Announcement ID |
Announcement Title and Executive summary |
Highest severity Rating and vulnerability impact |
Restart requirements |
The Affected Software |
ms16-023 |
Cumulative security update for Internet Explorer (3142015) This security update fixes multiple vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user uses Internet Explorer to view a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install the program, view, change, or delete data, or create a new account with full user rights. |
Serious Remote Code Execution |
Reboot required |
Microsoft Windows, Internet Explorer |
ms16-024 |
Cumulative security update for Microsoft Edge (3142019) This security update fixes multiple vulnerabilities in Microsoft Edge. The most severe of these vulnerabilities could allow remote code execution if a user uses Microsoft Edge to view a specially crafted webpage. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Accounts that are configured to have fewer system user rights are less impacted than customers who have administrative user rights. |
Serious Remote Code Execution |
Reboot required |
Microsoft Windows, Microsoft Edge |
ms16-025 |
Security update for Windows library load to repair Remote code execution Vulnerability (3140709) This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows does not validate input correctly before loading certain libraries. However, an attacker must first gain access to the local system to execute a malicious application. |
Important Remote Code Execution |
Reboot required |
Microsoft Windows |
ms16-026 |
Security update for graphical fonts for repairing remote Code Execution vulnerabilities (3143148) This security update fixes multiple vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to access a Web site that contains specially crafted embedded OpenType fonts. |
Serious Remote Code Execution |
Reboot required |
Microsoft Windows |
ms16-027 |
Windows Media security Update for repairing a remote Code execution Vulnerability (3143146) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens specially crafted media content hosted on the site. |
Serious Remote Code Execution |
May require a restart |
Microsoft Windows |
ms16-028 |
Security update for Microsoft Windows PDF Library to repair Remote Code execution Vulnerability (3143081) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted. pdf file. |
Serious Remote Code Execution |
May require a restart |
Microsoft Windows |
ms16-029 |
Microsoft Office security Update for repairing a remote Code execution Vulnerability (3141806) This security update fixes multiple vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. Accounts that are configured to have fewer system user rights are less impacted than customers who have administrative user rights. |
Important Remote Code Execution |
May require a restart |
Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software |
ms16-030 |
Windows OLE security Update for repairing a remote Code execution Vulnerability (3143136) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution when Windows OLE fails to properly validate user input. Attackers can exploit these vulnerabilities to execute malicious code. However, an attacker must first convince a user to open a specially crafted file or program in a Web page or e-mail message. |
Important Remote Code Execution |
Reboot required |
Microsoft Windows |
ms16-031 |
Microsoft Windows Security Update (3140410) to fix elevation of privilege vulnerability This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker could log on to the target system and run a specially crafted application. |
Important Privilege elevation |
Reboot required |
Microsoft Windows |
ms16-032 |
Security update for secondary logons to fix elevation of Privilege Vulnerability (3143141) This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Secondary Logon service fails to properly manage request handles in memory. |
Important Privilege elevation |
Reboot required |
Microsoft Windows |
ms16-033 |
Security update for Windows USB mass storage class driver to fix elevation of Privilege Vulnerability (3143142) This security update fixes a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with physical access would insert a specially crafted USB device into the system. |
Important Privilege elevation |
May require a restart |
Microsoft Windows |
ms16-034 |
Security update for Windows kernel-mode drivers to fix elevation of Privilege Vulnerability (3143145) This security update fixes multiple vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. |
Important Privilege elevation |
Reboot required |
Microsoft Windows |
ms16-035 |
Security update for the. NET Framework to fix security feature Bypass Vulnerability (3141780) This security update fixes a vulnerability in the Microsoft. NET Framework. If the. NET Framework component does not correctly validate certain elements in the signed XML document, a security feature bypass vulnerability exists in the component. |
Important Bypassing security features |
May require a restart |
Microsoft Windows, Microsoft. NET Framework |