Microsoft Security Bulletins June 2016

Martin Brinkmann
Jun 14, 2016
Updated • Jan 4, 2018
Companies, Microsoft
|
15

This summary provides you with detailed information about the security bulletins that Microsoft released for its Windows operating system and other company products on June 14, 2016.

The guide lists all security and non-security patches, as well as security advisories that Microsoft released since the last patch day on May 10, 2016.

Each update is linked to Microsoft's Knowledge Base so that you can look it up in detail.

Apart from the list of patches, our overview provides you with information about the operating system and other Microsoft products distribution, an executive summary, and information on how to download the updates to Windows machines.

Microsoft Security Bulletins June 2016

Executive Summary

  • Microsoft released a total of 16 security bulletins on the June 2016 Patch Day.
  • 5 of the bulletins received the highest severity rating of critical, the remaining 11 bulletins a rating of important.
  • Affected products include all client and server versions of Microsoft Windows, Microsoft Office, and Microsoft Exchange.

Operating System Distribution

All client versions of Windows are affected critically by vulnerabilities described in MS16-063. Windows Vista on top of that is affected critically by MS16-069, and Windows 10 by MS16-068.

MS16-069 is a cumulative security update for JScript and VBScript, and MS16-068 an update for Microsoft Edge which is exclusively available for Windows 10.

The critical server vulnerability affects only Windows Server 2012 and 2012 R2. It is described as an update for Microsoft Windows DNS Server in the bulletin MS16-071.

  • Windows Vista: 2 critical, 2 important
  • Windows 7: 1 critical, 2 important
  • Windows 8.1: 1 critical, 3 important
  • Windows RT 8.1: 1 critical, 2 important
  • Windows 10: 2 critical, 4 important
  • Windows Server 2008: 3 important, 2 moderate
  • Windows Server 2008 R2: 4 important, 1 moderate
  • Windows Server 2012 and 2012 R2: 1 critical, 5 important, 1 moderate
  • Server core: 1 critical, 3 important, 1 moderate

Other Microsoft Products

All Office products are affected by vulnerabilities described in the bulletin MS16-070. Microsoft Exchange Server is affected by vulnerabilities described in MS16-079.

  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016: 1 critical
  • Microsoft Office for Mac 2011, 2016: 1 critical
  • Microsoft Office Compatibility Pack SP3: 1 important
  • Microsoft Visio Viewer 2007 SP3, 2010: 1 important
  • Microsoft Word Viewer: 1 important
  • Microsoft SharePoint Server 2010, 2013: 1 important
  • Microsoft Office Web Apps 2010, 2013: 1 important
  • Office Online Server: 1 important
  • Microsoft Exchange Server 2007, 2010, 2013, 2016: 1 important

Security Bulletins

MS16-063 - Cumulative Security Update for Internet Explorer (3163649) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS16-068 - Cumulative Security Update for Microsoft Edge (3163656) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-069 - Cumulative Security Update for JScript and VBScript (3163640) - Critical - Remote Code Execution

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website.

MS16-070 - Security Update for Microsoft Office (3163610) - Critical - Remote Code Execution

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

MS16-071 - Security Update for Microsoft Windows DNS Server (3164065) - Critical - Remote Code Execution

The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

MS16-072 - Security Update for Group Policy (3163622) - Important - Elevation of Privilege

The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

MS16-073 - Security Update for Windows Kernel-Mode Drivers (3164028) - Important - Elevation of Privilege

The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-074 - Security Update for Microsoft Graphics Component (3164036) - Important - Elevation of Privilege

The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.

MS16-075 - Security Update for Windows SMB Server (3164038) - Important - Elevation of Privilege

The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

MS16-076 - Security Update for Netlogon (3167691) - Important - Remote Code Execution

The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.

MS16-077 - Security Update for WPAD (3165191) - Important - Elevation of Privilege

The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

MS16-078 - Security Update for Windows Diagnostic Hub (3165479) - Important
Elevation of Privilege

The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-079 - Security Update for Microsoft Exchange Server (3160339) -  Important - Information Disclosure

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.

