MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

patch tuesday aliens

Microsoft have released 12 new Patch Tuesday releases for deployment this month of December.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-144 – Critical

Cumulative Security Update for Internet Explorer (3204059)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-145 – Critical

Cumulative Security Update for Microsoft Edge (3204062)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-146 – Critical

Security Update for Microsoft Graphics Component (3204066)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-147 – Critical

Security Update for Microsoft Uniscribe (3204063)
This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-148 – Critical

Security Update for Microsoft Office (3204068)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-149 – Important

Security Update for Microsoft Windows (3205655)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

MS16-150 – Important

Security Update for Secure Kernel Mode (3205642)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

MS16-151 – Important

Security Update for Windows Kernel-Mode Drivers (3205651)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-152 – Important

Security Update for Windows Kernel (3199709)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

MS16-153 – Important

Security Update for Common Log File System Driver (3207328)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

MS16-154 – Critical

Security Update for Adobe Flash Player (3209498)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-155 – Important

Security Update for .NET Framework (3205640)
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.


Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

Upgrade SCCM 1610 – A Comprehensive Guide

Upgrade SCCM 1610 – A Comprehensive Guide

How to upgrade SCCM 1610​

SCCM 1610

Microsoft has recently released SCCM 1610, the much-awaited upgrade to their System Center Configuration Manager. This upgrade includes new features and enhancements in Office 365 management, application management, Windows 10, client management, end-user experience, and new functionality for customers using Intune with SCCM. In this article, we will discuss how to upgrade to SCCM 1610 and its new features and enhancements.

A quick overview of these enhancements are;

  • Windows 10 Upgrade Analytics integration allows you to assess and analyze device readiness and compatibility with Windows 10 to allow smoother upgrades.
  • Office 365 Servicing Dashboard and app deployment to clients features help you to deploy Office 365 apps to clients as well as track Office 365 usage and update deployments.
  • Software Updates Compliance Dashboard allows you to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.
  • Cloud Management Gateway provides a simpler way to manage Configuration Manager clients on the Internet. You can use the ConfigMgr console to deploy the service in Microsoft Azure and configure the supported roles to allow cloud management gateway traffic.
  • Client Peer Cache is a new built-in solution in Configuration Manager that allows clients to share content with other clients directly from their local cache with monitoring and troubleshooting capabilities.
  • Enhancements in Software Center including customizable branding in more dialogs, notifications of new software, improvements to the notification experience for high-impact task sequence deployments, and ability for users to request applications and view request history directly in Software Center.
  • New remote control features including performance optimization for remote control sessions and keyboard translation.

and if you use SCCM with Microsoft’s Intune you get the following new features;

  • New configuration item settings and improvements now only show settings that apply to the selected platform. We also added lots of new settings for Android (23), iOS (4), Mac (4), Windows 10 desktop and mobile (37), Windows 10 Team (7), Windows 8.1 (11), and Windows Phone 8.1 (3).
  • Lookout integration allows to check device’s compliance status based on its compliance with Lookout rules.
  • Request a sync from the admin console improvement allows you to request a policy sync on an enrolled mobile device from the Configuration Manager console.
  • Support for paid apps in Windows Store for Business allows you to add and deploy online-licensed paid apps in addition to the free apps in Windows Store for Business.

SCCM 1610 FAQs

Question Answer

What is SCCM 1610?

SCCM 1610 is the upgrade to Microsoft’s System Centre Configuration Manager.

What new features are included in SCCM 1610?

SCCM 1610 includes new features and enhancements in Office 365 management, Windows 10, application management, client management, end user experience, and new functionality for customers using Intune with SCCM.

What is Windows 10 Upgrade Analytics integration?

Windows 10 Upgrade Analytics integration allows you to assess and analyze device readiness and compatibility with Windows 10 to allow smoother upgrades.

What is the Office 365 Servicing Dashboard?

The Office 365 Servicing Dashboard is a feature that helps you to deploy Office 365 apps to clients as well as track Office 365 usage and update deployments.

What is the Software Updates Compliance Dashboard?

The Software Updates Compliance Dashboard allows you to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.

What is the Cloud Management Gateway?

The Cloud Management Gateway provides a simpler way to manage Configuration Manager clients on the Internet. You can use the ConfigMgr console to deploy the service in Microsoft Azure and configure the supported roles to allow cloud management gateway traffic.

What is Client Peer Cache?

Client Peer Cache is a new built-in solution in Configuration Manager that allows clients to share content with other clients directly from their local cache with monitoring and troubleshooting capabilities.

What are the enhancements in Software Center?

The enhancements in Software Center include customizable branding in more dialogs, notifications of new software, improvements to the notification experience for high-impact task sequence deployments, and ability for users to request applications and view request history directly in Software Center.

What are the new remote control features?

The new remote control features include performance optimization for remote control sessions and keyboard translation.

