04-14-2016 6:17 PM Los Angeles
I can not download updates for Windows 7 because Windows Update stuck in “Checking for updates” and svchost process rises to 50%. I have this problem since yesterday.
MS is doing everything to make me hate the dear Win7.
Try running the Windows Update Troubleshooter:
https://support.microsoft.com/en-us/kb/2714434
Afterwards, you may have to rehide any unwanted updates you’d previously hidden. (Sorry; I don’t remember.)
Last month’s Patch Tuesday included an update to Windows Update that was supposed to fix this kind of problem — I don’t remember if it was optional or important/recommended. To be honest, I haven’t noticed any difference on my system after installing it. Sometimes Windows Update runs pretty fast, and sometimes it takes quite a while. I’m guessing it has more to do with congestion on Microsoft’s servers/mirrors than with Windows Update.
I’m running Windows 7 (but don’t have Microsoft Office installed). This Patch Tuesday was mercifully trouble-free for me, and I haven’t seen any reports of major bugs or problems in my websearches or tech headlines. Of course, in the preceding month I had an “Important,” pre-checkmarked Windows 10 Compatibility Update that kept mysteriously unhiding itself and which I had to re-uncheck and re-hide two or three times. In other Get-Windows-10-related news, I’ve been reading good things about Ubuntu 16.04 (Xenial Xerus) with the MATE desktop environment.
Win7 Pro – I got 7 Important updates none of which were listed here. Very strange.
Also got 2664 again (already “hidden” at least 5 times) and that weird Russian currency update they keep sending out for some bizarre reason (also hidden several times).
I can not download updates for Windows 7 because Windows Update stuck in “Checking for updates” and svchost process rises to 50%. I have this problem since yesterday.
MS is doing everything to make me hate the dear Win7.
Ms is full of ca ca, I can upgrade to windows 10, in as little as 20-30 minutes. Getting the patch Tuesday updates is a different story, at time I have waited Over One(1) hour and got nothing. Just my computer NO, I have 3 Windows 7 desktops all connect to high speed internet, the one computer I did upgrade to w10, I rolled back, got tired of un-reqested ads popping up, so see the Upgrade is not free, and NOoooooo, MS is not spying on you, MS wants you to believe that they only download to you info and never, never, never, upload your personal info, And I have Prime Real Estate for sale down here in Florida.
http://stackoverflow.com/questions/35875911/error-in-running-r-script-in-cmd-window
In my own batch (for 8.1) was the not-detailed KB3147071, also mentioned by Martin above under “non-security related updates”.
Frustratingly, this is yet another mystery update: looking it up on Microsoft’s own site yields just a blank page with “Try searching for what you need. This page doesn’t exist.” (12 april 2016, 21:30 WET)
Did someone figure out already what exactly this update is meant to do? Thanks to any one who can tell!
appears to be a fix of a previous patch. it’s mentioned in https://support.microsoft.com/en-us/kb/3126587
Thank you so much Peter! I didn’t find that because I googled for “KB3147071”, and forgot to search for just the number (without “KB”)… So my Google search only proved that more people found this one a riddle.
For others who wondered, here’s what that previous-fix page says about this one:
“3147071 Connection to Oracle database fails when you use Microsoft ODBC or OLE DB Driver for Oracle or Microsoft DTC in Windows”.
I just installed the SP3 on XP and SP1 on 7.
These occasional knock-knocks by a daily-less-trusted Microsoft INCORPORATED give me goosebumps.
2664 and 5583, back again, like a bad case of herpes. I’m surprised Win 10 isn’t a “critical” update yet.
Aegis Voat is the solution to Windows 10 upgrade woes. Martin covered it not too long ago:
https://www.ghacks.net/2016/01/26/block-all-windows-10-components-on-windows-7-and-8/
It’s brilliant. Should be part of Windows ;)
got only the 3035…. update, the rest was not present.
Weel did I got the russian timezone as critical update , but nowhere near those timezones and don’t know anyone there so saw no reason to install that one.
Got 2 where MS did not supplied info at the time of installation, so also refused those.
but afer reboot, got again new updates , but did not have a look at them yet.
Some months, I have the feeling that all that gets pushed out to 7 and 8.1 are updates that try to get users to upgrade to 10.