Microsoft Security Bulletins June 2016
This summary provides you with detailed information about the security bulletins that Microsoft released for its Windows operating system and other company products on June 14, 2016.
The guide lists all security and non-security patches, as well as security advisories that Microsoft released since the last patch day on May 10, 2016.
Each update is linked to Microsoft's Knowledge Base so that you can look it up in detail.
Apart from the list of patches, our overview provides you with information about the operating system and other Microsoft products distribution, an executive summary, and information on how to download the updates to Windows machines.
Microsoft Security Bulletins June 2016
Executive Summary
- Microsoft released a total of 16 security bulletins on the June 2016 Patch Day.
- 5 of the bulletins received the highest severity rating of critical, the remaining 11 bulletins a rating of important.
- Affected products include all client and server versions of Microsoft Windows, Microsoft Office, and Microsoft Exchange.
Operating System Distribution
All client versions of Windows are affected critically by vulnerabilities described in MS16-063. Windows Vista on top of that is affected critically by MS16-069, and Windows 10 by MS16-068.
MS16-069 is a cumulative security update for JScript and VBScript, and MS16-068 an update for Microsoft Edge which is exclusively available for Windows 10.
The critical server vulnerability affects only Windows Server 2012 and 2012 R2. It is described as an update for Microsoft Windows DNS Server in the bulletin MS16-071.
- Windows Vista: 2 critical, 2 important
- Windows 7: 1 critical, 2 important
- Windows 8.1: 1 critical, 3 important
- Windows RT 8.1: 1 critical, 2 important
- Windows 10: 2 critical, 4 important
- Windows Server 2008: 3 important, 2 moderate
- Windows Server 2008 R2: 4 important, 1 moderate
- Windows Server 2012 and 2012 R2: 1 critical, 5 important, 1 moderate
- Server core: 1 critical, 3 important, 1 moderate
Other Microsoft Products
All Office products are affected by vulnerabilities described in the bulletin MS16-070. Microsoft Exchange Server is affected by vulnerabilities described in MS16-079.
- Microsoft Office 2007, 2010, 2013, 2013 RT, 2016: 1 critical
- Microsoft Office for Mac 2011, 2016: 1 critical
- Microsoft Office Compatibility Pack SP3: 1 important
- Microsoft Visio Viewer 2007 SP3, 2010: 1 important
- Microsoft Word Viewer: 1 important
- Microsoft SharePoint Server 2010, 2013: 1 important
- Microsoft Office Web Apps 2010, 2013: 1 important
- Office Online Server: 1 important
- Microsoft Exchange Server 2007, 2010, 2013, 2016: 1 important
Security Bulletins
MS16-063 - Cumulative Security Update for Internet Explorer (3163649) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
MS16-068 - Cumulative Security Update for Microsoft Edge (3163656) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
MS16-069 - Cumulative Security Update for JScript and VBScript (3163640) - Critical - Remote Code Execution
This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website.
MS16-070 - Security Update for Microsoft Office (3163610) - Critical - Remote Code Execution
The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
MS16-071 - Security Update for Microsoft Windows DNS Server (3164065) - Critical - Remote Code Execution
The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
MS16-072 - Security Update for Group Policy (3163622) - Important - Elevation of Privilege
The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.
MS16-073 - Security Update for Windows Kernel-Mode Drivers (3164028) - Important - Elevation of Privilege
The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-074 - Security Update for Microsoft Graphics Component (3164036) - Important - Elevation of Privilege
The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.
MS16-075 - Security Update for Windows SMB Server (3164038) - Important - Elevation of Privilege
The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
MS16-076 - Security Update for Netlogon (3167691) - Important - Remote Code Execution
The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.
MS16-077 - Security Update for WPAD (3165191) - Important - Elevation of Privilege
The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.
MS16-078 - Security Update for Windows Diagnostic Hub (3165479) - Important
Elevation of Privilege
The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-079 - Security Update for Microsoft Exchange Server (3160339) -Â Important - Information Disclosure
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.
MS16-080 - Security Update for Microsoft Windows PDF (3164302) - Important - Remote Code Execution
The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user.
MS16-081 - Security Update for Active Directory (3160352) - Important - Denial of Service
This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.
MS16-082 - Security Update for Microsoft Windows Search Component (3165270) - Important - Denial of Service
The vulnerability could allow denial of service if an attacker logs on to a target system and runs a specially crafted application.
Security advisories and updates
MS16-033: Security Update for Windows Embedded Standard 7 (KB3139398)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system.