What new features are available if you use SCCM with Microsoft’s Intune?

If you use SCCM with Microsoft’s Intune, you get new configuration item settings and improvements, Lookout integration, Request a sync from the admin console improvement, and support for paid apps in Windows Store for Business.

How do you upgrade to SCCM 1610?

To upgrade to SCCM 1610, you need to follow several steps, including checking to see if SCCM 1610 has downloaded, enabling the Fast Ring, forcing a check for the update, and downloading and installing the SCCM 1610 update.

Upgrade to SCCM 1610

Now to upgrade your SCCM to version 1610, follow the following steps;


Check to see if SCCM 1610 has downloaded.

Open your SCCM console, and go to Administration, expand Cloud Services, then Updates and Servicing.

no sccm 1610

As in the picture above, you can see that the update to SCCM 1610 has not downloaded as yet. You can choose to right click and check for updates, but as Microsoft are slowly rolling out this update over the next few weeks it may not download. If you cannot wait for it to download itself, you can force the update to do so by running the following Powershell script located here https://gallery.technet.microsoft.com/ConfigMgr-1610-Enable-046cc0e9


Download SCCM 1610 Fast Ring

If you have waited quite sometime and SCCM 1610 hasn’t downloaded, then you need to download the EnableFastRing.Exe to do this for you. Once downloaded. launch the file and extract the powershell script and follow these steps.

SCCM 1610 Fast Ring

  • Launch an elevated command prompt
  • Run PowerShell
  • Run the EnableFastUpdateRing1610.ps1 script
    • EnableFastUpdateRing1610.ps1 where SiteServer refers to the CAS or standalone primary site server
  • Force a check for the update.
    • If you are upgrading from version 1602 or higher go to Administration, Overview, Cloud Services, Updates and Servicing and click “Check for Updates”.  You may need to try “Check for Updates” more than once if the package is not downloaded on the first try.
    • If you are upgrading from version 1511, restart the SMS_Executive.
  • The new 1610 Update should now be available in the Configuration Manager Console.

Download SCCM 1610 update

Now that Fastring has been enabled, go back to your SCCM console and right click the Updates and Servicing node and click check for updates.

sccm-1606-check-for-updates

Give SCCM sometime to start the download of SCCM 1610. Refresh the console to see the status and then proceed to install when downloaded.

sccm 1610 downloading


 SCCM 1610 Downloaded

Now hopefully your SCCM 1610 update has downloaded and is now available in your console.

sccm 1610 downloaded

Select the Configuration Manager 1610 update, right click and choose Run prerequisite check.

sccm 1610 prerequisite check

SCCM will now check your environment is ready for the upgrade to SCCM 1610.

sccm 1610 prerequisite checks

Let SCCM complete the check, refresh the console to see when it has completed.

 sccm 1610 prerequisite check complete


SCCM 1610 Update Installation

Now that the prerequisites have been checked and passed, you can now start to install the upgrade to SCCM 1610. Right click the update and choose Install Update Pack.

sccm 1610 install update pack


SCCM 1610 Update Installation – General Tab

The General Tab starts off the installation of the SCCM 1610 update. Click Next when you are ready to install.

sccm 1610 update 1


SCCM 1610 Update Installation – Features Tab

On the Features tab, you can select which options you wish to install. Click Next when ready to proceed.

sccm 1610 update 2


SCCM 1610 Update Installation – Client Update Options Tab

Next is the Client update options Tab, you can choose on this tab to upgrade without validating or validate the upgrade in a pre-production collection. As this is one of our lab environments, I have chosen to upgrade without validating. If this is your production environment, it always pays to be mindful of any upgrades, SCCM included so it may be worth you choosing the other option and validating the upgrade against a test collection.

Choose the option you wish and click Next.

sccm 1610 update 3


SCCM 1610 Update Installation – Licensing Terms Tab

Accept the license terms and privacy statement and click Next.

sccm 1610 update 4


SCCM 1610 Update Installation – Summary Tab

On the Summary Tab, confirm the options you have chosen are correct and then click on Next to continue.

sccm 1610 update 5


SCCM 1610 Update Installation – Progress Tab

The update to SCCM 1610 will now install.

sccm 1610 update 6


SCCM 1610 Update Installation – Completion Tab

Hopefully all went with your installation of SCCM 1610 and you should see a screen similar to the one below. Click now on Close and SCCM will continue updating in the background.

sccm 1610 update 7


SCCM 1610 Update Installation – Update Log

To view the installation logs, go to your C Drive of your SCCM server and locate the ConfigMgrSetup.log. If you have Trace32 installed, double click the log file to see the installation status.

sccm 1610 update log

Refreshing the console shows that the SCCM 1610 update is installing. Depending on your infrastructure, this could take some time.

