Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2016-08-09

MS16-095
Title Cummulative Security Update for Microsoft Internet Explorer
Replaces MS16-084, KB3163018, KB3163912, KB3170106, KB3172985
Affected Internet Explorer
KB KB3177356
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3288 1
2016-3289 1
2016-3290 1
2016-3293 1
2016-3321 1
2016-3322 1
2016-3326 2
2016-3327 2
2016-3329 3
MS16-096
Title Cumulative Security Update for Microsoft Edge
Replaces KB3163017, KB3163018
Affected Microsoft Edge
KB KB3177358
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3289 1
2016-3293 1
2016-3296 1
2016-3319 2
2016-3322 1
2016-3326 2
2016-3327 2
2016-3329 3
MS16-097
Title Remote Code Execution Vulnerability in Microsoft Graphics Component
Replaces MS14-036, MS15-097, KB316912, KB2957503, KB3087135, KB3172985
Affected Windows, Office, Skype for Business, Lync
KB KB3177393
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3301 1
2016-3303 1
2016-3304 1
MS16-098
Title Privilege Escalation Vulnerability in Kernel Mode Drivers
Replaces MS16-090, KB3163912, KB3168965, KB3172985
Affected Windows Kernel Mode Drivers
KB KB3178466
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3308 1
2016-3309 1
2016-3310 1
2016-3311 1
MS16-099
Title Remote Code Execution Vulnerability in Microsoft Office
Replaces MS15-099, MS15-116, MS16-004, MS16-015, MS16-088, MS16-088, KB2889915, KB3054978, KB3085560, KB3085620, KB3114553, KB3114742, KB3115311, KB3115315, KB3115317
Affected Office for Windows and Mac, Word Viewer
KB KB3177451
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3313 2
2016-3315 3
2016-3316 1
2016-3317 1
2016-3318 1
MS16-100
Title Secure Boot Bypass
Replaces
Affected Secure Boot
KB KB3179577
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3320 2
MS16-101
Title Privilege Escalation Vulnerability in Microsoft Windows
Replaces MS15-071, MS15-122, MS16-007, KB3068457, KB3101246, KB3121918, KB3163912, KB3172985
Affected Microsoft Windows
KB KB3178465
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3237 2
2016-3300 2
MS16-102
Title Remote Code Execution Vulnerability in Microsoft's PDF Library
Replaces KB3163912, KB3172985
Affected PDF Library
KB KB3182248
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3319 2
MS16-103
Title Information Disclosure Vulnerability in ActiveSyncProvider
Replaces KB3163912, KB3172985
Affected Universal Outlook
KB KB3182332
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Less urgent
CVE Exploitability
2016-3312 3
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.