Skip to comments.
Like it or not, here are ALL your October Microsoft patches (Rolled-up Windows Update)
The Register ^
| Oct 11, 2016
| Shaun Nichols
Posted on 10/11/2016 9:07:53 PM PDT by dayglored
Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload.
The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems.
In total, ten bulletins have been bundled into the Patch Tuesday payload:
- MS16-118 is a cumulative update for Internet Explorer to address 11 security vulnerabilities, including six remote code execution flaws, three information disclosure vulnerabilities, and two elevation of privilege conditions.
- MS16-119 will fix 13 CVE-listed vulnerabilities present in the Edge browser. Those flaws include eight remote code execution holes, two information disclosure flaws, two elevation of privilege holes, and one security feature bypass.
- MS16-120 addresses seven flaws in the Microsoft Graphics Component in Windows (and used by Skype and Office) that would allow remote code execution, elevation of privilege, or information disclosure by opening a web page or document containing a malformed image or font.
- MS16-121 will fix a single remote code execution flaw in Office related to problems with the handling of RTF document files. The flaw has also been patched in Office for Mac, so OS X and macOS users should be on the lookout for an update as well.
- MS16-122 patches a remote code execution flaw in the Windows Video Control that can be exposed with files embedded in a web page or email document.
- MS16-123 is a patch for five CVE-listed vulnerabilities in Windows Kernel Mode Drivers that allow elevation of privilege when the user runs a locally installed application.
- MS16-124 patches four vulnerabilities in Windows that could potentially allow local applications to view registry information.
- MS16-125 is an update to address an elevation of privilege flaw in the Windows Diagnostic Hub related to the handling of insecure library data. That flaw could potentially be targeted via a locally installed application.
- MS16-126 cleans up an information disclosure flaw in the Windows Internet Messaging API for Internet Explorer that Microsoft has also addressed with the above . Both bulletins will need to be installed (not a problem anymore) for the vulnerability to be fully patched.
- MS16-127 patches twelve vulnerabilities in Flash Player for Windows 8.1, Windows 10, and Server 2012.
For those not yet getting their Flash Player fixes directly from Microsoft, Adobe has posted its own fixes for twelve remote code execution flaws in Flash. Adobe has also posted code clean-ups for 71(!) CVE-listed security holes in Acrobat and Reader, as well as a fix for a single elevation of privilege vulnerability in Creative Cloud.
[Note: Article has individual links for each bulletin.]
TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: patchtuesday; windows; windowspinglist; windowsupdate
Navigation: use the links below to view more comments.
first previous 1-20, 21-28 last
To: rockrr
Thanks, I’ll try that today. I’m usually able to easily stay under my data plan limit but downloading several hundred unplanned megs a couple of times a month does create a problem.
21
posted on
10/12/2016 7:31:33 AM PDT
by
Bob
(No, being a US Senator and the Secretary of State are not accomplishments; they're jobs.)
To: rockrr
22
posted on
10/12/2016 9:46:58 AM PDT
by
smokingfrog
( sleep with one eye open (<o> ---)
To: smokingfrog
Unfortunately it only works with WiFi connections (not wired Ethernet) but with so many home users turning to tablets and laptops instead of desktop units it makes a difference for a lot of people. And with my desktop “server” having a WiFi adapter I’m covered ;’}
23
posted on
10/12/2016 10:10:59 AM PDT
by
rockrr
(Everything is different now...)
To: doorgunner69
To: Drago; rockrr
Unforunately, the tethered connection appears to the computer as an Ethernet network rather than a wifi connection. Ethernet connections don’t appear to support the metered option.
25
posted on
10/12/2016 7:29:58 PM PDT
by
Bob
(No, being a US Senator and the Secretary of State are not accomplishments; they're jobs.)
To: Drago; rockrr
Eureka!!
I can set my phone up as a wifi hotspot and connect my computer to the internet through that connection. Since the computer will see the phone as a wifi connection, I should be able to designate it as a metered connection.
Thanks to both of you for your assistance.
26
posted on
10/12/2016 7:33:00 PM PDT
by
Bob
(No, being a US Senator and the Secretary of State are not accomplishments; they're jobs.)
To: dayglored
And patching these 56 vulnerabilities will create how many new ones?
27
posted on
10/12/2016 7:35:09 PM PDT
by
kevao
(Biblical Jesus: Give your money to the poor. Socialist Jesus: Give your neighbor's money to the poor)
To: dayglored
Well, I am ever-so-pleased with MS this morning. I sat at my computer a couple of hours ago to find that the latest MS updates have removed ALL of my bookmarks and cookies. Even the ones in Firefox.
Joy, rapture and great pleasure is being felt here by me, myself and I.
Oh well, 3 years’ worth of finding cool sites down the drain. Humbug.
28
posted on
10/15/2016 11:05:53 AM PDT
by
Don W
( When blacks riot, neighborhoods and cities burn. When whites riot, nations and continents burn.)
Navigation: use the links below to view more comments.
first previous 1-20, 21-28 last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson