Virtual Administrator’s January 2016 Patch Recommendations

9 Security Bulletins were released – 6 Critical, 3 Important, and 0 Moderate

This Month In Brief

9 Security Bulletins were released – 6 Critical, 3 Important

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS16-001, MS16-002, MS16-003, MS16-004, MS16-005, MS16-006 are rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.

No out-of-band security updates were released during the last month.

Windows 10 cumulative updates are KB3124263 and KB3124266
Cumulative Update for Windows 10
https://support.microsoft.com/en-us/kb/3124266
Cumulative Update for Windows 10 Version 1511
https://support.microsoft.com/en-us/kb/3124263

Attention Citrix users: Known issues with Windows 10 running Citrix XenDesktop in conjunction with Citrix WorkstationOS Virtual Delivery Agent (VDA)

“Microsoft will temporarily not install KB3124266/KB3124263 through Windows Updates on Windows 10 machines which has XenDesktop/Citrix VDA installed.”

Kaseya uses Windows Updates detection logic to determine which patches need to be deployed. So it our understanding that those machines affected by this will not show KB3124266/KB3124263 as a missing patch and it will not get installed by Kaseya patching. However we cannot be certain of this and recommend that partners with XenDesktop/Citrix VDA installed to Suspend or Cancel Kaseya patching on those agent. This is on the Patch Management> Manage Machines> Automatic Update page in the console. Cancelling (clearing) the Automatic Update schedule will stop patching as well. If KB3124266/KB3124263 shows up as missing on these agents you should set it to Ignore on the Patch Management> Manage Updates> Patch Update page in the console. If you have any question or need assistance please open a ticket by visiting here.

Citrix Known Issues with January 2016 Microsoft Security Updates for VDA 7.6.300/7.7.0 on Windows 10
http://support.citrix.com/article/CTX205398

Denied Patch KB3114409 update: KB3114409 is fixed with KB3114570
KB3114409 “After you install this update, Outlook 2010 may start only in safe mode.”
Microsoft pulled the patch last month. We denied it to ensure it didn’t “slip” out on machines with older scan results.
KB3114570 appears to be safe and we have approved it in our patch policy
January 12, 2016, update for Outlook 2010 (KB3114570)
https://support.microsoft.com/en-us/kb/3114570

Pain in the Flash: KB3132372 caused issues and KB3133431 fixed them
KB3132372 [Security Update (Non-rated)] “We are aware of limited application crashes that occur after this security update is installed on Windows 10”
Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: December 29, 2015
https://support.microsoft.com/en-us/kb/3132372

KB3133431 [Critical Update] Resolves a problem in which Adobe Flash Player does not load correctly in applications that are running in Internet Explorer or Microsoft Edge and that have Flash Player embedded.
Update for Adobe Flash Player in Internet Explorer and Microsoft Edge: January 5, 2016
https://support.microsoft.com/en-us/kb/3133431

Notable news: Support for Windows 8 and older version of Internet Explorer ended on January 12th, 2016
Windows 8.1 Support Lifecycle Policy FAQ
https://support.microsoft.com/en-us/gp/lifecycle-windows81-faq?wa=wsignin1.0
Support for older versions of Internet Explorer ended on January 12th, 2016
https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-supportWindows 8.1 Support Lifecycle Policy FAQ

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS16-001 Cumulative Security Update for Internet Explorer (3124903) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Internet Explorer 7-11
Known Issues per MS:
MS16-002 Cumulative Security Update for Microsoft Edge (3124904) (Microsoft Edge) The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Details
Affected Software: Microsoft Edge
Known Issues per MS:
MS16-003 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540) (Microsoft Windows) The vulnerability could allow remote code execution if a user visits a specially crafted website.
Details
Affected Software: Vista, Server 2008
Known Issues per MS:
MS16-004 Security Update for Microsoft Office to Address Remote Code Execution (3124585) (Microsoft Office,Visual Basic) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
Affected Software: Office 2007/2010/2013/2016, Office 2011/2016 for MAC, Microsoft SharePoint Server 2013/Foundation 2013, Microsoft Visual Basic 6.0 Runtime
Known Issues per MS:
MS16-005 Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584) (Microsoft Windows) The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.
Details
Affected Software:
Known Issues per MS:
MS16-006 Security Update for Silverlight to Address Remote Code Execution (3126036) (Microsoft Silverlight) The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application.
Details
Affected Software: Silverlight 5
Known Issues per MS:

IMPORTANT

MS16-007 Security Update for Microsoft Windows to Address Remote Code Execution (3124901) (Microsoft Windows) The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS: https://support.microsoft.com/en-us/kb/3124266 and https://support.microsoft.com/en-us/kb/3124263
MS16-008 Security Update for Windows Kernel to Address Elevation of Privilege (3124605) (Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Details
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS16-010 Security Update in Microsoft Exchange Server to Address Spoofing (3124557) (Microsoft Exchange Server) The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Details
Affected Software: Microsoft Exchange
Known Issues per MS:

MODERATE