MS16-080 - Security Update for Microsoft Windows PDF (3164302) - Important - Remote Code Execution

The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user.

MS16-081 - Security Update for Active Directory (3160352) - Important - Denial of Service

This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

MS16-082 - Security Update for Microsoft Windows Search Component (3165270) - Important - Denial of Service

The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application.

Security advisories and updates

MS16-033: Security Update for Windows Embedded Standard 7 (KB3139398)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.

MS16-064: Security Update for Adobe Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB3163207)

MS16-064: Security update for Adobe Flash Player: May 13, 2016

MS16-065: Security Update for Microsoft .NET Framework 4.6 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3142037)

MS16-065: Description of the security update for the .NET Framework 4.6.1 in Windows 7 SP1 and Windows Server 2008 R2 SP1 and the .NET Framework 4.6 in Windows Vista SP2 and Windows Server 2008 SP2: May 10, 2016

Microsoft Security Advisory 2880823

Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program

Microsoft Security Advisory 3155527

Update to Cipher Suites for FalseStart

Non-security related updates

Update for Windows 7 (KB2952664)

Update for Windows 7 (KB2977759)

Update for Windows 8.1 and Windows 8 (KB2976978)

Compatibility update for upgrading Windows 7, 7 RTM, 8, 8.1. This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.

Update for Windows Embedded 8 Standard (KB3156416)

May 2016 update rollup for Windows Server 2012

Update for Windows 8.1 and Windows 7 (KB3035583)

This update installs the Get Windows 10 app that helps users understand their Windows 10 upgrade options and device readiness.

Update for Windows 8.1 and Windows 7 (KB3123862)

Updated capabilities to upgrade Windows 8.1 and Windows 7

Update for Windows 7 and Windows Server 2008 R2 (KB3125574)

Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1.

Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2 (KB3139923)

MSI repair doesn't work when MSI source is installed on an HTTP share in Windows

Update for Windows Server 2012 R2 (KB3155444)

PXE client computers freeze during multithread network transfers in Windows Server 2012 R2.

Update for Windows Server 2012 (KB3156416)

May 2016 update rollup for Windows Server 2012

Update for Windows 7 and Windows Server 2008 R2 (KB3156417)

May 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3156418)

May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

Update for Windows 10 (KB3159635)

Windows 10 Update Assistant: To help keep all Windows 10 systems secure and provide the latest features and improvements, the Windows 10 Update Assistant downloads and starts the setup for Windows 10 version 1511.

Update for Windows 10 (KB3147062)

Signing verification failure breaks audio functionality in Windows 10 Version 1511

Update for Windows 8.1, Windows 8, and Windows 7 (KB3150513)

May 2016 Compatibility Update for Windows

Update for Windows 10 (KB3152599)

Preinstalled system applications and Start menu may not work when you upgrade to Windows 10 Version 1511

How to download and install the June 2016 security updates

microsoft security bulletins june 2016

The security updates that Microsoft published on the June 2016 Patch Day are already available via Windows Update.

While the updates will get picked up eventually, it is possible to run a manual check for updates to speed up the process.

  1. Tap on the Windows-key, type Windows Update, and hit the Enter-key afterwards.
  2. Click on the check for updates button to run a manual check for new updates for the operating system.

Windows will check for updates and either download and install them automatically, only download them, or prompt you for actions.

Please note that it is recommended to research Windows updates before you install them to avoid issues after installing them.

Some updates are made available via Microsoft's Download Center, while all security updates via Microsoft's Update Catalog.

All security updates are also made available via security ISO images that Microsoft releases on a monthly basis.

Additional resources

Summary
Article Name
Microsoft Security Bulletins June 2016
Description
Microsoft Security Bulletins June 2016 provides you with an overview of all security bulletins and non-security updates released by Microsoft.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.