Microsoft Security Bulletins August 2016

Martin Brinkmann
Aug 9, 2016
Updated • Jan 4, 2018
Companies, Microsoft
|
9

The following overview provides you with information on all security bulletins and updates that Microsoft released in August 2016.

Microsoft releases security patches on the second Tuesday of each month. This month, the updates were released on August 9, 2016.

The overview begins with an executive summary listing the most important information. It is followed by the operating system distribution, and information about patches for other Microsoft products.

What follows is a list of all security bulletins, security advisories and non-security patches that Microsoft released this month.

The final part offers download instructions, and links to various resources for further information.

Microsoft Security Bulletins August 2016

Executive Summary

  • Microsoft published a total of 9 security bulletins in August 2016.
  • 5 of the bulletins received an aggregate severity rating of critical, the remaining ones the second-highest rating of important.
  • Affected products include all client and server Windows operating systems, Microsoft Office, Internet Explorer, Microsoft Edge, and Skype for Business 2016.

Operating System Distribution

All client and server operating systems are affected by at least one bulletin rated critically for the system.

Windows 10 is affected by the most bulletins. This can be explained by the cumulative Microsoft Edge bulletin MS10-096 and the Windows PDF Library bulletin MS10-102. Windows 8.x is also affected by the latter but not by the former.

Windows 10 is furthermore affected by MS16-103 rated important, while all other client operating systems are not.

The situation looks identical on the server side of things.

  • Windows Vista: 2 critical, 3 important
  • Windows 7: 2 critical, 3 important
  • Windows 8.1: 3 critical, 3 important
  • Windows RT 8.1: 2 critical, 2 important
  • Windows 10: 4 critical, 4 important
  • Windows Server 2008: 1 critical, 3 important, 1 moderate
  • Windows Server 2008 R2: 1 critical, 3 important, 1 moderate
  • Windows Server 2012 and 2012 R2: 2 critical, 3 important, 1 moderate
  • Server core: 2 critical, 3 important

Other Microsoft Products

  • Microsoft Office 2007, 2010: 2 important
  • Microsoft Office 2013, 2013 RT, 2016: 1 critical
  • Microsoft Office for Mac 2011, 2016: 1 critical
  • Microsoft Word Viewer: 1 critical, 1 important
  • Skype for Business 2016: 1 important
  • Microsoft Lync 2010, 2013: 1 important
  • Microsoft Live Meeting 2007 Console: 1 important

Security Bulletins

MS16-095

Cumulative Security Update for Internet Explorer (3177356) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS16-096

Cumulative Security Update for Microsoft Edge 3177358) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-097

Security Update for Microsoft Graphics Component (3177393) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution.

MS16-098

Security Update for Windows Kernel-Mode Drivers (3178466) - Important - Elevation of Privilege

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-099

Security Update for Microsoft Office (3177451) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

MS16-100

Security Update for Secure Boot (3179577) - Important - Security Feature Bypass

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs a policy affected by the vulnerability onto a target device.

MS16-101

Security Update for Windows Authentication Methods (3178465) - Important - Elevation of Privilege

This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.

MS16-102

Security Update for Microsoft Windows PDF Library (3182248) - Critical - Remote Code Execution

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

MS16-103

Security Update for ActiveSyncProvider (3182332) - Important - Information Disclosure

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection.

Security advisories and updates

Microsoft Security Advisory 3179528

Update for Kernel Mode Blacklist

Microsoft is blacklisting some publicly released versions of securekernel.exe.

Non-security related updates

KB3176495, KB3176493, KB3176492

Windows 10 Version 1607 Cumulative Updates August 9, 2016 for the three different versions of windows 10 (Anniversary Update, Built 10586, and Build 10240)

Lots of fixes, includes the security updates. All information on this page.

KB3176929

Windows 10 Version 1607 Cumulative Update August 2, 2016

Update that includes a number of fixes and improvements. This includes Edge extension and background task improvement among other things. All changes are listed on this page.

KB3161102

Update for Windows 8.1 and Windows 7

Update for Windows Journal component removal. This update lets users remove the Windows Journal component immediately. Users who require Windows Journal can install it as a standalone application by going here.

KB3172605

July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

Know issue affects Intel Bluetooth devices. The following changes are included in the update rollup:

  • Improved support in Microsoft Cryptographic Application Programming Interface (CryptoAPI) to help identify websites that use Secure Hash Algorithm 1 (SHA-1).
  • Addressed issue in Microsoft Secure Channel (SChannel) that sometime causes Transport Layer Security (TLS) 1.2 connections to fail depending on whether the root certificate is configured as part of the certificate chain for server authentication.

KB3172614

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

This update introduces a wide variety of updates (mostly fixes to existing issues). You find the all listed on this page.

KB3035583

Update for Windows 8.1 and Windows 7

Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1

KB3172615

Update for Windows Embedded 8 Standard and Windows Server 2012

July 2016 update rollup for Windows Server 2012. The update fixes several issues and makes improvements to supported operating systems. The full list is accessible here.

How to download and install the August 2016 security updates

windows update-security bulletins august 2016

All security updates are made available on Windows Update. Windows home devices are configured by default to use Windows Update.

Depending on the configuration, updates may be downloaded and installed automatically.

The check for updates does not happen in real-time though. If you want to grab the updates right when they become available, do the following:

  1. Tap on the Windows-key on the computer keyboard, type Windows Update, and hit enter.
  2. This should open the Windows Update dialog. Windows may run a check for updates automatically, or after you click on the "check for updates" button or link.

Updates that are found are either downloaded and installed automatically, or on user request.

It is recommended to research all Windows updates before installing them on productive machines. The reason for this is that updates may break functionality or in the worst case prevent the system from booting at all.

It is recommended to create a system backup prior to installing updates as well.

Updates are also provided via Microsoft's Download Center, monthly Security ISO image releases, and via Microsoft's Update Catalog.

Additional resources

Summary
Article Name
Microsoft Security Bulletins August 2016
Description
The following overview provides you with information on all security bulletins and updates that Microsoft released in August 2016.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.