Microsoft Security Bulletins October 2016

microsoft security updates october 2016
Martin Brinkmann
Oct 11, 2016
Updated • Jan 4, 2018
Companies, Microsoft
|
35

Microsoft released updates for supported operating systems and other company products on today's patch day.

This guide provides you with information on the patches and related information. It covers all security and non-security updates that Microsoft released, plus additional information and links that may prove useful.

It begins with an executive summary highlighting the most important information about the October 2016 Patch day.

This is followed by the list of affected Windows client and server operating systems, and other Microsoft products. The severity and number of updates is listed for each product so that you can see on first glance how products that you use are affected.

What follows is the list of security bulletins, security advisories, and non-security updates that Microsoft released in October 2016.

The last part lists download options, and links to additional resources.

Microsoft Security Bulletins October 2016

microsoft security updates october 2016

Executive Summary

  1. Updates for Windows 7 and 8 are provided as monthly rollup patches instead of individual updates from this Patch day on. We covered this in detail, and suggest you check out this article for details.
  2. Microsoft released a total of 10 security bulletins on the October 2016 Patch Day.
  3. Five of the ten bulletins are rated with a maximum severity rating of critical (highest), the remaining five with a maximum severity rating of important (second highest).
  4. All Microsoft client and server operating systems are affected by vulnerabilities.
  5. Microsoft Silverlight, Microsoft .Net Framwork, Microsoft Office, and various business products are affected as well.

Operating System Distribution

All client versions of windows are affected by MS16-118, Ms16-120 and MS16-122 critically. Windows 8.1, RT 8.1 and Windows 10 are furthermore affected by MS16-127 critically. windows 10 on top of that is affected by MS16-119 critically.

Windows 10 is also affected by MS16-126, rated important, which fixes issues in the Microsoft Internet Messaging API.

MS16-119 is a cumulative security update for Microsoft Edge. MS16-127 updates the integrated Adobe Flash Player on those systems.

  • Windows Vista: 3 critical, 2 important, 1 moderate
  • Windows 7: 3 critical, 2 important, 1 moderate
  • Windows 8.1: 4 critical, 2 important
  • Windows RT 8.1: 4 critical, 2 important
  • Windows 10: 5 critical, 3 important
  • Windows Server 2008: 1 critical, 2 important, 1 moderate, 1 low
  • Windows Server 2008 R2: 1 critical, 2 important, 1 moderate, 1 low
  • Windows Server 2012 and 2012 R2: 1 critical, 2 important, 2 moderate
  • Server core: 1 critical, 3 important

Other Microsoft Products

  • Microsoft .NET Framework Security Only Release: 1 important.
  • Microsoft .NET Framework -Monthly Rollup Release: 1 important.
  • Skype for Business 2016: 1 important.
  • Microsoft Lync 2010, 2013: 1 important.
  • Microsoft Live Meeting 2007 Console: 1 important.
  • Microsoft Silverlight: 1 important
  • Microsoft Office 2007, 2010: 2 important
  • Microsoft Office 2013, 2013 RT, 2016: 1 important
  • Microsoft Office for Mac 2011, 2016: 1 important:
  • Microsoft Word Viewer: 2 important
  • Microsoft Office Compatibility Pack Service Pack 3: 2 important
  • Microsoft SharePoint Server 2010, 2013: 1 important
  • Microsoft Office Web Apps 2010, 2013: 1 important

Security Bulletins

Red = critical

MS16-118 -- Cumulative Security Update for Internet Explorer (3192887)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

MS16-119 -- Cumulative Security Update for Microsoft Edge (3192890)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-120 -- Security Update for Microsoft Graphics Component (3192884)

This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync.

MS16-121 -- Security Update for Microsoft Office (3194063)

This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files.

MS16-122 -- Security Update for Microsoft Video Control (3195360)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory.

MS16-123 -- Security Update for Windows Kernel-Mode Drivers (3192892)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-124 -- Security Update for Windows Registry (3193227)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.

