Patch Analysis for October 2016

Welcome to this October Patch Tuesday Bulletin. This month is an important month for two reasons. The first reason is that Microsoft will now be releasing a single security-only patch rollup. This means that individual patches will no longer be available. You can find a detailed announcement from Microsoft here. The second reason is this is an important month, there is a large quantity of exploited vulnerabilities that are being patched. There are 4 identified CVE's that are being exploited and 3 of them are remote code execution vulnerabilities. The CVE's include: CVE-2016-3298, CVE-2016-7189, CVE-2016-3393 and CVE-2016-7193. Carefully review the new patching procedures and make sure that the security-only updates are applied as soon as possible. This is the largest amount of patched 0 days in the last year.

October Patch Tuesday marks a significant change in how Microsoft will be releasing updates. Also, expect quarterly updates from Oracle and Adobe: Get an edge with Shavlik's Patch Tuesday Analysis

  • Prioritize updates from Microsoft and 3rd Party vendors
  • Identify vulnerabilities targeting users
  • Manage your virtual infrastructure with VMworld 2016 Security Gold Award winning Shavlik Protect
  • Flexible architecture to manage servers agentless and endpoints with Agents and Cloud Agents

Click here to get started with Shavlik Protect

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS16-120

3192884
Arbitrary code

/ Microsoft .NET Framework, Office, Skype for business, Lync
Workstations
Terminal Servers
Servers
No/YesNoCritical Vista
Office 2007
Word Viewer
Server 2008
Server 2008 R2
Windows 7
Office 2010
Silverlight 5
Lync 2010
Server 2012
Lync 2013
Server 2012 R2
Windows 8.1
Windows RT 8.1
.NET Framework 3.0 SP2
.NET Framework 4.5.2
Silverlight 5 Developer
Windows 10
.NET Framework 4.6
Skype for Business 2016
Multiple vulnerabilities, requires restartUpdate immediately
MS16-118

3192887
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/YesNoCritical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restartUpdate immediately
MS16-119

3192890
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/YesNoCritical Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS16-123

3192892
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-124

3193227
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-125

3193229
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Windows 10
May require restartUpdate after testing
MS16-121

3194063
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
Sharepoint Servers
No/YesNoImportant Office 2007
Office 2010
Office 2011 for MAC
Office Web Apps 2010
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2016 for Mac
Office 2016
Office Web Apps 2013
May require restartUpdate after testing
MS16-127

3194343
Arbitrary code

/ Adobe Flash Player
Workstations
Terminal Servers
No/NoYesCritical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate immediately
MS16-122

3195360
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoCritical Vista
Windows 7
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate immediately
MS16-126

3196067
Information disclosure

Workstations
Terminal Servers
Servers
No/YesNoModerate Vista
Server 2008
Server 2008 R2
Windows 7
Requires restartUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.