Microsoft Security Bulletins September 2016

microsoft security bulletins september 2016
Martin Brinkmann
Sep 13, 2016
Updated • Jan 4, 2018
Companies, Microsoft
|
32

The following guide provides you with information about Microsoft's September 2016 Patch Day covering all security updates and non-security patches.

Microsoft publishes security patches on the second Tuesday of each month that fix security issues in Microsoft Windows and other company products. This month, the updates were released on September 13, 2016.

The overview starts with an executive summary that provides you with the most important bits of information.

What follows is the operating system and other Microsoft product distribution listing. It lists all versions of Windows, and how each is affected this month by the released security updates.

We list all security bulletins, security advisories and non-security patches that Microsoft released afterwards. Each links to the patch's KB article on the Microsoft website for quick access to Microsoft information on it.

The last part lists download options and links to additional resources that you may find useful.

Microsoft Security Bulletins September 2016

microsoft security bulletins september 2016

Executive Summary

  • Microsoft released a total of 14 security bulletins in September 2016.
  • 7 of the bulletins are rated with the highest severity rating critical, the remaining 7 bulletins with the second highest rating important.
  • Affected products include all versions of Microsoft Windows that are supported by Microsoft, as well as Microsoft Office, Microsoft Exchange Server, and Internet Explorer / Edge.

Operating System Distribution

All client versions of Windows are affected by the critically rated bulletin MS16-104 and MS16-116 (Internet Explorer vulnerability), while Windows 10 is also affected by MS16-105 which addresses vulnerabilities in Microsoft Edge.

Windows 10 is also the only operating system that is critically affected by MS16-106. Last but not least, only Windows 8.1 and newer versions of Windows are affected by the critically rated bulletin Ms16-117 (security update for built-in Adobe Flash Player).

  • Windows Vista: 2 critical, 4 important
  • Windows 7: 2 critical, 4 important
  • Windows 8.1: 3 critical, 6 important
  • Windows RT 8.1: 3 critical, 6 important
  • Windows 10: 5 critical, 6 important
  • Windows Server 2008: 4 important, 2 moderate
  • Windows Server 2008 R2: 4 important, 2 moderate
  • Windows Server 2012 and 2012 R2: 6 important, 3 moderate
  • Server core: 5 important, 1 moderate

Other Microsoft Products

  • Microsoft Office 2007, 2010: 1 critical
  • Microsoft Office 2013, 2013 RT, 2016: 1 critical
  • Microsoft Office for Mac 2011, 2016: 1 critical
  • Microsoft Word Viewer: 1 critical
  • Microsoft PowerPoint Viewer: 1 critical
  • Microsoft Excel Viewer: 1 critical
  • Microsoft Office Compatibility Pack Service Pack 3: 1 critical
  • Microsoft SharePoint Server 2007, 2010, 2013: 1 critical
  • Microsoft Office Web Apps 2010: 1 critical
  • Microsoft Office Web Apps 2013: 1 critical, 1 important
  • Microsoft Exchange Server 2007, 2010, 2013, 2016: 1 important
  • Microsoft Silverlight: 1 important

Security Bulletins

Red = critical

MS16-104 - Cumulative Security Update for Internet Explorer (3183038)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS16-105 - Cumulative Security Update for Microsoft Edge (3183043)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-106 - Security Update for Microsoft Graphics Component (3185848)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.

MS16-107 - Security Update for Microsoft Office (3185852)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

MS16-108 - Security Update for Microsoft Exchange Server (3185883)

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

MS16-109 - Security Update for Silverlight (3182373)

This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application.

MS16-110 - Security Update for Windows (3178467)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.

MS16-111 - Security Update for Windows Kernel (3186973)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.

MS16-112 - Security Update for Windows Lock Screen (3178469)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.

MS16-113 - Security Update for Windows Secure Kernel Mode (3185876)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

MS16-114 - Security Update for SMBv1 Server (3185879)

This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server.

MS16-115 - Security Update for Microsoft Windows PDF Library (3188733)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.

MS16-116 - Security Update in OLE Automation for VBScript Scripting Engine (3188724)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.

MS16-117 - Security Update for Adobe Flash Player (3188128)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Security advisories and updates

Microsoft Security Advisory 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege

Microsoft Security Advisory 3174644 - Updated Support for Diffie-Hellman Key Exchange

Non-security related updates

KB3185662 - Update for Windows Vista - Windows Journal update for Windows Vista SP2.

KB3189031 - Update for Adobe Flash Player for Windows 10 Version 1607

KB3189866 - Cumulative Update Patch for Windows 10 Version 1607 September 13, 2016.

KB3176939 - Cumulative Update Patch for Windows 10 Version 1607 August 31, 2016.

KB3176934 - Cumulative Update Patch for Windows 10 Version 1607 August 23, 2016.

KB3187022 - Update for Windows Server 2008 and Windows Vista - Print functionality is broken after any of the MS16-098 security updates are installed.

KB3187022 - Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, and Windows Server 2008 R2 - Print functionality is broken after any of the MS16-098 security updates are installed.

KB2922223 - Update for Windows Embedded 8 Standard - You cannot change system time if RealTimeIsUniversal registry entry is enabled in Windows

KB3177723 - Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded - 2016 — Egypt cancels DST

KB3179573 - Update for Windows 7 and Windows Server 2008 R2 - August 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1. List of changes available here.

KB3179574 - Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 - August 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. List of changes available here.

KB3179575 - Update for Windows Embedded 8 Standard and Windows Server 2012 - August 2016 update rollup for Windows Server 2012. List of changes available here.

How to download and install the September 2016 security updates

Windows Update is the primary method of patch distributing for Home computer systems running Windows.

The service is configured to check for updates regularly, and download and install important updates automatically. This includes all security updates for the operating system, and maybe also other patches that Microsoft considers important enough.

Windows Update does not perform real-time checks for updates. You may want to run a manual update check if you want the patches to be downloaded as quickly as possible.

We suggest you back up your system prior to installing patches so that you can restore it should one or multiple patches cause issues on the system after installation.

You can run a manual update check in the following way:

  1. Tap on the Windows-key on the keyboard, type Windows Update and hit the Enter-key to open the application.
  2. Windows may run an update check automatically right away. If that is not the case, click on "check for updates" on the page to run a manual check for updates.

You may want to research all updates before you install them on your system.

Updates are also provided via Microsoft's Download Center, monthly Security ISO image releases, and via Microsoft's Update Catalog.

Additional resources

Summary
Article Name
Microsoft Security Bulletins September 2016
Description
The Microsoft Security Bulletins September 2016 overview provides you with in-depth information about all Windows September patches.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

How to use Multiview on YouTube TV

YouTube TV now supports 4 simultaneous streams
Amazon AI

Alexa is now much smarter thanks to LLM
Amazon Echo Show 8 3rd gen 2023

Amazon Echo Show 8 3rd gen and Echo Hub smart home devices announced
Amazon Fire TV Stick 4K 2023

Amazon Fire TV Stick 4K and Fire TV Stick 4K Max announced
How to fix iOS 17 charging issues and iPhone not charging error

Your iPhone won't charge after iOS 17 update? Here is what you can do
Groceries list in the Reminders app in iOS 17

How to create an automatically-sorting Groceries list in the Reminders app in iOS 17

Tutorials & Tips

How to change YouTube handle

MusicLM: Google Music AI is here to change the music industry

How to use Personal Voice on iOS 17

How to send GIFs on iPhone: Two different ways


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Ghacks Newsletter Sign Up

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2023 - All rights reserved