Home > Microsoft Security > Microsoft Security Bulletin June 2016

Microsoft Security Bulletin June 2016

Contents

Critical Remote Code Execution Requires restart --------- Microsoft Windows,Microsoft Edge MS16-053 Cumulative Security Update for JScript and VBScript (3156764)This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2017 Microsoft © 2017 Microsoft this contact form

Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Important Remote Code Execution Requires restart --------- Microsoft Windows MS16-046 Security Update for Secondary Logon (3148538) This security update resolves a vulnerability in Microsoft Windows. V1.1 (May 11, 2016): Bulletin Summary revised to change the vulnerability impact of MS16-061 from elevation of privilege to remote code execution, and the title of CVE 2016-0178 to RPC Network This is an informational change only. https://technet.microsoft.com/en-us/security/bulletins.aspx

Microsoft Security Bulletin June 2016

Important Remote Code Execution Requires restart --------- Microsoft Windows MS16-026 Security Update for Graphic Fonts to Address Remote Code Execution (3143148) This security update resolves vulnerabilities in Microsoft Windows. Page generated 2016-07-29 15:08-07:00. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. V2.1 (March 10, 2016): Added a Known Issues reference to the Executive Summaries table for MS16-035.

The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains V1.2 (May 11, 2016): Added a Known Issues reference to the Executive Summaries table for MS16-044. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Microsoft Security Bulletin August 2016 Use these tables to learn about the security updates that you may need to install.

The vulnerabilities are listed in order of bulletin ID then CVE ID. Microsoft Patch Tuesday June 2016 You should review each software program or component listed to see whether any security updates pertain to your installation. Security Bulletins Security Bulletin Summaries Security Advisories Microsoft Vulnerability Research Advisories Acknowledgments Glossary For more information about the MSRC, see Microsoft Security Response Center. https://technet.microsoft.com/en-us/library/security/ms16-jan.aspx Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2017 Microsoft © 2017 Microsoft

To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. Microsoft Security Patches Bulletin ID Bulletin Title and Executive Summary Maximum Severity Ratingand Vulnerability Impact Restart Requirement KnownIssues Affected Software MS16-037 Cumulative Security Update for Internet Explorer (3148531)This security update resolves vulnerabilities in Internet Explorer. For details on affected software, see the next section, Affected Software. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

Microsoft Patch Tuesday June 2016

This bulletin spans more than one software category. https://technet.microsoft.com/en-us/library/security/mt637763.aspx Revisions V1.0 (May 10, 2016): Bulletin Summary published. Microsoft Security Bulletin June 2016 Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2017 Microsoft © 2017 Microsoft

To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. http://juicecoms.com/microsoft-security/subscribe-to-microsoft-security-bulletin.html An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates and common security misconfigurations. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the Microsoft Patch Tuesday August 2016

Important Security Feature Bypass Requires restart 3146723 Microsoft Windows MS16-049 Security Update for HTTP.sys (3148795)This security update resolves a vulnerability in Microsoft Windows. Executive Summaries The following table summarizes the security bulletins for this month in order of severity. Bulletin ID Bulletin Title and Executive Summary Maximum Severity Ratingand Vulnerability Impact Restart Requirement KnownIssues Affected Software MS16-023 Cumulative Security Update for Internet Explorer (3142015)This security update resolves vulnerabilities in Internet Explorer. http://juicecoms.com/microsoft-security/microsoft-security-bulletin-march-2016.html The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

Critical Remote Code Execution Requires restart --------- Microsoft Windows,Adobe Flash Player MS16-094 Security Update for Secure Boot (3177404)This security update resolves a vulnerability in Microsoft Windows. Microsoft Security Bulletin July 2016 BulletinSearch.xlsx contains bulletin information from November 2008 to the present. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system.

The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input.

Date                           Bulletin number Title                             Affected Software                      December 2016 December 13, 2016 MS16-155 Security Update for .NET Framework (3205640) Microsoft Windows December 13, 2016 MS16-154 Security Update for Adobe Flash Player (3209498) Microsoft Windows You can find them most easily by doing a keyword search for "security update". The vulnerabilities are listed in order of bulletin ID then CVE ID. Microsoft Security Bulletin October 2016 Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to

To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners listed in Microsoft Active Protections Program (MAPP) Partners. Important Spoofing May require restart --------- Microsoft Exchange Server Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. Important Denial of Service Requires restart --------- Microsoft Windows MS16-050 Security Update for Adobe Flash Player (3154132) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions his comment is here Support The affected software listed has been tested to determine which versions are affected.

How do I use this table? Microsoft Security Bulletin Summary for January 2016 Published: January 12, 2016 | Updated: February 19, 2016 Version: 1.3 On this page Executive Summaries Exploitability Index Affected Software Detection and Deployment Tools Note You may have to install several security updates for a single vulnerability. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

The content you requested has been removed. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. For more information, see Microsoft Knowledge Base Article 3138327 and Microsoft Knowledge Base Article 3138328.