Today is July's Microsoft Patch Tuesday and we have a slew of updates being released by Microsoft. Included in this update are 11 security updates with 6 of them being labeled as critical because they allow remote code execution. Remote code execution allows attackers to potentially execute commands on the vulnerable system without the owner's knowledge.

All users should immediately run Windows update and install all of the available updates as soon as possible. For a full list of the updates, vulnerabilities, and links to their respective bulletins, please see the table below.

July Security Updates:

MS16-084 Cumulative Security Update for Internet Explorer (3169991)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-085 Cumulative Security Update for Microsoft Edge (3169999)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.

MS16-086 Cumulative Security Update for JScript and VBScript (3169996)

This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-087 Security Update for Windows Print Spooler Components (3170005)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.

MS16-088 Security Update for Microsoft Office (3170008)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-089 Security Update for Windows Secure Kernel Mode (3170050)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-091 Security Update for .NET Framework (3170048)

This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.

MS16-092 Security Update for Windows Kernel (3171910)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.

MS16-093 Security Update for Adobe Flash Player (3174060)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10.

MS16-094 Security Update for Secure Boot (3177404)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.

July Non-security Updates 

Update for Windows Embedded 8 Standard (KB3156416)

Resolves issues references in the following knowledge base articles:

Dynamic Update for Windows 10 (KB3172983)

This is a compatibility update for upgrading to Windows 10. This update makes improvements to ease the upgrade experience to Windows 10.

Dynamic Update for (KB3172987)

This update makes improvements to ease the upgrade experience to Windows 10 Version 1511.

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3173424)

This update makes improvements for Windows 8.1 and Windows Server 2012 R2 servicing stack. Before you install this update, see the Prerequisitessection.

Update for Windows Embedded 8 Standard and Windows Server 2012 (KB3173426)

This update fixes an issue in the Secure Boot Advanced Installer (securebootai.dll) to prevent it from making a system unbootable when you run the blacklisted boot manager in Windows Server 2012.

Update for Windows 10 (KB3173427)

This update makes stability improvements for the Windows 10 servicing stack. If you're installing a servicing stack update package for the first time, the package for the x86 version is 5.51 megabytes (MB) and the package for the x64 version is 12.3 MB.

Update for Windows 10 (KB3173428)

This update makes stability improvements for the Windows 10 Version 1511 servicing stack. If you're installing a servicing stack update package for the first time, the package for the x86 version is 5.41 MB and the package for the x64 version is 11.9 MB.

Windows Malicious Software Removal Tool - July 2016 (KB890830)/Windows Malicious Software Removal Tool - Internet Explorer Version

After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.

Get updating!

Related Articles:

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws

Windows 11 KB5046617 and KB5046633 cumulative updates released

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws

Windows 11 is adding a 'Share' button to the Start menu and Taskbar

Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes