Microsoft Security Bulletins May 2016

The Microsoft Security Bulletins May 2016 overview provides you with information about the May 2016 Patch Day for Windows and other Microsoft products.

The overview lists all security and non-security patches that Microsoft released for client and server versions of the Windows operating system.

All link to Microsoft Knowledge Base pages or other resources that allow you to find out more about individual patches.

The patch overview begins with a summary of the most important information. It is followed by the operating system and other Microsoft products distribution that highlights all products for which patches have been released.

This is followed by the list of security bulletins and patches, and information on how to download the patches to local systems.

Microsoft Security Bulletins May 2016

Executive Summary

• Microsoft released a total of 16 security bulletins in May 2016 that patch security issues in Microsoft Windows, Microsoft Office, and other company products.
• Eight security bulletins have received a maximum severity rating of critical, the other eight one of important.

Operating System Distribution

The extra critical bulletin that Windows Vista is affected by (MS16-053) patches a vulnerability in JScript and VBScript.

The extra critical bulletin that Windows 8.1, 8.1 RT and Windows 10 are affected by is MS16-064. It patches the built-in Adobe Flash Player in Internet Explorer and Microsoft Edge.

Windows 10 finally is also affected by the critically rated bulletin MS16-052 which fixes a critical vulnerability in Microsoft Edge.

• Windows Vista: 3 critical, 3 important
• Windows 7: 2 critical, 3 important
• Windows 8.1: 2 critical, 3 important
• Windows RT 8.1: 3 critical, 3 important
• Windows 10: 4 critical, 3 important
• Windows Server 2008: 1 critical, 3 important, 2 moderate
• Windows Server 2008 R2: 1 critical, 3 important, 1 moderate
• Windows Server 2012 and 2012 R2: 1 critical, 3 important, 2 moderate
• Server core: 1 critical, 3 important, 1 moderate

Other Microsoft Products

Patches for the following non-Windows Microsoft products were released this month:

• Microsoft Office 2007, 2010 and 2013: 1 critical
• Microsoft Office 2013 RT: 1 critical
• Microsoft Office 2016: 1 critical
• Microsoft Office for Mac 2011, 2016: 1 critical
• Microsoft Office Compatibility Pack SP3,Word Viewer: 1 critical
• Microsoft SharePoint Server 2010: 1 critical
• Microsoft Office Web Apps 2010: 1 critical

Security Bulletins

MS16-051 - Cumulative Security Update for Internet Explorer (3155533) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

MS16-052 - Cumulative Security Update for Microsoft Edge (3155538) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-053 - Cumulative Security Update for JScript and VBScript (3156764) - Critical - Remote Code Execution

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website.

MS16-054 - Security Update for Microsoft Office (3155544) - Critical - Remote Code Execution

The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

MS16-055 - Security Update for Microsoft Graphics Component (3156754) - Critical - Remote Code Execution

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website.

MS16-056 - Security Update for Windows Journal (3156761) - Critical - Remote Code Execution

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.

MS16-057 - Security Update for Windows Shell (3156987) - Critical - Remote Code Execution

The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content.

MS16-058 - Security Update for Windows IIS (3141083) - Important - Remote Code Execution

The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.

MS16-059 - Security Update for Windows Media Center (3150220) - Important - Remote Code Execution

The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.

MS16-060 - Security Update for Windows Kernel (3154846) - Important - Elevation of Privilege

The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-061 - Security Update for Microsoft RPC (3155520) - Important - Elevation of Privilege

The vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host.

MS16-062 - Security Update for Windows Kernel-Mode Drivers (3158222) - Important - Elevation of Privilege

The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

MS16-064 - Security Update for Adobe Flash Player (3157993) - Critical - Remote Code Execution

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

MS16-065 - Security Update for .NET Framework (3156757) - Important  -  Information Disclosure
This security update resolves a vulnerability in Microsoft .NET Framework.

The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.

MS16-066 - Security Update for Virtual Secure Mode (3155451) - Important  - Security Feature Bypass

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.

MS16-067 - Security Update for Volume Manager Driver (3155784) - Important - Information Disclosure

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.

Security advisories and updates

Microsoft Security Advisory 3155527 - Update to Cipher Suites for FalseStart

FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message.

This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first flight of application_data records using the attacker’s chosen cipher suite from the client’s list.

To avoid downgrade attacks, TLS clients only allow FalseStart when their strongest cipher suites are negotiated.

Non-security related updates

• Update for Windows Server 2012 R2 and Windows Server 2012 (KB3159706) - Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2.
• Update for Windows 8.1, Windows 8, and Windows 7 (KB3150513) - May 2016 Compatibility Update for Windows. This update provides updated configuration and definitions for compatibility diagnostics performed on the system. The updated definitions will improve accuracy and help enable Microsoft and its partners ensure compatibility for customers who want to install the latest Windows operating system.
• Update for Windows 8.1 and Windows 7 (KB3035583) - Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3103616) - WMI query doesn't work in Windows Server 2012 R2 or Windows Server 2012.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3103709) - Windows Server 2012 R2-based domain controller update, April 2016.
• Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012 (KB3125424) - LSASS deadlocks cause Windows Server 2012 R2 or Windows Server 2012 not to respond.
• Update for Windows Server 2012 R2 (KB3134179) - Update adds performance counters for Remote Desktop Connection Broker in Windows Server 2012 R2.
• Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3138378) - Update for Journal.dll binary in Windows.
• Update for Windows Server 2008 and Windows Vista (KB3139921) - "No computer account for trust" error when you change domain account password in Windows
• Update for Windows Embedded 8 Standard, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3140245) - A new registry key enables TLS 1.1 and TLS 1.2 to default secure protocols in WinHTTP in Windows.

