Welcome to the Microsoft Security Bulletins overview for July 2016. The overview covers July's Patch Day, and all patches released by Microsoft on July 12, 2016 for Windows and other company products.
It starts with an executive summary that reveals important information about this month's security patches. It is followed by the operating system and Microsoft product distribution listing, revealing how specific Microsoft products are affected this month.
This is followed by the list of security bulletins released by Microsoft in July 2016, and the list of security advisories, updates, and non-security updates released since the June 2016 patch day.
The final part of the overview provides you with download information and links to additional resources.
Executive Summary
All client and server Windows operating systems are affected by at least one critical security vulnerability. In fact, all are affected by MS16-087, a vulnerability in Windows Print Spooler Components in a critical way.
Vista is the only client system affected by MS16-086, a cumulative security update for JScript and VBScript, and Windows Server 2008 the only server system affected by it but only with a moderate severity rating.
Windows 10 is the only client system affected by MS16-085, a cumulative security update for Microsoft Edge.
Windows 8.1 and newer systems are affected by MS16-093, another critically rated bulletin affecting Adobe Flash Player contained within IE10 and newer.
Last but not least, they receive updates described in MS16-092 and MS16-094. The updates fix secure boot and kernel security issues.
Cumulative Security Update for Internet Explorer (3169991) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Cumulative Security Update for Microsoft Edge (3169999) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Cumulative Security Update for JScript and VBScript (3169996) - Critical - Remote Code Execution
This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
Security Update for Windows Print Spooler Components (3170005) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.
Security Update for Microsoft Office (3170008) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
Security Update for Windows Secure Kernel Mode (3170050) - Important - Information Disclosure
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Security Update for Windows Kernel-Mode Drivers (3171481) - Important - Elevation of Privilege
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Security Update for .NET Framework (3170048) - Important - Information Disclosure
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.
Security Update for Windows Kernel (3171910) - Important - Security Feature Bypass
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.
Security Update for Adobe Flash Player (3174060) - Critical - Remote Code Execution
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10.
Security Update for Secure Boot (3177404) - Important - Security Feature Bypass
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.
MS16-083: Security Update for Adobe Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB3167685)
KB2952664: Update for Windows 7 - Compatibility update for upgrading Windows 7.
KB2976978: Update for Windows 8.1 and Windows 8 - Compatibility update for Windows 8.1 and Windows 8.
KB2977759: Update for Windows 7 - Compatibility update for Windows 7 RTM.
KB3170735: Update for Windows 8.1 and Windows 7 - July 2016 Update for Windows Journal.
KB3163589: Update for Windows 8 and Windows 7 - "Your PC is running an outdated version of Windows" notification.
KB3173040: Update for Windows 8.1 and Windows 7 - Windows 8.1 and Windows 7 SP1 end of free upgrade offer notification.
KB3161606: Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 - June 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
Issues that the update fixes:
KB3161608: Update for Windows 7 and Windows Server 2008 R2 - June 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
Issues that the update fixes:
KB3161609: Update for Windows Embedded 8 Standard and Windows Server 2012 - June 2016 update rollup for Windows Server 2012
Issues that the update fixes:
All security updates are already available on Windows Update. Windows Update is the built-in update service of Windows devices, and configured by default to download critical patches automatically.
The service does not check for updates in real-time. If you want to speed up the process, do the following:
Windows checks for available updates. What happens next depends on how updating is configured on the device. Updates may be downloaded and installed automatically, or you may be notified about them only.
The latter gives you greater control over the updating process.
We recommend highly that you research updates released for Windows before you install them on your machines. Updates may break systems, and have done so in the past. At the very least, create a system backup before you install the updates.
Some updates are available on Microsoft's Download Center, as Security ISO images, and via Microsoft's Update Catalog.
Additional resources
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
Thanks for the updates.
Guys, is there any up-to-date list of all updates that are bringing telemetry and gwx.exe to Windows 7? I tired to locate such but with no luck – in terms of constantly updating on what are bringing new patches.
These are all that are still sent afaik. As seen on Windows 7 Ultimate x64
imgur com/f2FeWCg
I have a longer list from someone, but they’re just not sent anymore.
Had to download the windows x64 cummulative update manually and install…. it was stalled with auto update :|
Things seem to be ok tho – the rest of the auto update went fine
That happened to me too, on one of my computers… On my 2 laptops everything worked fine, but I had to download and install the cumulative update manually on my desktop…
Are you sure it stalled? How much time you gave it? Some times ( especially when Windows 8 and then 10 came out ) I had to let it about 30 minutes in order to get “unstuck”. It seemed like it stalled, but you’ve to give it time. My PC and connection weren’t the problem -both relatively fast and I’ve no HDDs, only 2 Samsung 850 SSDs.
However this particular update went extremely fast. No problems have been detected. After the reboot, went to piss and when I came back it was already at the desktop.
I gave it a full hour where it stalled at 86% and was downloading about 1% every 20 minutes.
Sorry for the slight offtopic – but is there a way to actually disable automatic updates in Windows 10 Education?
Seriously, I’m tired of it.
The most I’d be willing to tolerate is notifications that new updates are available (and I don’t even necessarily want those).
But you know, actually being able to choose what I want to install and not being nagged to restart for eternity would be nice, definitely.
I’ve disabled Windows Update on my PCs till now and just took time once a month to review and install them so they never got in my way.
This month’s Security Bulletins reminded me of what I dislike about the Windows 10 Update Client. It’s so utterly opaque for the end user. It took a while to download the updates and then the whole install and reboot made it about an hour. Upon starting up, I was informed that an update had failed to install. No mention of which one or why it failed. So I manually checked for updates and it failed because “something” was wrong. The update troubleshooter fixed the something (again not telling me exactly what was fixed. And another check found nothing needing to be updated. So the update actually succeeded but was reported as a fail because of some corruption in the process.
Since Microsoft is now doing ‘Monthly Update Rollups’ along with the updates, are they safe to install as the full bundle? Specifically: KB3161608- Update for Windows 7 and Windows Server 2008 R2 – June 2016 update rollup.
I see the contents but I’m curious if we should simply accept the full rollup or look for the specific items inside that we think we can use and go get them separately?
Re: KB3161608
This update should fix the multi-hour long scan times for Windows Update that many users have been experiencing over the past few months, myself included. I have my fingers crossed that it’s effective.
The downside is primarily in the added cipher suites that are likely to break secure network applications all over the place, mostly in the enterprise sector. Fortunately there are some workarounds:
http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/problems-with-kb-3161608-and-kb-3161639/2cd5ffb3-c203-4080-872f-73de1a96e080?page=1
For regular users the biggest drawback of KB3161608 is that it breaks Bluetooth functions, particularly Intel’s Bluetooth devices but others may be affected as well:
https://communities.intel.com/thread/104414
Thanks Beemeup4, There are parts of the rollup I want, but others, not so much. I’ve been reading in a lot of places that Microsoft dropped the ball big time on this one so i wanted to hear other’s comments before I did anything. I have been plagued by long WU scans as well, some lasting a whole day. Fixing that would be the objective but breaking other stuff seems to be the side effect. I am presuming that the monthly rollups should now been watched with caution and hesitancy as well.
Martin – my Windows Update has stopped working since October 2015, I really do not know the reason why. Is there a cumulative download available, using which I can bring Windows 10 up-to-date with the current patches? Thank you.
What happens when you check for updates? You could try a third-party download program such as http://www.wsusoffline.net/