Microsoft released updates for supported operating systems and other company products on today's patch day.
This guide provides you with information on the patches and related information. It covers all security and non-security updates that Microsoft released, plus additional information and links that may prove useful.
It begins with an executive summary highlighting the most important information about the October 2016 Patch day.
This is followed by the list of affected Windows client and server operating systems, and other Microsoft products. The severity and number of updates is listed for each product so that you can see on first glance how products that you use are affected.
What follows is the list of security bulletins, security advisories, and non-security updates that Microsoft released in October 2016.
The last part lists download options, and links to additional resources.
Executive Summary
All client versions of windows are affected by MS16-118, Ms16-120 and MS16-122 critically. Windows 8.1, RT 8.1 and Windows 10 are furthermore affected by MS16-127 critically. windows 10 on top of that is affected by MS16-119 critically.
Windows 10 is also affected by MS16-126, rated important, which fixes issues in the Microsoft Internet Messaging API.
MS16-119 is a cumulative security update for Microsoft Edge. MS16-127 updates the integrated Adobe Flash Player on those systems.
Red = critical
MS16-118 -- Cumulative Security Update for Internet Explorer (3192887)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
MS16-119 -- Cumulative Security Update for Microsoft Edge (3192890)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
MS16-120 -- Security Update for Microsoft Graphics Component (3192884)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync.
MS16-121 -- Security Update for Microsoft Office (3194063)
This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files.
MS16-122 -- Security Update for Microsoft Video Control (3195360)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory.
MS16-123 -- Security Update for Windows Kernel-Mode Drivers (3192892)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
MS16-124 -- Security Update for Windows Registry (3193227)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.
MS16-125 -- Security Update for Diagnostics Hub (3193229)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
MS16-126 -- Security Update for Microsoft Internet Messaging API (3196067)
This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory.
MS16-127 -- Security Update for Adobe Flash Player (3194343)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
KB3194798 -- Update for Windows 10 Version 1607 - The update includes quality improvements according to Microsoft.
KB3192392 -- Security only update for Windows 8.1 and Windows Server 2012 R2
KB3185331 - Monthly Rollup for Windows 8.1 and Windows Server 2012 R2
KB3192391 -- Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP
KB3185330 -- Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
KB3191208 -- Update for Windows 10 Version 1511 -- Can't install Windows servicing updates in Windows 10 Version 1511
KB3197099 -- Dynamic Update for Windows 10 Version 1607 -- Compatibility update for upgrading to Windows 10 Version 1607: October 11, 2016
KB890830 -- Windows Malicious Software Removal Tool - October 2016
KB2952664 -- Update for Windows 7 -- Compatibility update for upgrading Windows 7. See this article for details.
KB2976978 -- Update for Windows 8.1 -- Compatibility update for Windows 8.1 and Windows 8. See this article for details.
KB3192665 -- Update for Internet Explorer -- ActiveX installation that uses AXIS fails after you install MS16-104.
KB3063109 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, and Windows Server 2008 R2 -- Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host.
KB3177467 -- Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: September 20, 2016.
KB3179930 -- Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6 and 4.6.1 on Windows 7 and Windows Server 2008 R2.
KB3179949 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 and 4.6 on Vista and Server 2008.
KB3181988 -- Update for Windows 7 and Windows Server 2008 R2 -- SFC integrity scan reports and fixes an error in the usbhub.sys.mui file in Windows 7 SP1 and Windows Server 2008 R2 SP1.
KB3182203 -- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded -- September 2016 time zone change for Novosibirsk.
KB3184143 -- Update for Windows 8.1 and Windows 7 -- Remove software related to the Windows 10 free upgrade offer.
KB3184951 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows Server 2012.
KB3185278 -- Update for Windows 7 and Windows Server 2008 R2 -- September 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.
KB3185279 -- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 -- September 2016 update rollup for Windows 8.1 and Windows Server 2012 R2.
KB3185280 -- Update for Windows Embedded 8 Standard and Windows Server 2012 -- September 2016 update rollup for Windows Server 2012.
KB3186208 -- Reliability Rollup for Microsoft .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2.
KB3159635 -- Update for Windows 10 Version 1607 -- Windows 10 Update Assistant update.
The monthly rollup patch is offered through Windows Update. It includes all non-security and security updates that Microsoft released this month.
Updates are also provided via Microsoft's Download Center, monthly Security ISO image releases, and via Microsoft's Update Catalog.
Direct Microsoft Update Catalog download links:
Additional resources
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
KB2952664 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
KB2976978 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
They just DO NOT give up trying to foist Win 10 on users.
Now all we need is KB3035583.
There was one 115mb security update, any way to unpack that update and then install those one by one?
Not aware of any option to do that. Maybe someone will come up with something but for now, does not look that way.
How can someone know what these patches do?
I look at Microsoft(TM) site and they list these KB…
I look at one of them, the info is a .csv
The .csv has nothing about what the patch does.
Well, M$ it is another point against you.
Cant understand the deference between ‘”Security Monthly Quality Rollup” and “Security Only Quality update”.
Monthly Rollup includes non-security and security patches. Security-only update only security updates. The former is provided via Windows Update, the latter not.
Martin:
So wait, the “Security Monthly Quality Rollup” also includes non-security updates?
Could Microsoft have made it any more confusing? Are they trying to hide telemetry crap in what is supposed to look like a security update?
BTW, according to https://support.microsoft.com/kb/3185330
everything in that rollup appears to be security related. Can you explain why you are reporting that it also contains non-security updates?
And what about KB3188740? Does it contain non-security updates?
There are two updates: Security-only, which supposedly contains only the security updates released for the month, and the Monthly Rollup, which contains security and non-security updates.
I think this is a naming issue. This appears to be the monthly rollup patch that includes security and non-security updates. No idea why Microsoft named it “security monthly quality rollup”. It does include non-security patches as mentioned in the second sentence.
.NET Framework updates are not included in the monthly rollup updates. They are provided separately.
October 2016 Patch Tuesday Win10 1607 now is OS Build 14393.321 downloaded and installed successfully for me. Entire process took 45 minutes to complete. Download slowed to a crawl at 84-95% so be patient about it! You might think it is stuck when in fact it taking it’s sweet time. All is stable and good now. Loving Win10 and all updates. SemperFedelis.
no claqueurs please.
“Loving Win10 and all updates.”
Good for you.
I don’t want to break your enthusiasm, Wayne, and if everything fits to your expectations than great. I only wish to mention the Stockholm syndrome which could explain the attitude of some Win10 lovers. Please don’t take it bad, nowadays this pathology is very well handled, there’s nothing to be ashamed of, but being aware as always will definitely accelerate the recovery. We’ll be here in case you need any help, don’t worry.
Thanks Martin, For again a well written and informed mount update overview!
I have updated main windows 7 system pro to the Windows 10 two mount ago!
This mount I am struggling with updating (to main new SSD) main Windows 10 x64 bit pro version (based PC AT/AT Compatible) from Version 10.0.10240 to the newer version Windows 10 Jubilee edition version 1607.
Main Intel SSDSC2bw240h6 (IDE) will not update and freezes the update around 25 %.
Do you have any suggestion what I can do?
Are you using Windows Update for that? Or how do you update the PC? Freezing issues seem to be quite common. Check the resource monitor or network monitor to see if traffic still comes from Microsoft.
@ Paulus ……. Maybe u should first upgrade from Win 10 RTM Build 10240 to Build 10586 or Version 1511, n then upgrade from Build 10586 to Build 14393 or Version 1607.
……. This 2-step upgrade will likely take a long time to complete bc each Build is a 3+GB download n install.
.
Or do a fresh-install of Win 10 Version 1607 via M$’s website, ie use the Win 10 Media Creation Tool.
.
SSD should be configured in the BIOS setting as SATA or AHCI, n not as IDE or PATA(= old technology).
Yes, indeed this cumulative October update went fast and smooth this time, compared with previous versions , a lot better, did not encounter any problems also, so far………..
Another restart tuesday…. joy
Nice if you can even download them, gave up after 4 hours.
Most of updates will be spy on the sheeple. The uninformed, so many now.
Win 7 64
Option 4: What just happened to Samsung I hope the same for Microsoft.
IOW, Micro$oft hv made Win 7/8.1 to be as bad as Win 10, likely in order to push Win 7/8.1 users onto Win 10, ie M$ r trying to make it not worthwhile for users to stay on Win 7/8.1 n not upgrade to Win 10.
.
Seems, this is M$’s revenge against Win 7/8.1 users for rejecting their 1-year free Win 10 upgrade n hiding their Win 10-style Telemetry updates.
……. Prior to April 2016, a freshly-installed Win 7 SP1 had no problems updating thru Windows Update. Since April 2016, M$ “force” freshly-installed Win 7 to hv to first manually install M$’s Telemetry updates(= KB3172605 n KB3020369) b4 Windows Update would work. This had also affected those Win 7/8.1 users who had hidden M$’s Telemetry updates.
…….In fact, Convenience Update Rollups for Win 7/8.1 had already begun in May 2016 but it was optional. KB3172605 is the July 2016 Update Rollup. This Oct 2016 Patch Rollup is compulsory, ie Win 7/8.1 users can’t pick-n-choose the installation of individual updates anymore.
.
Likely, M$ hv reintroduced KB2952664 n KB2976978 in anticipation of Win 7/8.1 users clamoring to upgrade to Win 10 bc M$ will be sending the Nov or Dec 2016 Patch Rollup to purposely bork Win 7/8.1 cptrs, like how M$ hv been ineptly borking n bricking Win 10 cptrs thru forced cumulative auto-updates.
Should I just download KB3192391 and the other updates, avoiding the two monthly rollups I got?
You can always download right from Microsoft’s Catalog, either with IE or if with another browser using the RSS workaround with the link as mentioned in the article :
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=KB3192391
Remember to choose x64 if applicable.
Download and wait before installing, read the articles and users’ feedback, take your time, give yourself at least a week.
Concerning Windows Update and downloading the full roll-up, do as you feel it but I won’t :
“The Windows 7 users who want to keep their systems fully updated will soon be unable to avoid installing KB2952664. Monthly update rollups include all the previous system updates, and by agreeing to install the rollup you also install the whole content of the update package. Now, if you want to keep KB2952664 away from your computer, the safest solution is to simply avoid monthly rollups via Windows Update and install only stand-alone update packages.”
SOURCE : http://windowsreport.com/windows-7-kb2952664/
Not even sure at this time if I can trust the security only update … wait and see. It’ll be like this once a month, Microsoft’s Pain Tuesday.
Andrej: It is confusing…See user Tudor’s link in the article about this on AskWoody. I downloaded and saved for Win 7 in Firefox, have not installed yet, waiting to see how it works out :) kb3192391 x64.msu. Have win update set to Never, if I do install it would do so offline.
Here with Windows 7 it’ll be, it’ll be only and it’ll be if within a week or so the patch will have proved to be clean :
KB3192391 — Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP
via the RSS workaround in order to avoid using IE which is disabled here.
I dislike to feel in the obligation of having to adopt a radical approach but doing so prevented me from getting trapped by the Windows 10 upgrade swindle so I’ll carry on the precautions, not that I fear a GWX return but mainly for avoiding patches which would hide telemetry under questionable non-security fixes and even security only ones which is why i’ll wait a week or so before applying them.
As many I have not an ounce of confidence in Microsoft.
Hi Martin,
What about Windows Malicious Software Removal Tool is it included in “Security only Quality Update” or “Security Monthly Quality Rollup”.
And also what about optional patches.
Thanks,
Vijay
Malicious Software Removal Tool seems to be delivered independently. Good question about optional patches. I don’t know the answer to that, but I would guess that they are kept optional and are not included in the monthly rollup. Does anyone know more about that?
And if you avoid Windows Update you can always download this ‘ Windows Malicious Software Removal Tool’ right from https://www.microsoft.com/en-us/safety/pc-security/malware-removal.aspx
My Windows 7 64 Bits slow searching/finding updates was solved doing this:
Set Windows Update service as Manual and STOPPED it;
Installed KB3138612-x64;
Restarted;
Installed KB3020369-x64;
Restarted;
Installed KB3172605;
Restarted;
Started Windows Update service;
Searched for Updates and in 5 minutes found them!
@ Windows 7 ……. Fyi, KB3172605 is the optional Convenience Update Rollup for July 2016 for Win 7 cptrs. This Rollup is very similar to the now-non-optional KB3185330 Patch Rollup for Oct 2016 for Win 7 cptrs. It is very likely that these Rollups contain the Win 10-style Telemetry updates(= NSA spyware.?) that were first introduced by M$ for Win 7/8.1 cptrs at around Nov 2015.
At around April 2016, Windows Update stopped working for Win 7/8.1 users who had hidden M$’s Telemetry updates n also for freshly-installed Win 7/8.1 cptrs, ie the Telemetry updates(= eg the KB3172605 Update Rollup) hv to be first installed b4 WU would work.
…….Those Win 7/8.1 users who continued to hide M$’s Telemetry updates had to manually install security updates, one-by-one, via M$ Download Center or Update Catalog during the monthly Patch Tuesday. With non-optional Oct 2016 Patch Rollup, the affected Win 7/8.1 users can no longer manually install s.u. one-by-one = hv to forego all security updates.
This is so confusing, I really don’t want to download anything to avoid W10 bs as much as I can. “October 2016 security monthly quality rollup for Windows 7” and “MS16-120: Security and Quality Rollup for the .NET Framework 3.5.1 for Windows 7”. Both rollups contain security and also non-security updates? I wonder the risks if I stop completely downloading any updates from now on and eventually just switch to Linux.
PHUCK Microsoft, it is NOT going to mess up my Win7 /64 Professional Network. I do NOT want to be on its CLOUD ever…
It is my Network, my EULA my Property Not Yours.. You can keep 8.0, 8.1 & 10… You screwed up and then you want business to Trust you again?
Not trusting you ever. cutting my RECOMMENDATIONS of Windows UPDATE OFF, since the last time I even allowed a partial download with me “supposedly authorizing ” when. Everytime Now when I try to cut off my computer now it tries to Download those (3) October 16 D/L’s you stuck on my machine and by passed my permission. Even though they bypassed my option for giving them, permission
No, I do NOT want Adobe Flash on my machine!
Not doing it.. I am thru with you..
I just made a fresh install of W7 x64 using WSUS offline. Then I launched WU just to see what happens, not even any “rollup” offered. Thanks.
KB3172605 breaks IE 11.
Is there a way to pass thought this update? it breaks IE for some application that use SHA-1