More information for KB3140245

32-bit Windows key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

64-bit Windows key (add 32-bit also): HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Values:

DefaultSecureProtocols Value	Protocol enabled
0x00000008	Enable SSL 2.0 by default
0x00000020	Enable SSL 3.0 by default
0x00000080	Enable TLS 1.0 by default
0x00000200	Enable TLS 1.1 by default
0x00000800	Enable TLS 1.2 by default

• Update for Windows Server 2012 R2 (KB3143777) - Cluster service fails when shutting down or data deduplication fails with "Drive is locked" in Windows Server 2012 R2.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3144474) - TFS application pool and Certreq.exe crash after security update 3081320 is installed in Windows Server 2012 R2.
• Update for Windows 8.1 and Windows Server 2012 R2 (KB3144850) - Update enables downgrade rights between Windows 10 IoT and Windows Embedded 8.1 Industry.
• Update for Windows Server 2008 R2 x64 Edition (KB3145126) - Loading DNS zones takes a long time on a Windows Server 2008 R2-based DNS server.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3145384) - MinDiffAreaFileSize registry value limit is increased from 3 GB to 50 GB in Windows 8.1 or Windows Server 2012 R2.
• Update for Windows Server 2012 R2 (KB3145432) - Cluster nodes or VMs go offline when they are using VMQ capable NICs on a Windows Server 2012 R2 host.
• Update for Windows Embedded 8 Standard and Windows Server 2012 (KB3146600) - Wbengine.exe crashes when you run a backup on a GPT formatted drive in Windows Server 2012.
• Update for Windows 8.1 and Windows Server 2012 R2 (KB3146601) - GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC.
• Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, and Windows Server 2012 (KB3146604) - WMI service crashes randomly in Windows Server 2012 R2 or Windows Server 2012.
• Update for Windows Server 2012 R2 (KB3146621) - iSCSI target service crashes randomly in Windows Server 2012 R2.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3146627) - Network drives aren't mapped correctly from DFS namespace in Windows Server 2012 R2-based RDS server.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3146751) - "Logon is not possible" error or a temporary file is created when you log on App-V in Windows Server 2012 R2.
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3146978) - RDS redirected resources showing degraded performance in Windows 8.1 or Windows Server 2012 R2.
• Update for Windows Server 2012 R2 (KB3148146) - Some printer settings are not restored correctly when you use Printbrm.exe in Windows Server 2012 R2.
• Update for Windows Server 2012 R2 (KB3148217) - High network usage after you implement file screening on a Windows Server 2012 R2-based Work Folders sync server.
• Update for Windows 8.1, Windows Server 2012 R2, and Windows Server 2012 (KB3148812) -
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3149157) - Reliability and scalability improvements in TCP/IP for Windows 8.1 and Windows Server 2012 R2.

May 10th Cumulative Update for Windows 10 (KB3156421)

Note: Some users report slow PCs after installing this update.

• Improved reliability in a number of areas including Cortana, Bluetooth, Shell, Internet Explorer 11, Microsoft Edge, Miracast, and USB.
• Fixed memory leak that occurs when opening a portable document format (PDF) form multiple times.
• Fixed issues with text alignment for right to left languages in Internet Explorer 11 and Microsoft Edge.
• Fixed issue that affected Bluetooth function when a PC resumes from sleep.
• Fixed issue where user accounts weren't locked out after a number of failed sign in attempts.
  Fixed issue with revised daylight saving time.
• Fixed issue that sometimes corrupts CompactFlash cards inserted into a card reader.
• Fixed issue that caused recorded video to be lost when answering an incoming call on some phones.
• Fixed issue that could result in unexpected battery drain while the phone screen is off.
• Fixed additional security issues with kernel mode drivers, remote procedure calls, the Microsoft Graphics Component, Internet Explorer 11, Microsoft Edge, Windows Shell, Windows Journal, Virtual Secure Mode, Schannel, and Jscript.

How to download and install the May 2016 security updates

All updates are made available on Windows Update for download. Depending on how the update service is configured on a Windows machine, updates may be downloaded and installed automatically, or manually.

It is suggested to research updates before they are installed to make sure they are needed and don't cause issues.

Updates are also available on Microsoft's Download Center website. The company announced this month however that it made the decision to limit direct update downloads.

Security updates are also made available as a monthly ISO image that users and administrators can download from Microsoft's website.

Additional resources

• Microsoft Security Bulletin Summary for May 2016
• List of software updates for Microsoft products
• List of security advisories of 2016
• Windows 10 Update History