sccm 1610 update 8


Monitor the SCCM 1610 upgrade – Installation Status

You can additionally monitor the status of the installation of SCCM 1610 in your console. Go to the Monitoring tab, then Updates and Servicing Status where you can see the updates you have applied. Highlight the Configuration Manager 1610 update and right click and chose show status.

sccm 1610 update 9

sccm 1610 update 10

Also, the cmupdate.log contains more details of the installation progress.

sccm 1610 update 11


You should see after quite sometime that your SCCM version is now showing as version SCCM 1610

sccm 1610 installed

You can finally go and party like its 1999. Dont forget since you are here, to check out our many software products that help make an Administrators life easy.

sccm 1610 finally upgraded

MICROSOFT’S November 2016 PATCH RELEASES

MICROSOFT’S November 2016 PATCH RELEASES

MICROSOFT’S November 2016 PATCH RELEASES

Make Patching Great Again

Microsoft have released 14 new Patch Tuesday releases for deployment this month of November.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-129 – Critical

Cumulative Security Update for Microsoft Edge (3199057)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-130 – Critical

Security Update for Microsoft Windows (3199172)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

MS16-131 – Critical

Security Update for Microsoft Video Control (3199151)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

MS16-132 – Critical

Security Update for Microsoft Graphics Component (3199120)
This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-133 – Important

Security Update for Microsoft Office (3199168)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-134 – Important

Security Update for Common Log File System Driver (3193706)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.

MS16-135 – Important

Security Update for Windows Kernel-Mode Drivers (3199135)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-136 – Important

Security Update for SQL Server (3199641)
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

MS16-137 – Important

Security Update for Windows Authentication Methods (3199173)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.

MS16-138 – Important

Security Update to Microsoft Virtual Hard Disk Driver (3199647)
This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

MS16-139 – Important

Security Update for Windows Kernel (3199720)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.

MS16-140 – Important

Security Update for Boot Manager (3193479)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.

MS16-141 – Critical

Security Update for Adobe Flash Player (3202790)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-142 – Critical

Cumulative Security Update for Internet Explorer (3198467)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

Configuration Manager 1606 Hotfix KB3180992

Configuration Manager 1606 Hotfix KB3180992

Configuration Manager 1606 Hotfix KB3180992

If you’re using System Center Configuration Manager (SCCM) and haven’t updated to build 5.00.8412.1204 yet, it’s time to do so. Microsoft has released a hotfix KB3180992 to fix various issues with SCCM. In this article, we’ll guide you through the installation process and explain how to fix the known issues that this hotfix addresses.

What’s New in SCCM 1606 Hotfix KB3180992

This hotfix addresses several known issues with SCCM, including:

  • An exception error that occurs when selecting the “Update all clients in the hierarchy using production client” option on the Client Upgrade tab of Hierarchy Settings Properties.
  • Software update installation freezing on SCCM clients.
  • Inaccurate client counts on the Production and Preproduction Client Deployment dashboards.
  • Incorrectly showing a state of Compliant on the Device Compliance section of the Software Center application.
  • Incorrectly showing an error state that indicates the role is not available on the Service Connection Point after upgrading to version 1606.
  • The SMS Agent Host process consuming excessive CPU resources on Pull Distribution Points after updating to version 1606.
  • The ccmexec.exe process stopping responding when distributing a software update package containing many updates to a Pull Distribution Point.

SCCM 1606 Hotfix FAQ

Question Answer

What is System Centre Configuration Manager?

System Centre Configuration Manager (SCCM) is a software management tool that allows administrators to manage large numbers of computers and devices from a single location.

What is Configuration Manager 1606 Hotfix KB3180992?

Configuration Manager 1606 Hotfix KB3180992 is an update for SCCM that fixes various issues identified with SCCM, including a freeze during software update installation and inaccurate client counts.

How do I install Configuration Manager 1606 Hotfix KB3180992?

To install this update, go to Administration, then expand Cloud Services and highlight Updates and Servicing. In the main console window, you should see the SCCM 1606 Hotfix has downloaded and is available for deployment. Highlight the update (KB3180992), right-click, then run the prerequisite pack. This will now check that your SCCM meets the prerequisites for this update. Once the prerequisite check has completed, highlight the update once again, right-click, and choose Install Update Pack.

What should I do if the Service Connection Point incorrectly shows an error state after upgrading to version 1606?

If the Service Connection Point is already showing an error state after upgrading to version 1606, you need to change the Availability State registry value from 1 to 4 under HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-SMS-Operations Management-SMS Server Role-SMS Dmp Connector, then restart the SMS Executive service on the site server.

How do I validate the client update on my preproduction SCCM members?

On the Client Update Options Tab of the Configuration Manager Updates Wizard, you have the chance to validate the client update on your preproduction SCCM members. Simply select the checkbox next to “Validate in pre-production collection” and choose the pre-production collection to use for validation.

How long does it take to install SCCM 1606 Update 1?

Installation of SCCM 1606 Update 1 may take some time, as it installs in the background. Keep refreshing the window to see when KB3180992 shows a status of installed.

How to upgrade SCCM


To install this update, go to Administration, then expand Cloud Services and highlight Updates and Servicing.

SCCM 1606 Update 1


In the main console Window, you should now see the SCCM 1606 Hotfix has downloaded and is available for deployment.

SCCM 1606 Update 1 - 2


Highlight the update (KB3180992), Right Click then Run Prerequisite Pack. This will now check that your SCCM meets the prerequisites for this update.

SCCM 1606 Update 1 - 3

This may take some time, so be patient and be sure to refresh the console to make sure the prerequisite check has been successful.

SCCM 1606 Update 1 - 4


Now that the prerequisite check has completed, highlight the update once again, right click and choose Install Update Pack

SCCM 1606 Update 1 - 5


Next you are presented with the Configuration Manager Updates Wizard. Click on Next to start the installation.

SCCM 1606 Update 1 - 6


On the Client Update Options Tab, you have the chance to validate the client update on your preproduction SCCM members. In this example, I am upgrading without validation.

SCCM 1606 Update 1 - 7

Click Next to continue.


Accept the License Terms and click Next.

SCCM 1606 Update 1 - 8


Review you are happy with the options you have selected on the Summary Tab, then click Next.

SCCM 1606 Update 1 - 9


Installation of the SCCM 1606 Update 1 will now occur. If all goes well, you should see the Completion Window as below. SCCM will install this in the background, so it may take some time. Keep refreshing the Window, to see when KB3180992 shows a status of installed.

SCCM 1606 Update 1 - 10

MICROSOFT’S October 2016 PATCH RELEASES

MICROSOFT’S October 2016 PATCH RELEASES

MICROSOFT’S October 2016 PATCH RELEASES

PatchTuesday

Microsoft have released 10 new Patch Tuesday releases for deployment this month. Are you ready to remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-118 – Critical

Cumulative Security Update for Internet Explorer (3192887)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-119 – Critical

Cumulative Security Update for Microsoft Edge (3192890)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-120 – Critical

Security Update for Microsoft Graphics Component (3192884)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-121 – Critical

Security Update for Microsoft Office (3194063)
This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

MS16-122 – Critical

Security Update for Microsoft Video Control (3195360)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

MS16-123 – Important

Security Update for Windows Kernel-Mode Drivers (3192892)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-124 – Important

Security Update for Windows Registry (3193227)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information.

MS16-125Important

Security Update for Diagnostics Hub (3193229)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-126 – Moderate

Security Update for Microsoft Internet Messaging API (3196067)
This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

MS16-127 Critical

Security Update for Adobe Flash Player (3194343)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud.

MICROSOFT’S September 2016 PATCH RELEASES

MICROSOFT’S September 2016 PATCH RELEASES

MICROSOFT’S September 2016 PATCH RELEASES

Patch Tuesday BandAids

Well after a horrible last month for patches causing issues (KB3176934 breaks Windows 10 Powershell , KB3179575 causing authentication issues with Windows 2012 servers, and KB3177725 & KB3176493 causing printing issues), we are all hoping that this month’s release doesnt cause any problems. If you want to avoid issues with patch deployment, and to facilitate a quick roll back should any windows update causes an issue, remove the patching risk using SnaPatch Patch Management Software. (Also, since you are here, check out the other software we offer)

There are quite a few more than the average Patch Tuesday release. In fact, 14 new Patch Tuesday updates / patches have been released by Microsoft for the August 2016 Update deployment.

MS16-104 – Critical

Cumulative Security Update for Internet Explorer (3183038)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-105 – Critical

Security Update for Microsoft Graphics Component (3185848)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-106 – Critical

Security Update for Microsoft Graphics Component (3177393)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-107 – Critical

Security Update for Microsoft Office (3185852)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-108 – Critical

Security Update for Microsoft Exchange Server (3185883)
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

MS16-109 – Important

Security Update for Silverlight (3182373)
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker’s website.

MS16-110 – Important

Security Update for Windows (3178467)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.

MS16-111 – Critical

Security Update for Windows Kernel (3186973)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.

MS16-112 – Important

Security Update for Windows Lock Screen (3178469)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.

MS16-113 – Important

Security Update for Windows Secure Kernel Mode (3185876)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

MS16-114 – Important

Security Update for SMBv1 Server (3185879)
This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.

MS16-115 – Important

Security Update for Microsoft Windows PDF Library (3188733)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.

MS16-116 – Critical

Security Update in OLE Automation for VBScript Scripting Engine (3188724)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.

MS16-117 – Critical

Security Update for Adobe Flash Player (3188128)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.


Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud.