Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2016-04-12

MS16-037
Title Cumulative Security Update for Internet Explorer
Replaces KB3139929, KB3140745, KB3140768
Affected Microsoft Windows, Internet Explorer
KB KB3148531
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0154 1
2016-0159 1
2016-0160 2
2016-0162 1
2016-0164 1
2016-0166 1
MS16-038
Title Cumulative Security Update for Microsoft Edge
Replaces KB3140745, KB3140768
Affected Microsoft Windows, Microsoft Edge
KB KB3148532
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0154 1
2016-0155 1
2016-0156 1
2016-0157 1
2016-0158 1
2016-0161 3
MS16-039
Title Security Update for Microsoft Graphics Component
Replaces KB3085612, KB3085616, KB3114351, KB3114372, KB3114478, KB3115871, KB3115872, KB3115873, KB3115875, KB3135987, KB3135988, KB3135989, KB3135991, KB3139852
Affected Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync
KB KB3148522
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2016-0143 1
2016-0145 1
2016-0165 0
2016-0167 0
MS16-040
Title Security Update for Microsoft XML Core Services
Replaces KB2993958, KB3046482, KB3140768
Affected Microsoft Windows
KB KB3148541
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0147 2
MS16-041
Title Security Update for .NET Framework
Replaces KB3139929, KB3140745, KB3140768
Affected Microsoft Windows, Microsoft .NET Framework
KB KB3148789
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0148 2
MS16-042
Title Security Update for Microsoft Office
Replaces KB3114401, KB3114432, KB3114548, KB3114698, KB3114734, KB3114734, KB3114741, KB3114745, KB3114759, KB3114812, KB3114814, KB3114821, KB3114824, KB3114824, KB3114866, KB3114873, KB3114878, KB3114880, KB3114901, KB3138327, KB3138328
Affected Microsoft Office, Microsoft Office Services and Web Apps
KB KB3148775
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-0122 1
2016-0127 2
2016-0136 1
2016-0139 1
MS16-044
Title Security Update for Windows OLE
Replaces KB3072633, KB3140410
Affected Microsoft Windows
KB KB3146706
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-0153 1
MS16-045
Title Security Update for Windows Hyper-V
Replaces KB3087088, KB3140745
Affected Microsoft Windows
KB KB3143118
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating Important
CVE Exploitability
2016-0088 3
2016-0089 3
2016-0090 3
MS16-046
Title Security Update for Secondary Logon
Replaces KB3140745, KB3140768
Affected Microsoft Windows
KB KB3148538
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0135 2
MS16-047
Title Security Update for SAM and LSAD Remote Protocols
Replaces KB3050514, KB3050514, KB3072595, KB3101246, KB3101246, KB3121918, KB3121918, KB3140745, KB3140768
Affected Microsoft Windows
KB KB3148527
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0128 3
MS16-048
Title Security Update for CSRSS
Replaces KB3023266, KB3121212, KB3140745, KB3140768
Affected Microsoft Windows
KB KB3148528
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0151 2
MS16-049
Title Security Update for HTTP.sys
Replaces KB3140745, KB3140768
Affected Microsoft Windows
KB KB3148795
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating Important
CVE Exploitability
2016-0150 3
MS16-050
Title Security Update for Adobe Flash Player
Replaces KB3144756
Affected Microsoft Windows, Adobe Flash Player
KB KB3154132
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.