Welcome to this February Patch Tuesday Bulletin. This month brings 6 critical and 7 important severity patches. While there are 7 potential arbitrary code execution flaws, it appears that none of them are being attacked in the wild. Start the month with MS16-009 and MS16-022. These 2 patches deliver updates for Internet Explorer and Adobe Flash Player for a combined remediation of 35 vulnerabilities.
Next apply MS16-012, MS16-013 and MS16-015 since these patches fix flaws in core Windows functionality. If Microsoft Edge is in use then apply MS16-011. Next up is MS16-014 which is an important rated arbitrary code execution flaw. Follow that with MS16-016, MS16-017 and MS16-018 to remediate the remaining important severity elevation of privilege vulnerabilities.
Finally test and apply MS16-019, MS16-020 and MS16-021 to complete this months patches. Please take note that the Important rated severity patches are still often the target of attacks and elevating privileges can be just as important to attackers as executing code. Efficiently testing and applying patches is the best process for reducing attack surface in a patch management program.
Bulletin | Exploit Types /Technologies Affected |
System Types Affected | Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating | Products Affected | Notes | Randy’s recommendation |
MS16-021
3133043 |
Denial of service
/ Microsoft Windows |
Servers | No/No | No | Important | Server 2008 Server 2008 R2 Server 2012 Server 2012 R2 |
May require restart | Update after testing |
MS16-009
3134220 |
Arbitrary code
/ Internet Explorer |
Workstations Terminal Servers |
No/No | No | Critical | Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 |
Multiple vulnerabilities, requires restart | Update immediately |
MS16-020
3134222 |
Denial of service
/ Microsoft Windows |
Servers | No/No | No | Important | Server 2012 R2 | May require restart | Update after testing |
MS16-011
3134225 |
Arbitrary code
/ Microsoft Edge |
Workstations Terminal Servers |
No/No | No | Critical | Edge | Multiple vulnerabilities, requires restart | Update immediately |
MS16-015
3134226 |
Arbitrary code
/ Microsoft Office |
Workstations Terminal Servers Sharepoint Servers |
No/No | No | Critical | Office 2007 SharePoint Server 2007 Office 2010 Office 2011 for MAC Office Web Apps 2010 SharePoint Server 2010 SharePoint Server 2013 Office 2013 RT Office 2013 Office 2016 for Mac Office 2016 Office Web Apps 2013 SharePoint Foundation 2013 |
Multiple vulnerabilities, may require restart | Update immediately |
MS16-014
3134228 |
Arbitrary code
/ Microsoft Windows |
Workstations Terminal Servers Servers |
No/No | Yes | Important | Vista Server 2008 Server 2008 R2 Windows 7 Server 2012 Server 2012 R2 Windows 8.1 Windows RT 8.1 Windows 10 |
Multiple vulnerabilities, requires restart | Update after testing |
MS16-017
3134700 |
Privilege elevation
/ Microsoft Windows |
Workstations Terminal Servers Servers |
No/No | Yes | Important | Windows 7 Server 2012 Server 2012 R2 Windows 8.1 Windows 10 |
Requires restart | Update after testing |
MS16-013
3134811 |
Arbitrary code
/ Microsoft Windows |
Workstations Terminal Servers |
No/No | Yes | Critical | Vista Server 2008 Server 2008 R2 Windows 7 Server 2012 Server 2012 R2 Windows 8.1 Windows 10 |
May require restart | Update immediately |
MS16-022
3135782 |
Arbitrary code
/ Adobe Flash Player |
Workstations Terminal Servers Servers |
No/No | No | Critical | Server 2012 Server 2012 R2 Windows 8.1 Windows RT 8.1 Windows 10 |
Multiple vulnerabilities, requires restart | Update immediately |
MS16-016
3136041 |
Privilege elevation
/ Microsoft Windows |
Workstations Terminal Servers Servers |
No/No | Yes | Important | Vista Server 2008 Server 2008 R2 Windows 7 Server 2012 Server 2012 R2 Windows 8.1 Windows RT 8.1 Windows 10 |
May require restart | Update after testing |
MS16-018
3136082 |
Privilege elevation
/ Microsoft Windows |
Workstations Terminal Servers Servers |
No/No | No | Important | Vista Server 2008 Server 2008 R2 Windows 7 Server 2012 Server 2012 R2 Windows 8.1 Windows RT 8.1 Windows 10 |
Requires restart | Update after testing |
MS16-019
3137893 |
Denial of service
/ Microsoft .NET Framework |
Workstations Terminal Servers |
No/No | No | Important | .NET Framework 2.0 SP2 .NET Framework 3.5 .NET Framework 3.5.1 .NET Framework 4.5.2 .NET Framework 4.6 .NET Framework 4.6.1 |
Multiple vulnerabilities, may require restart | Update after testing |
MS16-012
3138938 |
Arbitrary code
/ Microsoft Windows |
Workstations Terminal Servers |
No/No | No | Critical | Server 2012 Server 2012 R2 Windows 8.1 Windows 10 |
Multiple vulnerabilities, may require restart | Update immediately |
For more information and education visit our website.
Business Information Solutions, Inc.
We get IT done!