MS16-125 -- Security Update for Diagnostics Hub (3193229)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-126 -- Security Update for Microsoft Internet Messaging API (3196067)

This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory.

MS16-127 -- Security Update for Adobe Flash Player (3194343)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Security advisories and updates

Non-security related updates

KB3194798 -- Update for Windows 10 Version 1607 - The update includes quality improvements according to Microsoft.

KB3192392 -- Security only update for Windows 8.1 and Windows Server 2012 R2

  • Security updates to Microsoft Video Control, kernel-mode drivers, Microsoft Graphics Component, Windows registry, and Internet Explorer 11.

KB3185331 - Monthly Rollup for Windows 8.1 and Windows Server 2012 R2

  • This security update includes improvements and fixes that were a part of update KB3185279 (released September 20, 2016) and also all security updates of KB3192392.

KB3192391 -- Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP

  • Security updates to Windows authentication methods, Internet Explorer 11, Microsoft Graphics component, Microsoft Video Control, kernel-mode drivers, Windows registry, and Microsoft Internet Messaging API.

KB3185330 -- Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

  • This security update includes improvements and fixes that were a part of update KB3185278 (released September 20, 2016), and also resolves the security updates listed under KB3192391

KB3191208 -- Update for Windows 10 Version 1511 -- Can't install Windows servicing updates in Windows 10 Version 1511

KB3197099 -- Dynamic Update for Windows 10 Version 1607 -- Compatibility update for upgrading to Windows 10 Version 1607: October 11, 2016

KB890830 -- Windows Malicious Software Removal Tool - October 2016

KB2952664 -- Update for Windows 7 -- Compatibility update for upgrading Windows 7. See this article for details.

KB2976978 -- Update for Windows 8.1 -- Compatibility update for Windows 8.1 and Windows 8. See this article for details.

KB3192665 -- Update for Internet Explorer -- ActiveX installation that uses AXIS fails after you install MS16-104.

KB3063109 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 -- Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host.

KB3177467 -- Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: September 20, 2016.

KB3179930 -- Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6 and 4.6.1 on Windows 7 and Windows Server 2008 R2.

KB3179949 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 and 4.6 on Vista and Server 2008.

KB3181988 -- Update for Windows 7 and Windows Server 2008 R2 -- SFC integrity scan reports and fixes an error in the usbhub.sys.mui file in Windows 7 SP1 and Windows Server 2008 R2 SP1.

KB3182203 -- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded -- September 2016 time zone change for Novosibirsk.

KB3184143 -- Update for Windows 8.1 and Windows 7 -- Remove software related to the Windows 10 free upgrade offer.

KB3184951 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows Server 2012.

KB3185278 -- Update for Windows 7 and Windows Server 2008 R2 -- September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.

  • Improved support for the Disk Cleanup tool to free up space by removing older Windows Updates after they are superseded by newer updates.
  • Removed the Copy Protection option when ripping CDs in Windows Media Audio (WMA) format from Windows Media Player.
  • Addressed issue that causes mmc.exe to consume 100% of the CPU on one processor after installing KB3125574.
  • Addressed issue that causes the Generic Commands (GC) to fail upon attempting to install KB2919469 or KB2970228 on a device that already has KB3125574 installed.
  • All reported changes here.

KB3185279 -- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 -- September 2016 update rollup for Windows 8.1 and Windows Server 2012 R2.

  • Addressed issue that causes some USB storage devices to lose authorization when the device goes into the lowest power state, requiring user to re-authenticate using PIN when the device moves back to a working power state.
  • Addressed issue that causes Windows Explorer to become unresponsive when sharing a folder that is the child of at least two shared parent folders.
  • Addressed issue that causes a COM port to become unavailable after it is repeatedly opened and closed.
  • Addressed issue that causes devices to lose connection to their virtual private network (VPN) a few seconds after connecting, if the connection is made using an integrated mobile broadband connection.
  • All reported changes here

KB3185280 -- Update for Windows Embedded 8 Standard and Windows Server 2012 -- September 2016 update rollup for Windows Server 2012.

