MS16-014: Description of the security update for Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2: February 9, 2016


This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS16-014.

  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

More Information

Known issue # 1

Customers who are using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash when they start or use this product. To prevent this issue, customers should install the latest updates from Corel or contact Corel for more information and help.

Known issue # 2

After you install this security update, applications may be unable to access Oracle databases if they are using Microsoft ODBC or OLE DB providers. The Microsoft Distributed Transaction Coordinator (MSDTC) may also be unable to access Oracle databases.

Applications that try to make new connections to Oracle database by using the Microsoft ODBC or OLE DB providers fail and return an error that resembles the following:
Oracle client and networking components were not found. These components are supplied by Oracle Corporation and are part of the Oracle Version 7.3.3 or later client software installation.
Microsoft applications, third-party applications, and custom developed applications that have existing connections to Oracle databases by using the Microsoft ODBC or OLE DB providers may fail with different application-specific on-screen errors.
Resolution for known issue # 2
To resolve this issue, install update 3147071 after you install security update 3126587.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3147071 Connection to Oracle database fails when you use Microsoft ODBC or OLE DB Driver for Oracle or Microsoft DTC in Windows
Workaround for known issue # 2
To work around this issue, use either of the following methods:

Note These methods do not work for MSDTC-based applications that are running on Windows 7, Windows Server 2008 R2, or earlier versions of Windows.
  • Workaround #1

    Uninstall, and then reinstall the 32-bit client software of Oracle.
  • Workaround #2

    Change the following PATH environment variable:


    After you do this, restart the affected applications or restart the host computer to make sure that the new PATH settings are used.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.