September, 2016: Patch Tuesday: Stepping it up

Welcome to this September Patch Tuesday Bulletin. This month is stepping it up a notch from August with 14 bulletins total, 7 critical arbitrary code execution and 7 important. There was one vulnerability that is known to be exploited in the wild this month and it results in information disclosure. Start the month, as usual, with Internet Explorer and Edge by applying MS16-104 and MS16-105. Adobe Flash is a popular target so be sure to apply MS16-117 to update flash player installed on Windows. Follow up with MS16-107 and MS16-108 since these two bulletins address critical code execution vulnerabilities in Microsoft Office and Exchange which are present in almost every organization. Apply the remaining critical bulletins that include MS16-106 and MS16-116. MS16-109 remediates a vulnerability in Silverlight and could be exploited by visiting a malicious website. MS16-114 fixes an important vulnerability that could allow code execution if malicious network traffic was directed at a vulnerable SMBv1 server. MS16-110 and MS16-111 are both important rated bulletins that require local access to exploit. MS16-112 is an interesting bulletin. If malicious web content is loaded from a lock screen then an attacker could potentially elevate their privileges. Finally, apply MS16-113 and MS16-115 to remediate two information disclosure vulnerabilities.

You can’t remediate the most vulnerable point on your network; your users, but you can patch the vulnerabilities commonly used to exploit them to gain a foothold in your environment: Get an edge with Shavlik's Patch Tuesday Analysis

  • Prioritize updates from Microsoft and 3rd Party vendors
  • Identify vulnerabilities targeting users
  • Manage your virtual infrastructure with VMworld 2016 Security Gold Award winning Shavlik Protect
  • Flexible architecture to manage servers agentless and endpoints with Agents and Cloud Agents

Click here to get started with Shavlik Protect


BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS16-110

3178467
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-112

3178469
Privilege elevation

/ Microsoft Windows
Workstations
Servers
No/NoNoImportant Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate after testing
MS16-109

3182373
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Silverlight 5
Silverlight 5 Developer
Does not require restartUpdate after testing
MS16-104

3183038
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/YesNoCritical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restartUpdate immediately
MS16-105

3183043
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoCritical Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS16-106

3185848
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate immediately
MS16-107

3185852
Arbitrary code

/ Microsoft Office, Office Services, Office Web Apps
Workstations
Terminal Servers
Sharepoint Servers
No/NoNoCritical Office 2007
SharePoint Server 2007
Office 2010
Office 2011 for MAC
Office Web Apps 2010
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2016 for Mac
Office 2016
Office Web Apps 2013
Multiple vulnerabilities, may require restartUpdate immediately
MS16-113

3185876
Information disclosure

/ Microsoft Windows
Workstations
No/NoNoImportant Windows 10
Requires restartUpdate after testing
MS16-114

3185879
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate after testing
MS16-108

3185883
Arbitrary code

/ Microsoft Exchange
Exchange Servers
No/NoNoCritical Exchange 2007
Exchange 2010
Exchange 2013
Exchange 2016
Multiple vulnerabilities, may require restartUpdate immediately
MS16-111

3186973
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-117

3188128
Arbitrary code

/ Adobe Flash Player
Workstations
Terminal Servers
Servers
No/NoYesCritical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate immediately
MS16-116

3188724
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate immediately
MS16-115

3188733
Information disclosure

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, may require restartUpdate after testing
Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.