{"id": "KB3198585", "bulletinFamily": "microsoft", "title": "Cumulative update for Windows 10: November 8, 2016", "description": "<html><body><p>Describes a security update that includes improvements and fixes in the functionality of Windows 10.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update includes <a href=\"https://support.microsoft.com/en-us/help/12387/windows-10-update-history\" id=\"kb-link-1\" target=\"_self\">improvements and fixes</a> in the functionality of Windows 10. It also resolves the following vulnerabilities in Windows:<br/><br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3198467\" id=\"kb-link-2\" target=\"_self\">3198467</a> MS16-142: Cumulative security update for Internet Explorer: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3193479\" id=\"kb-link-3\" target=\"_self\">3193479</a> MS16-140: Security update for Boot Manager: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199647\" id=\"kb-link-4\" target=\"_self\">3199647</a> MS16-138: Security update to Microsoft virtual hard drive: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199173\" id=\"kb-link-5\" target=\"_self\">3199173</a> MS16-137: Security update for Windows authentication methods: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199135\" id=\"kb-link-6\" target=\"_self\">3199135</a> MS16-135: Security update for kernel-mode drivers: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3193706\" id=\"kb-link-7\" target=\"_self\">3193706</a> MS16-134: Security update for common log file system driver: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199120\" id=\"kb-link-8\" target=\"_self\">3199120</a> MS16-132: Security update for Microsoft graphics component: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199151\" id=\"kb-link-9\" target=\"_self\">3199151</a> MS16-131: Security update for Microsoft video control: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199172\" id=\"kb-link-10\" target=\"_self\">3199172</a> MS16-130: Security update for Microsoft Windows: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199057\" id=\"kb-link-11\" target=\"_self\">3199057</a> MS16-129: Cumulative security update for Microsoft Edge: November 8, 2016</li></ul>Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes.<br/><br/>If you have installed previous updates, only the new fixes that are contained in this package will be downloaded and installed to your computer. If you are installing a Windows 10 update package for the first time, the package for the <strong class=\"sbody-strong\">x</strong>86 version is 487 MB and the package for the <strong class=\"sbody-strong\">x</strong>64 version is 1030 MB.</div><h2>Known issue in this update</h2><div class=\"kb-symptoms-section section\">When you change the password for a local account on a Windows 10 Version 1507 computer with update 3198585 installed, the computer will hang at \"Changing Password.\" The password is successfully changed, and when this happens you will need to restart the computer and log in with the new password. </div><h2>How to get this update</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Method 1: Windows Update</h3>This update will be downloaded and installed automatically.<br/><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=kb3198585\" id=\"kb-link-12\" target=\"_self\">Microsoft Update Catalog</a> website.<br/><h3 class=\"sbody-h3\">Prerequisites</h3>There are no prerequisites for installing this update.<br/><h3 class=\"sbody-h3\">Restart information</h3>You have to restart the computer after you apply this update. <br/><h3 class=\"sbody-h3\">Update replacement information</h3>This update replaces the previously released update, <a href=\"https://support.microsoft.com/help/3199125\" id=\"kb-link-13\" target=\"_self\">3199125</a>.</div><h2>File Information</h2><div class=\"kb-resolution-section section\">For a list of the files that are provided in this cumulative update, download the <a href=\"http://download.microsoft.com/download/8/b/d/8bd9da20-497b-4c26-990f-89af2874b6cf/3198585.csv\" id=\"kb-link-14\" target=\"_self\">file information for cumulative update 3198585</a>.</div><h2>References</h2><div class=\"kb-references-section section\"> Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-15\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.<br/></div></body></html>", "published": "2016-11-08T00:00:00", "modified": "2016-12-21T02:22:46", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://support.microsoft.com/en-us/help/3198585/", "reporter": "Microsoft", "references": [], "cvelist": [], "type": "mskb", "lastseen": "2021-01-01T22:49:40", "edition": 62, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2016-7224", "MS:CVE-2016-7184", "MS:CVE-2016-7221", "MS:CVE-2016-3333", "MS:CVE-2016-7198", "MS:CVE-2016-7256", "MS:CVE-2016-0026", "MS:CVE-2016-7196", "MS:CVE-2016-7241", "MS:CVE-2016-3332"]}], "modified": "2021-01-01T22:49:40", "rev": 2}, "score": {"value": 1.7, "vector": "NONE", "modified": "2021-01-01T22:49:40", "rev": 2}, "vulnersScore": 1.7}, "kb": "KB3198585", "msrc": "MS16-142", "mscve": "", "msfamily": "", "msplatform": "", "msproducts": ["18472"], "supportAreaPaths": ["c6cab6e3-6598-6a1f-fbb2-f66d3740139d"], "supportAreaPathNodes": [{"id": "c6cab6e3-6598-6a1f-fbb2-f66d3740139d", "name": "Windows 10", "parent": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "tree": [], "type": "productversion"}], "primarySupportAreaPath": [{"id": "c6cab6e3-6598-6a1f-fbb2-f66d3740139d", "name": "Windows 10", "parent": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "tree": [], "type": "productversion"}, {"id": "1267d68d-d9f7-6020-0726-166b153ccbeb", "name": "Windows", "tree": [], "type": "productfamily"}, {"id": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "name": "Windows 10", "parent": "1267d68d-d9f7-6020-0726-166b153ccbeb", "tree": [], "type": "productname"}], "superseeds": [], "parentseeds": [], "msimpact": "", "msseverity": "", "scheme": null, "immutableFields": []}

