Another Patch Tuesday, another big crop of bulletins: 13 Security Bulletins, plus one for Flash, and many dozens of patches for all versions of Windows and all versions of Office.
The SANS Internet Storm Center notes that the most pressing problem is confined to Internet Explorer (MS16-142) and Edge (MS16-129), with yet another security hole that can be exploited by a jiggered font (MS16-132), and yet another Kernel Mode Driver hole (MS16-135). It looks like the Google-leaked zero-day has been plugged.
Of course, I recommend that you wait for a while to see if there are any loud screams of patching agony this month. If you followed my advice in late October, you have Windows 7 or 8.1 Update set to “Never check for updates (not recommended),” and you can control your own patching destiny. If you followed my Win10Tip from last week, you have Windows 10 waiting for the OK to install any new patches.
When the time comes, and the patches look like they’re ready for your consideration, you’ll have some choices.
Windows 7 users will have to choose between KB 3197867 — the Security-only update, which can be downloaded from the Microsoft Update Catalog — and KB 3197868, the Monthly rollup, available from Windows Update, which incorporates all of the changes in last month’s rollup, KB 3185330.
Windows 8.1 users will have to choose between KB 3197873 — the Security-only update, from the Microsoft Catalog — and KB 3197874, the Monthly rollup, which presumably includes the patches from last month’s Monthly rollup, KB 3185331.
I see no information about telemetry enhancements or other new “features,” other than those included last month, but many of the KB pages haven’t been posted as yet. It’s safe to guess that KB 3197868 includes the changes mentioned in KB 3192403 (possibly modified) and that KB 3197874 includes the changes mentioned in KB 3192404.
Windows 10 Anniversary Update (version 1607) users get KB 3200970 to update 1607 to build 14393.447. There are dozens of security and non-security bug fixes.
Windows 10 Fall Update (version 1511) advances to build 10586.679 thanks to KB 3198586. It, too, has many dozens of bug fixes and security patches.
And the original Win10 goes to build 10240.17190, thanks to KB 3198585.
All in all, the patches are surprisingly clean, at least at this point. I haven’t heard of any extraneous servicing stack updates, or even .Net updates, to muddy the waters — and Microsoft is continuing with its policy of rolling IE patches into the main monthly patches — a very helpful development.
Let’s wait and see if there are any big problems this month.