MS16-048: Description of the security update for CSRSS: April 12, 2016

Summary
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-048.
More information
Important
  • All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues in this security update

  • After installing this security update, some systems that are running third party software may display a 0x00000100 Stop error message after the computer is restarted.

    This problem may occur if the third party software has replaced the winload.exe file. Software that is known to do this includes imaging software from StorageCraft.

    Contact the manufacturer of you software for more information about how to resolve this problem.

    The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-048 that corresponds to the version of Windows that you are running.

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
File Information

File hash information

File nameSHA1 hashSHA256 hash
Windows8.1-KB3146723-x64.msu5AAE2A7642E87B2881D7337EF736EAEE679F907A7419BA7ECB7BCD962ECE7AEF269BEE633F6CBC4F4778D5F23CD3C7F7E8FC270F
Windows8.1-KB3146723-x86.msu5F3689532BF8969D68F21B7B3F82B111F8232F434FD9572130014B0AE6A075AC0DB772CEB350EBD385C867E4AB71642F39EC29EE
Windows8-RT-KB3146723-x64.msu682AE0931C3FA2AFA4E988B8FD08249F15E1D97706D3E3F90C3863E7A970757446DD87CC47C5EF7F08F406F9B49FF5C988158D86
Windows8-RT-KB3146723-x64_New58.msuB629DB9F3EBB85B40A61A1CC5DEA13C11A124B6CDB652213B70BA0D0CC19ADD967BA933465FE76FD0C74D785458CB8172461B6E0

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 8.1 and Windows Server 2012 R2 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.3.960 0.17 xxxWindows RT 8.1, Windows 8.1, and Windows Server 2012 R2RTMGDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatformService branch
Chs_boot.ttfNot applicable3,695,65503-Mar-201619:28Not applicableNot applicable
Msyhn_boot.ttfNot applicable150,72703-Mar-201619:28Not applicableNot applicable
Msyh_boot.ttfNot applicable154,83303-Mar-201619:28Not applicableNot applicable
Cht_boot.ttfNot applicable3,878,34703-Mar-201619:28Not applicableNot applicable
Msjhn_boot.ttfNot applicable161,49103-Mar-201619:28Not applicableNot applicable
Msjh_boot.ttfNot applicable163,49803-Mar-201619:28Not applicableNot applicable
Segmono_boot.ttfNot applicable44,62303-Mar-201619:28Not applicableNot applicable
Segoen_slboot.ttfNot applicable85,69103-Mar-201619:28Not applicableNot applicable
Segoe_slboot.ttfNot applicable86,00703-Mar-201619:28Not applicableNot applicable
Wgl4_boot.ttfNot applicable49,02703-Mar-201619:28Not applicableNot applicable
Jpn_boot.ttfNot applicable1,985,80303-Mar-201619:28Not applicableNot applicable
Meiryon_boot.ttfNot applicable141,49103-Mar-201619:28Not applicableNot applicable
Meiryo_boot.ttfNot applicable143,10803-Mar-201619:28Not applicableNot applicable
Kor_boot.ttfNot applicable2,372,93503-Mar-201619:28Not applicableNot applicable
Malgunn_boot.ttfNot applicable174,36703-Mar-201619:28Not applicableNot applicable
Malgun_boot.ttfNot applicable176,81203-Mar-201619:28Not applicableNot applicable
Winload.efi6.3.9600.182581,663,19203-Mar-201619:27Not applicableNot applicable
Winload.exe6.3.9600.182581,523,21603-Mar-201619:27x64Not applicable
Winresume.efi6.3.9600.182581,490,12803-Mar-201619:27Not applicableNot applicable
Winresume.exe6.3.9600.182581,358,96003-Mar-201619:27x64Not applicable
Basesrv.dll6.3.9600.1825859,39203-Mar-201616:13x64Not applicable
Csrsrv.dll6.3.9600.1793359,39213-Jul-201519:46x64Not applicable
Ntdll.dll6.3.9600.182581,737,08803-Mar-201619:27x64Not applicable
Ntoskrnl.exe6.3.9600.182587,452,51203-Mar-201619:28x64Not applicable
Microsoft-windows-system-events.dll6.3.9600.18258246,78403-Mar-201618:29x64Not applicable
Krnlprov.dll6.3.9600.1825846,59203-Mar-201618:06x64Not applicable
Krnlprov.mofNot applicable14,84022-Aug-201306:51Not applicableNot applicable
Ntvdm64.dll6.3.9600.1814616,89621-Nov-201518:32x64AMD64_MICROSOFT-WINDOWS-WOW
Wow64.dll6.3.9600.17734285,18420-Mar-201504:10x64AMD64_MICROSOFT-WINDOWS-WOW
Wow64cpu.dll6.3.9600.1773413,31220-Mar-201504:10x64AMD64_MICROSOFT-WINDOWS-WOW
Ntdll.dll6.3.9600.182581,501,49603-Mar-201618:38x86Not applicable
Acwow64.dll6.3.9600.1773437,37620-Mar-201503:06x86WOW64_MICROSOFT-WINDOWS-WOW
Instnm.exe6.3.9600.174758,70429-Oct-201401:13x86WOW64_MICROSOFT-WINDOWS-WOW
Ntvdm64.dll6.3.9600.1814614,33621-Nov-201517:50x86WOW64_MICROSOFT-WINDOWS-WOW
Setup16.exe3.1.0.191825,60029-Oct-201401:13x86WOW64_MICROSOFT-WINDOWS-WOW
User.exe6.3.9600.174754,09629-Oct-201401:14x86WOW64_MICROSOFT-WINDOWS-WOW
Wow32.dll6.3.9600.174755,63229-Oct-201401:15x86WOW64_MICROSOFT-WINDOWS-WOW
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Chs_boot.ttfNot applicable3,695,65803-Mar-201618:43Not applicable
Msyhn_boot.ttfNot applicable150,73003-Mar-201618:43Not applicable
Msyh_boot.ttfNot applicable154,83103-Mar-201618:43Not applicable
Cht_boot.ttfNot applicable3,878,35003-Mar-201618:43Not applicable
Msjhn_boot.ttfNot applicable161,49503-Mar-201618:43Not applicable
Msjh_boot.ttfNot applicable163,49903-Mar-201618:43Not applicable
Segmono_boot.ttfNot applicable44,62303-Mar-201618:43Not applicable
Segoen_slboot.ttfNot applicable85,68803-Mar-201618:43Not applicable
Segoe_slboot.ttfNot applicable86,00703-Mar-201618:43Not applicable
Wgl4_boot.ttfNot applicable49,02403-Mar-201618:39Not applicable
Jpn_boot.ttfNot applicable1,985,80303-Mar-201618:43Not applicable
Meiryon_boot.ttfNot applicable141,49103-Mar-201618:43Not applicable
Meiryo_boot.ttfNot applicable143,11103-Mar-201618:43Not applicable
Kor_boot.ttfNot applicable2,372,93503-Mar-201618:43Not applicable
Malgunn_boot.ttfNot applicable174,36703-Mar-201618:43Not applicable
Malgun_boot.ttfNot applicable176,81503-Mar-201618:43Not applicable
Winload.efi6.3.9600.182581,396,69603-Mar-201618:38Not applicable
Winload.exe6.3.9600.182581,285,60803-Mar-201618:38x86
Winresume.efi6.3.9600.182581,272,19203-Mar-201618:38Not applicable
Winresume.exe6.3.9600.182581,172,00003-Mar-201618:38x86
Basesrv.dll6.3.9600.1825850,68803-Mar-201616:11x86
Csrsrv.dll6.3.9600.1793348,64013-Jul-201519:27x86
Ntdll.dll6.3.9600.182581,471,55203-Mar-201618:38x86
Ntoskrnl.exe6.3.9600.182585,764,44803-Mar-201618:43Not applicable
Microsoft-windows-system-events.dll6.3.9600.18258246,78403-Mar-201617:49x86
Krnlprov.dll6.3.9600.1825838,91203-Mar-201617:30x86
Krnlprov.mofNot applicable14,84021-Aug-201323:46Not applicable

Windows Server 2012 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Version Product Milestone Service branch
    6.2.920 0.17xxxWindows 8, Windows RT, or Windows Server 2012RTMGDR
    6.2.920 0.21xxxWindows 8, Windows RT, or Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Basesrv.dll6.2.9200.2179354,27203-Mar-201621:48x64
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Advapi32.dll6.2.9200.21820895,48829-Mar-201621:47x64NoneNot applicable
Winload.efi6.2.9200.216381,405,40822-Sep-201521:46Not applicableNoneNot applicable
Winload.exe6.2.9200.216381,273,18422-Sep-201521:46x64NoneNot applicable
Winresume.efi6.2.9200.207261,217,35225-May-201300:17Not applicableNoneNot applicable
Winresume.exe6.2.9200.207261,093,90425-May-201300:17x64NoneNot applicable
Basesrv.dll6.2.9200.2182054,27229-Mar-201621:47x64NoneNot applicable
Csrsrv.dll6.2.9200.2154848,12811-Jul-201518:07x64NoneNot applicable
Ksecdd.sys6.2.9200.21473100,18402-May-201506:23x64NoneNot applicable
Lsass.exe6.2.9200.2052135,84020-Sep-201206:33x64NoneNot applicable
Sspicli.dll6.2.9200.21703164,35217-Nov-201508:00x64NoneNot applicable
Sspisrv.dll6.2.9200.2052127,64820-Sep-201206:32x64NoneNot applicable
Cng.sys6.2.9200.21637566,07222-Sep-201513:43x64NoneNot applicable
Ksecpkg.sys6.2.9200.21703171,35217-Nov-201509:52x64NoneNot applicable
Lsasrv.dll6.2.9200.218201,280,00029-Mar-201621:48x64NoneNot applicable
Adtschema.dll6.2.9200.21289719,36010-Nov-201404:43x64NoneNot applicable
Msaudite.dll6.2.9200.21269146,94411-Oct-201405:38x64NoneNot applicable
Msobjs.dll6.2.9200.1638461,95226-Jul-201202:36x64NoneNot applicable
Ntdll.dll6.2.9200.218201,821,70430-Mar-201601:32x64NoneNot applicable
Ocspsvcctrs.iniNot applicable2,96026-Jul-201205:07Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,13426-Jul-201208:00Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91826-Jul-201204:43Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,21026-Jul-201207:59Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09826-Jul-201208:00Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02826-Jul-201207:59Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,14026-Jul-201205:21Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,64226-Jul-201208:11Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,57626-Jul-201205:20Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02626-Jul-201207:36Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,02826-Jul-201207:48Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,18826-Jul-201205:30Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,12626-Jul-201205:08Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,06426-Jul-201207:49Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable3,09226-Jul-201207:52Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,82826-Jul-201205:12Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46426-Jul-201208:05Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,48026-Jul-201205:13Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,46026-Jul-201208:11Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvc.exe6.2.9200.21345272,38415-Jan-201505:27x64SPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.hNot applicable1,56902-Jun-201214:34Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ocspsvcctrs.iniNot applicable2,91802-Jun-201214:34Not applicableSPSAMD64_MICROSOFT-WINDOWS-OCSP
Ntoskrnl.exe6.2.9200.218216,938,46430-Mar-201601:34x64NoneNot applicable
Credssp.dll6.2.9200.2170320,48017-Nov-201507:59x64SP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.2.9200.2170394,72017-Nov-201508:01x64SP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96402-Jun-201214:33Not applicableSP_AMD64_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Wdigest.dll6.2.9200.21703208,89617-Nov-201508:01x64NoneNot applicable
Kerberos.dll6.2.9200.21820830,46429-Mar-201621:48x64NoneNot applicable
Msv1_0.dll6.2.9200.21820317,95229-Mar-201621:48x64NoneNot applicable
Shcore.dll6.2.9200.21703590,84817-Nov-201508:00x64NoneNot applicable
Mrxsmb10.sys6.2.9200.21529281,60025-Jun-201518:52x64NoneNot applicable
Mrxsmb20.sys6.2.9200.21548205,31211-Jul-201517:07x64NoneNot applicable
Mrxsmb.sys6.2.9200.21342396,80006-Jan-201523:17x64NoneNot applicable
Lsm.dll6.2.9200.21703439,80817-Nov-201508:00x64NoneNot applicable
Workerdd.dll6.2.9200.2101214,84812-Apr-201406:58x64NoneNot applicable
Usercpl.dll6.2.9200.217031,043,96817-Nov-201508:01x64NoneNot applicable
Usercpl.ptxmlNot applicable78911-Oct-201200:40Not applicableNoneNot applicable
Winlogon.exe6.2.9200.21703578,04817-Nov-201508:01x64NoneNot applicable
Sspicli.dll6.2.9200.2098499,84010-Mar-201401:34x86NoneNot applicable
Ntdll.dll6.2.9200.218211,413,12030-Mar-201600:14x86NoneNot applicable
Wdigest.dll6.2.9200.21703176,64017-Nov-201508:09x86NoneNot applicable
Kerberos.dll6.2.9200.21821666,62429-Mar-201623:58x86NoneNot applicable
Msv1_0.dll6.2.9200.21821274,94429-Mar-201623:58x86NoneNot applicable
Advapi32.dll6.2.9200.21821704,00029-Mar-201623:57x86NoneNot applicable
Adtschema.dll6.2.9200.21289719,36010-Nov-201403:40x86NoneNot applicable
Msaudite.dll6.2.9200.21269146,94411-Oct-201404:35x86NoneNot applicable
Msobjs.dll6.2.9200.1638461,95226-Jul-201202:47x86NoneNot applicable
Credssp.dll6.2.9200.2170317,40817-Nov-201508:08x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.dll6.2.9200.2170376,80017-Nov-201508:09x86SP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Tspkg.mofNot applicable96402-Jun-201214:33Not applicableSP_X86_MICROSOFT-WINDOWS-SECURITY-CREDSSP
Shcore.dll6.2.9200.21703460,80017-Nov-201508:09x86NoneNot applicable
Usercpl.dll6.2.9200.21703961,53617-Nov-201508:09x86NoneNot applicable
Usercpl.ptxmlNot applicable78911-Oct-201200:42Not applicableNoneNot applicable
malicious attacker exploit
Properties

Article ID: 3146723 - Last Review: 04/26/2016 20:58:00 - Revision: 2.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3146723
Feedback