{"mskb": [{"lastseen": "2021-01-01T22:35:53", "bulletinFamily": "microsoft", "cvelist": [], "description": "<html><body><p>Learn more about update KB3205383, including improvement and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><span>This security update includes these additional improvements and fixes. No new operating system features are being introduced in this update. Key changes include:\u00a0</span><ul><li><span>Addressed issue that causes the System Center Configuration Manager (SCCM) client to fail installation when a device is re-imaged using the SCCM task sequence.</span></li><li><span>Addressed issue with an error that occurs when the home page of the browser is set to an extremely long URL.\u00a0</span></li><li><span>Addressed issue with search suggestions and suggested sites feature of the browser not working properly.</span></li><li><span>Addressed issue when changing the password for a local account with update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/kb/3198585\" managed-link=\"\" target=\"_blank\">KB3198585</a> installed, the computer will hang at \"Changing Password\".</span></li><li><span>Addressed additional issues with Internet Explorer and updates to time zone information.</span></li><li><span>Security updates to Microsoft Uniscribe, Microsoft Graphics Component, the Windows OS, Microsoft Edge, Internet Explorer, Windows Hyper-V, Windows kernel, and the kernel-mode driver.</span></li></ul><div><span>\r\rFor more information about the security\u00a0fixes included in this update, please refer to the\u00a0<a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://go.microsoft.com/fwlink/?linkid=837550\" managed-link=\"\" target=\"\">Security Updates Guide</a>. If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\r<br/></span></div><h2>Known issues in this update</h2><span>Microsoft is not currently aware of any issues with this update.<br/></span><h2>How to get this update</h2><span>This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3205383\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</span><div><span><br/></span></div><ul><li><span><b>Update replacement information</b><br/>This update replaces the previously released update \r\r<a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/kb/3205436\" managed-link=\"\" target=\"_blank\">KB3205436</a>\r\r.\u00a0</span></li><li><span><b>File information</b><br/>\r\rFor a list of the files that are provided in this update, download the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/D/D/D/DDD8E2A6-B254-44E2-90D4-3E37CC58AE5F/3205383.csv\" managed-link=\"\" target=\"\">file information for cumulative update KB3205383</a>\r\r. If you're installing a Windows 10 update package for the first time, the package size for the X86 version is 489 MB and the package size for the x64 version is 1030 MB.\u00a0\r\r<br/></span></li></ul></body></html>", "edition": 97, "modified": "2018-10-09T19:29:16", "id": "KB4004230", "href": "https://support.microsoft.com/en-us/help/4004230/", "published": "2016-12-13T00:00:00", "title": "December 13, 2016 \u2014 KB3205383 (OS Build 10240.17202)", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}], "mscve": [{"lastseen": "2021-03-18T19:17:53", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7241"], "description": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.\n\nThe security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7241", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7241", "type": "mscve", "title": "Microsoft Browser Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T19:17:53", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7203"], "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "modified": "2016-11-08T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7203", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7203", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T19:17:53", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7201"], "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "modified": "2016-11-08T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7201", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7201", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T19:17:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7210"], "description": "An information disclosure vulnerability exists when the Adobe Type Manager Font Driver improperly handles specially crafted OpenType fonts. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n\nThe update addresses the vulnerability by correcting how the Adobe Type Manager Font Driver handles OpenType fonts.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7210", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7210", "type": "mscve", "title": "Open Type Font Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-18T19:17:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7214"], "description": "An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a [Kernel Address Space Layout Randomization (ASLR)](<https://technet.microsoft.com/en-us/library/security/dn848375.aspx#ASLR>) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.\n\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n\nThe security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7214", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7214", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-18T19:17:55", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-3335"], "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-3335", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-3335", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T19:17:54", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7247"], "description": "A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device.\n\nTo exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.\n\nThe security update addresses the vulnerability by revoking affected boot policies in the firmware. The revocation protection level depends upon platform firmware. The Windows event channel Microsoft-Windows-Kernel-Boot may be used to determine the protection level provided. Note that an additional reboot is needed to view the event:\n\n * Windows versions prior to Windows 10 do not log the event by default. You must enable \u201canalytic\u201d logging for this channel prior to installation of the patch.\n * Windows versions 10 and higher log the event by default. Event ID 155 indicates baseline protection. Event ID 154 indicates enhanced protection.\n\nFor systems that provide baseline protection, firmware updates from your OEM may be available that upgrade systems to enhanced protection.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7247", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7247", "type": "mscve", "title": "Secure Boot Component Security Feature Bypass Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-18T19:17:56", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7248"], "description": "A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nTo exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or application from either a webpage or an email message. The security update addresses the vulnerability by correcting how Microsoft Video Control handles objects in memory.\n\nNote that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-7248", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-7248", "type": "mscve", "title": "Microsoft Video Control Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T19:17:55", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-3340"], "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-3340", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-3340", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T19:17:55", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-3338"], "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "modified": "2016-12-13T08:00:00", "published": "2016-11-08T08:00:00", "id": "MS:CVE-2016-3338", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-3338", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}