Microsoft Patch Tuesday Summary for July 2016

Published: 2016-07-12
Last Updated: 2016-07-12 17:17:07 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important.

One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory.

None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities:

CVE-2016-3287 , a vulnerability in Secure Boot.
CVE-2016-3272 , an information disclosure vulnerability in the Windows Kernel.


I don't consider either vulnerability very serious.

As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first.

The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted.

For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here.


Johannes B. Ullrich, Ph.D.

7 comment(s)
Diary Archives