Summary

The following CVEs and security bulletins have undergone a major
revision increment.

* CVE-2016-0165
* CVE-2016-3238
* CVE-2016-3326
* CVE-2016-3376
* CVE-2017-0213
* CVE-2017-8529
* CVE-2017-8599
* MS16-039
* MS16-APR
* MS16-087
* MS16-JUL
* MS16-095
* MS16-AUG
* MS16-123
* MS16-OCT

 

CVE Revision Information:

CVE-2016-0165

– Title: CVE-2016-0165 | Win32k Elevation of Privilege
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
include Windows 10 Version 1703 for 32-bit Systems and Windows 10
Version 1703 for x64-based Systems because they are affected by
CVE-2016-0165. Consumers running Windows 10 are automatically
protected. Microsoft recommends that enterprise customers running
Windows 10 Version 1703 ensure they have update 4038788 installed
to be protected from this vulnerability.
– Originally posted: April 12, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 2.0

CVE-2016-3238

– Title: CVE-2016-3238 | Windows Print Spooler Remote Code Execution
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address known issues with the 3170455
update for CVE-2016-3238, Microsoft has made available the
following updates for currently-supported versions of Microsoft
Windows: • Rereleased update 3170455 for Windows Server 2008
• Monthly Rollup 4038777 and Security Update 4038779 for Windows 7
and Windows Server 2008 R2 • Monthly Rollup 4038799 and Security
Update 4038786 for Windows Server 2012 • Monthly Rollup 4038792
and Security Update 4038793 for Windows 8.1 and Windows Server 2012
R2 • Cumulative Update 4038781 for Windows 10 • Cumulative Update
4038781 for Windows 10 Version 1511 • Cumulative Update 4038782
for Windows 10 Version 1607 and Windows Server 2016. Microsoft
recommends that customers running Windows Server 2008 reinstall
update 3170455. Microsoft recommends that customers running other
supported versions of Windows install the appropriate update. See
Microsoft Knowledge Base Article 3170005 (https://support.
microsoft.com/en-us/help/3170005) for more information.
– Originally posted: July 12, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Critical
– Version: 2.0

CVE-2016-3326

– Title: CVE-2016-3326 | Microsoft Browser Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to include
Microsoft Edge and Internet Explorer 11 installed on Windows 10
Version 1703 for 32-bit Systems, and Microsoft Edge and Internet
Explorer 11 installed on Windows 10 Version 1703 for x64-based
Systems because they are affected by CVE-2016-3326. In addition,
corrected the Affected Products table to include Microsoft Edge
installed on Windows 10, Windows 10 Version 1511, and Windows 10
Version 1607 because they are also affected by this vulnerability.
Consumers using Windows 10 are automatically protected. Microsoft
recommends that enterprise customers running Microsoft Edge or
Internet Explorer on Windows 10 Version 1703 ensure they have update
4038788 installed to be protected from this vulnerability. Customers
who are running other versions of Windows 10 and who have installed
the August cumulative updates do not need to take any further action.
– Originally posted: August 9, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 3.0

CVE-2016-3376

– Title: CVE-2016-3376 | Win32k Elevation of Privilege Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
include Windows 10 Version 1703 for 32-bit Systems and Windows 10
Version 1703 for x64-based Systems because they are affected by
CVE-2016-3376. Consumers using Windows 10 are automatically
protected. Microsoft recommends that enterprise customers running
Windows 10 Version 1703 ensure they have update 4038788 installed
to be protected from this vulnerability.
– Originally posted: October 11, 2016
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 3.0

CVE-2017-0213

– Title: CVE-2017-0213 | Windows COM Elevation of Privilege
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-0213,
Microsoft has released security update 4038788 for Windows 10
Version 1703 for 32-bit Systems and Windows 10 Version 1703 for
x64-based Systems. Consumers using Windows 10 are automatically
protected. Microsoft recommends that enterprise customers running
Windows 10 Version 1703 ensure that they have update 4038788
installed to be protected from this vulnerability.
– Originally posted: May 8, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 3.0

CVE-2017-8529

– Title: CVE-2017-8529 | Microsoft Browser Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address known print regression issues
customers may experience when printing from Internet Explorer
or Microsoft Edge after installing any of the June security
updates, monthly rollups, or IE cumulative updates, Microsoft has
released the following September security updates: Internet
Explorer Cumulative Update 4036586; Monthly Rollups 4038777,
4038799, 4038792; Security Updates 4038781, 4038783, 4038782,
and 4038788 for all affected editions of Microsoft Edge and
Internet Explorer when installed on supported editions of Windows.
Please note that with the installation of these updates, the
solution to CVE-2017-8529 is turned off by default to help
prevent the risk of further issues with print regressions, and
must be activated via your Registry. To be fully protected from
this vulnerability, please see the Update FAQ section for
instructions to activate the solution.
– Originally posted: June 13, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Moderate
– Version: 5.0

CVE-2017-8599

– Title: CVE-2017-8599 | Microsoft Edge Security Feature
Bypass Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2017-8599,
Microsoft has released September security updates for all affected
editions of Microsoft Edge installed on supported editions of
Windows 10. Microsoft strongly recommends that customers install
the updates to be fully protected from the vulnerability.
Customers whose systems are configured to receive automatic updates
do not need to take any further action.
– Originally posted: July 11, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Important
– Version: 2.0

 

Security Bulletin Revision Information:

– Title: Security Update for Microsoft Graphics Component (3148522)
– https://technet.microsoft.com/library/security/ms16-039.aspx
– Reason for Revision: Revised the Microsoft Windows affected software
table to include Windows 10 Version 1703 for 32-bit Systems and
Windows 10 Version 1703 for x64-based Systems because they are
affected by CVE-2016-0165. Consumers running Windows 10 are
automatically protected. Microsoft recommends that enterprise
customers running Windows 10 Version 1703 ensure they have update
4038788 installed to be protected from this vulnerability.
– Originally posted: April 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Critical
– Version: 4.0

MS16-APR

– Title: Microsoft Security Bulletin Summary for April 2016
– https://technet.microsoft.com/library/security/ms16-APR.aspx
– Reason for Revision: For MS16-039, revised the Windows Operating
Systems and Components affected software table to include Windows 10
Version 1703 for 32-bit Systems and Windows 10 Version 1703 for
x64-based Systems because they are affected by CVE-2016-0165.
Consumers running Windows 10 are automatically protected. Microsoft
recommends that enterprise customers running Windows 10 Version
1703 ensure they have update 4038788 installed to be protected from
this vulnerability.
– Originally posted: April 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 4.0

MS16-087

– Title: Security Update for Windows Print Spooler Components (3170005)
– https://technet.microsoft.com/library/security/ms16-087.aspx
– Reason for Revision: To address known issues with the 3170455 update
for CVE-2016-3238, Microsoft has made available the following updates
for currently-supported versions of Microsoft Windows:
Rereleased update 3170455 for Windows Server 2008
Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and
Windows Server 2008 R2
Monthly Rollup 4038799 and Security Update 4038786 for Windows Server
2012
Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1
and Windows Server 2012 R2
Cumulative Update 4038781 for Windows 10
Cumulative Update 4038781 for Windows 10 Version 1511
Cumulative Update 4038782 for Windows 10 Version 1607 and Windows
Server 2016.
Microsoft recommends that customers running Windows Server 2008
reinstall update 3170455. Microsoft recommends that customers running
other supported versions of Windows install the appropriate update.
See Microsoft Knowledge Base Article 3170005 for more information.
– Originally posted: July 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Critical
– Version: 2.0

MS16-JUL

– Title: Microsoft Security Bulletin Summary for July 2016
– https://technet.microsoft.com/library/security/ms16-JUL.aspx
– Reason for Revision: For MS16-087, To address known issues with the
3170455 update for CVE-2016-3238, Microsoft has made available the
following updates for currently-supported versions of Microsoft Windows:
Rereleased update 3170455 for Windows Server 2008
Monthly Rollup 4038777 and Security Update 4038779 for Windows 7 and
Windows Server 2008 R2
Monthly Rollup 4038799 and Security Update 4038786 for Windows Server
2012
Monthly Rollup 4038792 and Security Update 4038793 for Windows 8.1
and Windows Server 2012 R2
Cumulative Update 4038781 for Windows 10
Cumulative Update 4038781 for Windows 10 Version 1511
Cumulative Update 4038782 for Windows 10 Version 1607 and Windows
Server 2016.
Microsoft recommends that customers running Windows Server 2008
reinstall update 3170455. Microsoft recommends that customers running
other supported versions of Windows install the appropriate update.
See Microsoft Knowledge Base Article 3170005 for more information.
– Originally posted: July 12, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 2.0

MS16-095

– Title: Cumulative Security Update for Internet Explorer (3177356)
– https://technet.microsoft.com/library/security/ms16-095.aspx
– Reason for Revision: Revised the Affected Software table to include
Internet Explorer 11 installed on Windows 10 Version 1703 for 32-bit
Systems and Internet Explorer 11 installed on Windows 10 Version 1703
for x64-based Systems because they are affected by CVE-2016-3326.
Consumers using Windows 10 are automatically protected. Microsoft
recommends that enterprise customers running Internet Explorer on
Windows 10 Version 1703 ensure they have update 4038788 installed
to be protected from this vulnerability. Customers who are running
other versions of Windows 10 and who have installed the June
cumulative updates do not need to take any further action.
– Originally posted: August 9, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Critical
– Version: 3.0

MS16-AUG

– Title: Microsoft Security Bulletin Summary for August 2016
– https://technet.microsoft.com/library/security/ms16-AUG.aspx
– Reason for Revision: For MS16-095, revised the Windows Operating
System and Components Affected Software table to include Internet
Explorer 11 installed on Windows 10 Version 1703 for 32-bit Systems
and Internet Explorer 11 installed on Windows 10 Version 1703 for
x64-based Systems because they are affected by CVE-2016-3326. Microsoft
recommends that customers running Internet Explorer on Windows 10
Version
1703 install update 4038788 to be protected from this vulnerability.
– Originally posted: August 9, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 3.0

MS16-123

– Title: Security Update for Windows Kernel-Mode Drivers (3192892)
– https://technet.microsoft.com/library/security/ms16-123.aspx
– Reason for Revision: Revised the Affected Software table to include
Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703
for x64-based Systems because they are affected by CVE-2016-3376.
Consumers using Windows 10 are automatically protected. Microsoft
recommends that enterprise customers running Windows 10 Version 1703
ensure they have update 4038788 installed to be protected from this
vulnerability.
– Originally posted: October 11, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: Important
– Version: 3.0

MS16-OCT

– Title: Microsoft Security Bulletin Summary for October 2016
– https://technet.microsoft.com/library/security/ms16-OCT.aspx
– Reason for Revision: For MS16-123, revised the Windows Operating
System and Components affected software table to include Windows 10
Version 1703 for 32-bit Systems and Windows 10 Version 1703 for
x64-based Systems because they are affected by CVE-2016-3376.
Consumers using Windows 10 are automatically protected. Microsoft
recommends that enterprise customers running Windows 10 Version 1703
ensure they have update 4038788 installed to be protected from this
vulnerability.
– Originally posted: October 11, 2016
– Updated: September 12, 2017
– Bulletin Severity Rating: N/A
– Version: 3.0