MS16-064: Security Update for Adobe Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB3163207)
MS16-064: Security update for Adobe Flash Player: May 13, 2016
MS16-065: Security Update for Microsoft .NET Framework 4.6 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3142037)
MS16-065: Description of the security update for the .NET Framework 4.6.1 in Windows 7 SP1 and Windows Server 2008 R2 SP1 and the .NET Framework 4.6 in Windows Vista SP2 and Windows Server 2008 SP2: May 10, 2016
Microsoft Security Advisory 2880823
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
Microsoft Security Advisory 3155527
Update to Cipher Suites for FalseStart
Non-security related updates
Update for Windows 7 (KB2952664)
Update for Windows 7 (KB2977759)
Update for Windows 8.1 and Windows 8 (KB2976978)
Compatibility update for upgrading Windows 7, 7 RTM, 8, 8.1. This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
Update for Windows Embedded 8 Standard (KB3156416)
May 2016 update rollup for Windows Server 2012
Update for Windows 8.1 and Windows 7 (KB3035583)
This update installs the Get Windows 10 app that helps users understand their Windows 10 upgrade options and device readiness.
Update for Windows 8.1 and Windows 7 (KB3123862)
Updated capabilities to upgrade Windows 8.1 and Windows 7
Update for Windows 7 and Windows Server 2008 R2 (KB3125574)
Convenience rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1.
Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2 (KB3139923)
MSI repair doesn't work when MSI source is installed on an HTTP share in Windows
Update for Windows Server 2012 R2 (KB3155444)
PXE client computers freeze during multithread network transfers in Windows Server 2012 R2.
Update for Windows Server 2012 (KB3156416)
May 2016 update rollup for Windows Server 2012
Update for Windows 7 and Windows Server 2008 R2 (KB3156417)
May 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3156418)
May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
Update for Windows 10 (KB3159635)
Windows 10 Update Assistant: To help keep all Windows 10 systems secure and provide the latest features and improvements, the Windows 10 Update Assistant downloads and starts the setup for Windows 10 version 1511.
Update for Windows 10 (KB3147062)
Signing verification failure breaks audio functionality in Windows 10 Version 1511
Update for Windows 8.1, Windows 8, and Windows 7 (KB3150513)
May 2016 Compatibility Update for Windows
Update for Windows 10 (KB3152599)
Preinstalled system applications and Start menu may not work when you upgrade to Windows 10 Version 1511
How to download and install the June 2016 security updates
The security updates that Microsoft published on the June 2016 Patch Day are already available via Windows Update.
While the updates will get picked up eventually, it is possible to run a manual check for updates to speed up the process.
- Tap on the Windows-key, type Windows Update, and hit the Enter-key afterwards.
- Click on the check for updates button to run a manual check for new updates for the operating system.
Windows will check for updates and either download and install them automatically, only download them, or prompt you for actions.
Please note that it is recommended to research Windows updates before you install them to avoid issues after installing them.
Some updates are made available via Microsoft's Download Center, while all security updates via Microsoft's Update Catalog.
All security updates are also made available via security ISO images that Microsoft releases on a monthly basis.
Additional resources
- Microsoft Security Bulletin Summary for June 2016
- List of software updates for Microsoft products
- List of security advisories of 2016
- Our in-depth update guide for Windows
- Windows 10 Update History
After the June 2016 patch day my Windows 7 Action Center erroneously reported that antivirus, spyware protection and firewall (Norton 360 premier) were turned off. A system restore removed these 3 flags. After today’s Windows Update they’re back again. Does anyone know which of the 19 updates may be the culprit?
@Harry Aiking,
Your problem is prbly related to an unfortunately-timed (and apparently not-quite-ready-for-prime-time) Norton product update (22.7), initially released then pulled; for more info see…
https://community.norton.com/en/forums/windows-shows-smart-firewall
hth
Problems reported with – MS16-072: Security update for Group Policy: June 14, 2016 >
http://www.theregister.co.uk/2016/06/15/microsoft_fix_borks_group_policy/
” Admins in outcry as Microsoft fix borks Group Policy”
” Users on Reddit and Microsoft support forums are reporting that after the MS16-072 update was installed, changes were made in Group Policy object (GPO) settings that left previously hidden drives and devices accessible. … Other users report having printers and drive maps become inaccessible and security group settings no longer applying. … The users report that uninstalling the MS16-072 update from PCs and servers remedies the problem, though it is at the expense of leaving the underlying security vulnerability open. … El Reg has asked Microsoft for comment on the matter but has yet to hear back from Redmond at the time of publication. ”
See: – “Known issues”: – https://support.microsoft.com/en-gb/kb/3163622
Thanks for the info!
Martin,
There are some concerns with doing Wind 7 updates. After doing reinstall after windows update broke my system. I did BUY a new windows o/s and upgrade to Professional.