KB3186208 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2.

KB3159635 -- Update for Windows 10 Version 1607 -- Windows 10 Update Assistant update.

How to download and install the October 2016 security updates

The monthly rollup patch is offered through Windows Update. It includes all non-security and security updates that Microsoft released this month.

  1. Tap on the Windows-key, type Windows Update, hit the Enter-key.
  2. Click on the check for updates link if that is not done automatically.
  3. Depending on your update policy, updates found are downloaded automatically, or need a manual trigger.

Updates are also provided via Microsoft's Download Center, monthly Security ISO image releases, and via Microsoft's Update Catalog.

Direct Microsoft Update Catalog download links:

  1. Windows 7 Security-only October 2016
  2. Windows 8.1 Security-only October 2016
  3. Windows 8.1 Flash security patch October 2016

Additional resources

Summary
Microsoft Security Bulletins October 2016
Article Name
Microsoft Security Bulletins October 2016
Description
Microsoft Security Bulletins October 2016 provides you with an overview of all security and non-security patches Microsoft released in that month.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

Microsoft reportedly discussed selling Bing to Apple in 2020

Microsoft reportedly discussed selling Bing to Apple in 2020
Meta Connect 2023 recap

Meta Connect 2023 is over and Quest 3 is finally available for pre-order
iOS 17.1 and iPadOS 17.1 beta released

iOS 17.1 and iPadOS 17.1 beta released
How to enable macOS Sonoma Game Mode

Seamless gaming on your Apple devices with macOS Sonoma
Google 25th birthday surprise spinner

Happy birthday Google!
Apple defends Google

Apple defends Google in a court hearing

Tutorials & Tips

How to change YouTube handle

MusicLM: Google Music AI is here to change the music industry

How to use Personal Voice on iOS 17

How to send GIFs on iPhone: Two different ways


Previous Post: «
Next Post: «

Comments

  1. The Dark Lady said on July 9, 2023 at 11:19 am
    Reply

    Martin, I would appreciate that you do not censor this post, as it’s informative writing.

    Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).

    For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.

    You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.

    If you used AI to help write this article, it has failed miserably.

  2. KeZa said on August 17, 2023 at 5:58 pm
    Reply

    AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI

  3. Database failure said on August 18, 2023 at 5:21 pm
    Reply

    Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.

    Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.

  4. Howard Pearce said on August 25, 2023 at 12:24 pm
    Reply

    Don’t tell me!

    Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!

    Bring in the dictatorship!!!

    And screw Rreedom of Association – too radical for Ghacks maybe

  5. Howard Allan Pearce said on September 7, 2023 at 9:13 am
    Reply

    GateKeeper ?

    That’s called “appointing” businesses to do the state’s dirty work!!!!!

    But the article says itself that those appointed were not happy – implying they had not choice!!!!!!

  6. owl said on September 7, 2023 at 9:50 am
    Reply

    @The Dark Lady,
    @KeZa,
    @Database failure,
    @Howard Pearce,
    @Howard Allan Pearce,

    Note: I replaced the quoted URI scheme: https:// with “>>” and posted.

    The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
    >> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
    Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
    >> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
    As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
    How to display only articles by a specific author:
    Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
    >> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033

    By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
    RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
    >> github.com/martinrotter/rssguard#readme

  7. Anonymous said on September 14, 2023 at 6:41 pm
    Reply

    We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.

  8. Anonymous said on September 18, 2023 at 1:31 pm
    Reply

    “Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”

    Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.

  9. sean conner said on September 27, 2023 at 6:21 am
    Reply

    No, they didn’t lmao.

    https://twitter.com/vxunderground/status/1706523877478670542

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Ghacks Newsletter Sign Up

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2023 - All rights reserved