Patch Tuesday

Welcome to this February Patch Tuesday Bulletin. This month brings 6 critical and 7 important severity patches. While there are 7 potential arbitrary code execution flaws, it appears that none of them are being attacked in the wild. Start the month with MS16-009 and MS16-022. These 2 patches deliver updates for Internet Explorer and Adobe Flash Player for a combined remediation of 35 vulnerabilities.

Next apply MS16-012, MS16-013 and MS16-015 since these patches fix flaws in core Windows functionality. If Microsoft Edge is in use then apply MS16-011. Next up is MS16-014 which is an important rated arbitrary code execution flaw. Follow that with MS16-016, MS16-017 and MS16-018 to remediate the remaining important severity elevation of privilege vulnerabilities.

Finally test and apply MS16-019, MS16-020 and MS16-021 to complete this months patches. Please take note that the Important rated severity patches are still often the target of attacks and elevating privileges can be just as important to attackers as executing code. Efficiently testing and applying patches is the best process for reducing attack surface in a patch management program.

Bulletin Exploit Types
/Technologies Affected
System Types Affected Exploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity rating Products Affected Notes Randy's recommendation
MS16-021

3133043

Denial of service

/ Microsoft Windows

Servers No/No No Important Server 2008
Server 2008 R2
Server 2012
Server 2012 R2
May require restart Update after testing
MS16-009

3134220

Arbitrary code

/ Internet Explorer

Workstations
Terminal Servers
No/No No Critical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restart Update immediately
MS16-020

3134222

Denial of service

/ Microsoft Windows

Servers No/No No Important Server 2012 R2 May require restart Update after testing
MS16-011

3134225

Arbitrary code

/ Microsoft Edge

Workstations
Terminal Servers
No/No No Critical Edge Multiple vulnerabilities, requires restart Update immediately
MS16-015

3134226

Arbitrary code

/ Microsoft Office

Workstations
Terminal Servers
Sharepoint Servers
No/No No Critical Office 2007
SharePoint Server 2007
Office 2010
Office 2011 for MAC
Office Web Apps 2010
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2016 for Mac
Office 2016
Office Web Apps 2013
SharePoint Foundation 2013
Multiple vulnerabilities, may require restart Update immediately
MS16-014

3134228

Arbitrary code

/ Microsoft Windows

Workstations
Terminal Servers
Servers
No/No Yes Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restart Update after testing
MS16-017

3134700

Privilege elevation

/ Microsoft Windows

Workstations
Terminal Servers
Servers
No/No Yes Important Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Requires restart Update after testing
MS16-013

3134811

Arbitrary code

/ Microsoft Windows

Workstations
Terminal Servers
No/No Yes Critical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
May require restart Update immediately
MS16-022

3135782

Arbitrary code

/ Adobe Flash Player

Workstations
Terminal Servers
Servers
No/No No Critical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restart Update immediately
MS16-016

3136041

Privilege elevation

/ Microsoft Windows

Workstations
Terminal Servers
Servers
No/No Yes Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
May require restart Update after testing
MS16-018

3136082

Privilege elevation

/ Microsoft Windows

Workstations
Terminal Servers
Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restart Update after testing
MS16-019

3137893

Denial of service

/ Microsoft .NET Framework

Workstations
Terminal Servers
No/No No Important .NET Framework 2.0 SP2
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 4.5.2
.NET Framework 4.6
.NET Framework 4.6.1
Multiple vulnerabilities, may require restart Update after testing
MS16-012

3138938

Arbitrary code

/ Microsoft Windows

Workstations
Terminal Servers
No/No No Critical Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Multiple vulnerabilities, may require restart Update immediately

For more information and education visit our website. 

Business Information Solutions, Inc.

We get IT done!