Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2016-07-12

MS16-084
Title Cumulative Security Update for Internet Explorer
Replaces MS16-063, KB3160005, KB3163017, KB3163018
Affected Internet Explorer
KB KB3169991
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3204 1
2016-3240 1
2016-3241 1
2016-3242 1
2016-3243 1
2016-3245 3
2016-3248 1
2016-3259 1
2016-3260 1
2016-3261 2
2016-3273 3
2016-3274 2
2016-3276 2
2016-3277 1
MS16-085
Title Cumulative Security Update for Microsoft Edge
Replaces KB3163017, KB3163017
Affected Microsoft Edge
KB KB3169999
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3244 2
2016-3246 1
2016-3248 2
2016-3259 1
2016-3260 1
2016-3264 1
2016-3265 1
2016-3269 1
2016-3271 2
2016-3273 3
2016-3274 2
2016-3276 2
2016-3277 1
MS16-086
Title Cumulative Security Update for Script and VBScript
Replaces MS16-069, KB3158363, KB3158364
Affected JScript/VBScript Scripting Engine
KB KB3169996
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3204 1
MS16-087
Title Security Update for Microsoft Print Spooler
Replaces MS12-054, MS13-050, KB2712808, KB2839894, KB3163017, KB3163018
Affected Print Spooler
KB KB3170005
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3238 2
2016-3239 2
MS16-088
Title Security Update for Microsoft Office
Replaces MS16-004, MS16-029, MS16-029, MS16-042, MS16-070, KB3114396, KB3114482, KB3114569, KB3114829, KB3114883, KB3114947, KB3114998, KB3115107, KB3115130, KB3115173, KB3115187, KB3115195, KB3115198, KB3115243
Affected Office
KB KB3170008
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3278 3
2016-3279 2
2016-3280 2
2016-3281 1
2016-3282 2
2016-3283 1
2016-3284 2
MS16-089
Title Security Update for Windows Secure Kernel Mode
Replaces KB3163017, KB3163018
Affected Windows Kernel
KB KB3170050
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3256 2
MS16-090
Title Security Update for Windows Kernel-Mode Drivers
Replaces MS16-073, KB3156387, KB3156421, KB3161664
Affected Kernel-Mode Drivers
KB KB3171481
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3249 1
2016-3250 3
2016-3251 2
2016-3252 1
2016-3254 1
2016-3286 1
MS16-091
Title Security Update for .NET Framework
Replaces
Affected .NET Framework
KB KB3170048
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3255 2
MS16-092
Title Security Update for Windows Kernel
Replaces MS16-060, KB3153171, KB3163017, KB3163018
Affected Kernel
KB KB3171910
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3258 2
2016-3272 2
MS16-093
Title Security Update for Adobe Flash Player
Replaces
Affected Adobe Flash Player
KB KB3174060
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3287 1
MS16-094
Title Security Update for Secure Boot
Replaces KB3163017, KB3163018
Affected Secure Boot
KB KB3177404
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3287 1
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.