Especially with windows updates (as of June 2016).
I would advise if you have experience with your system to follow along and verify?
The -Op Out- Options in Windows control systems are being ignored?
GO TO: Control Panel\All Control Panel Items\Troubleshooting\Change settings
After shutting it off?
Computer Maintenance – OFF
Other Settings – (x) Allow users to browse for trouble shooters available from Windows Online Troubleshooting service (x) Allow troubleshooting to begin immediately when started
I really don’t need those checked? This is where the telemetry crap originates.
Beginners should keep them checked.
NOTE THERE IS A BLUE “READ THE PRIVACY STATEMENT ONLINE”
Even though I opted out? The Task Manger proves otherwise?
In my opinion there should be an Opt-Out Setting. Too late as Windows 10 takes away that right?
GO TO: Control Panel\All Control Panel Items\Action Center\Change Action Center settings
DON’T MEDDLE WITH THE CHECK MARKS. LEAVE THEM BE IF YOU WANT YOUR SYSTEM
PROTECTED. But there is one glaring one that I wasn’t notified when I installed windows.
Under related settings: See that blue “Customer Experience Improvement Program Settings”
When you click that there is a prompt:
Do you want to participate in the the Windows Customer Experience Improvement Program?
I selected No. Because.
After getting some lags at certain times. I did an AUDIT. And some of you better sit down.
After several days. I decided to AUDIT the Task Scheduler under
Control Panel\All Control Panel Items\Administrative Tools
Select : Run as Admin for “Task Scheduler”
JUST A WARNING FOR the paranoid. Do not change these settings unless you are experienced.
And to protect your system. But this needs to be brought forth to the windows community.
Despite the settings in Control Panel.
There are some glaring entries:
Customer Experience Improvement Program – Even though it’s set to never it connected at
a pre determined time. Don’t delete them. But disable them?
They (MS) needs to be audited and who knows if Windows update is enabling these
behind our backs? Right? I shut it off at the control panel? What gives?
Disk Diagnostic – Same here settings I didn’t authorize?
The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
Right click and disable it? Again don’t delete!
\Microsoft\Windows\Customer Experience Improvement Program
Titled: Consolidator “If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.” and it starts %SystemRoot%\System32\wsqmcons.exe
Again I opted out in Control Panel yet Task Manager proves otherwise?
The USB CEIP (Customer Experience Improvement Program)
“This task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft. The information received is used to help improve the reliability, stability, and overall functionality of USB in Windows. If the user has not consented to participate in Windows CEIP, this task does not do anything.”
Task manager ignored my initial settings?
The most troubling one is Reliability Analysis Component (RAC)
RAC the RAC Agent Scheduled Task – Reliability Analysis Component (RAC)
This one I deleted because it kept being enabled and it locked up my system.
Every time it was the only time.
Those are the only settings that I have a concern with. I wouldn’t be concerned with the others, yet.
Does Windows 10 have the ability manipulate the Task Manager?
Maybe some of the nags could be shut off there?
Thanks for listening.
There is nothing wrong with your computer. Do not attempt to adjust the settings. We are controlling everything. If we wish to make things faster, we will stop some useless tasks. If we wish to make it slower, we will start useless tasks and grind it nearly to a halt. We will control the RAM. We will control the CPU. We can control the screen, make it blank. We can change the focus to a soft blur or sharpen it to crystal clarity. From now on, sit quietly and we will control all that you see, hear and do. We repeat: there is nothing wrong with your computer. You are about to participate in a great adventure. You are about to experience the awe and mystery which reaches from the inner mind to – Microsoft Windows 10.
If you ignore our warning and continue to meddle with our software, you WILL be visited by the TERMINATOR.
You will not like what he does to you !
I recommend to wait several days until someone reviewed it and people reporting it’s ‘good to install’. Since I’m LTSB N user I don’t have this problem. :P
Thanks for the news anyway. :)
Create a system backup at the very least.
Win 7 KB 2952664 ! MS is still trying to sneak in the Win 10 update enabler.
It’s becoming a bit pathetic now isn’t it Martin? Have you heard what the latest Win 10 installed base is lately?
MS has been very quiet with no bragging about numbers.
It’s clear that they are going to shove 2664 and 5583 down our throats from now till at least July 29.
I have mine set to reject all non-criticals. Hopefully they stop this aggression after July.
@Scott, yes, I use GWX Control Panel, and also disable “recommended” updates.
Just use Never 10, it sets policy to Microsoft’s own never get win10 updates.
No word. They will probably release new numbers when the Anniversary Update comes out.
OK Thanks