Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2016-09-13

MS16-104
Title Cumulative Security Update for Internet Explorer
Replaces KB3183038
Affected Internet Explorer
KB KB3183038
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3247 3
2016-3291 3
2016-3292 1
2016-3295 1
2016-3297 1
2016-3324 1
2016-3325 1
2016-3351 1
2016-3353 1
2016-3375 1
MS16-105
Title Cumulative Security Update for Microsoft Edge
Replaces KB3176492, KB3176493, KB3176495
Affected Edge Browser
KB KB3183043
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3247 3
2016-3291 3
2016-3294 2
2016-3295 2
2016-3297 1
2016-3325 1
2016-3330 1
2016-3350 1
2016-3351 0
2016-3370 2
2016-3374 2
2016-3377 1
MS16-106
Title Security Update for Microsoft Graphics Component
Replaces KB3087135, KB3176492, KB3176493, KB3176495, KB3177725, KB3177725
Affected Graphics Kernel Drivers
KB KB3185848
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3348 1
2016-3349 1
2016-3354 2
2016-3355 2
2016-3356 2
MS16-107
Title Security Update for Microsoft Office
Replaces KB2596843, KB3054840, KB3114429, KB3114869, KB3114893, KB3114981, KB3115114, KB3115118, KB3115262, KB3115272, KB3115306, KB3115308, KB3115322, KB3115415, KB3115427, KB3115452, KB3115474, KB3115479, KB3179162, KB3179163
Affected Office
KB KB3185852
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-0137 1
2016-0141 2
2016-3357 2
2016-3358 2
2016-3359 2
2016-3360 2
2016-3361 2
2016-3362 2
2016-3363 2
2016-3364 2
2016-3365 2
2016-3366 3
2016-3381 2
MS16-108
Title Security Update for Microsoft Exchange Server
Replaces KB3150501, KB3151086, KB3151097
Affected Exchange, Oracle Outside-in Libraries
KB KB3185883
Known Exploits No
Microsoft Rating Critical
ISC Client Rating N/A
ISC Server Rating Patch now
CVE Exploitability
2016-0138 2
2016-3378 2
2016-3379 2
MS16-109
Title Security Update for Silverlight
Replaces MS16-006
Affected Silverlight
KB KB3182373
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3367 3
MS16-110
Title Security Update for Microsoft Windows
Replaces MS13-032, MS16-081, MS16-101
Affected Windows
KB KB3178467
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-3346 2
2016-3352 2
2016-3368 2
2016-3369 2
MS16-111
Title Security Update for Windows Secure Kernel Mode
Replaces KB2644615, KB3153171, KB3167679, KB3170377, KB3176492, KB3176493, KB3176495
Affected Windows Kernel
KB KB3186973
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3305 2
2016-3306 2
2016-3371 2
2016-3372 2
2016-3373 2
MS16-112
Title Security Update for Windows Lock Screen
Replaces KB3176492, KB3176493, KB3176495
Affected Windows Lock Screen
KB KB3178469
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-0302 2
MS16-113
Title Security Update for Windows Secure Kernel Mode
Replaces KB3176492, KB3176493
Affected Windows
KB KB3185876
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3344 2
MS16-114
Title Security Update for Windows SMBv1 Server
Replaces KB3073921, KB3176492, KB3176493, KB3176495
Affected Windows SMB Server 1.0
KB KB3185879
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3345 2
MS16-115
Title Security Update for Microsoft Windows PDF Library
Replaces KB3175887, KB3176492, KB3176493, KB3176495
Affected PDF Library
KB KB3188733
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2016-3370 2
2016-3374 2
MS16-116
Title Security Update in OLE Automation for VBScript Scripting Engine
Replaces KB3006226, KB3176492, KB3176493, KB3176495
Affected VBScript, OLE
KB KB3188724
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Important
CVE Exploitability
2016-3375 1
MS16-117
Title Security Update for Adobe Flash Player
Replaces KB3174060
Affected Flash Player
KB KB3188128
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2016-0271 2
2016-0272 2
2016-0274 2
2016-0275 2
2016-0276 2
2016-0277 2
2016-0278 2
2016-0279 2
2016-0280 2
2016-0281 2
2016-0282 2
2016-0283 2
2016-0284 2
2016-0285 2
2016-0287 2
2016-0921 2
2016-0922 2
2016-0923 2
2016-0924 2
2016-0925 2
2016-0926 2
2016-0927 2
2016-0929 2
2016-0930 2
2016-0931 2
2016-0932 2
2016-4271 1
2016-4272 1
2016-4274 1
2016-4275 1
2016-4276 1
2016-4277 1
2016-4278 1
2016-4279 1
2016-4280 1
2016-4281 1
2016-4282 1
2016-4283 1
2016-4284 1
2016-4285 1
2016-4287 1
2016-6921 1
2016-6922 1
2016-6923 1
2016-6924 1
2016-6925 1
2016-6926 1
2016-6927 1
2016-6929 1
2016-6930 1
2016-6931 1
2016-6932 1
2016-40271 2
2016-40272 2
2016-40274 2
2016-40275 2
2016-40276 2
2016-40277 2
2016-40278 2
2016-40279 2
2016-40280 2
2016-40281 2
2016-40282 2
2016-40283 2
2016-40284 2
2016-40285 2
2016-40287 2
2016-60921 2
2016-60922 2
2016-60923 2
2016-60924 2
2016-60925 2
2016-60926 2
2016-60927 2
2016-60929 2
2016-60930 2
2016-60931 2
2016-60932 2
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.