MS16-040: Description of the security update for Microsoft XML core services: April 12, 2016

Summary
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-040.
More information
Important
  • All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-040 that corresponds to the version of Windows that you are running.
More information

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
File Information

File hash information

File nameSHA1 hashSHA256 hash
Windows6.1-KB3146963-x86.msuAFE7BE00F5312E8E5865E58DE88363F21E053D1A001FBA3FAAE03803CA991AE20B50C7D1DFC0D1ED9C47E861332A2262D77546D3
Windows6.1-KB3146963-x64.msuBBBDDFC808278542C8B4F101F2B8211B8065C62D4E85DF99C9F747665651A660BDB06DF2A030D3195DAB5C70D29DBFE5A52B1058
Windows6.0-KB3146963-x86.msu7CFC5E3148C0F0E2322BB7F6880CA8AF186185791FC6CCAA6A3CACA1B0C7308FD5B8B4989C3395C9992DD609004B9C45A2FCC03C
Windows8.1-KB3146963-x64.msu112B411388C08DC4424D35D1B64BFA845F6AD1710F36C1EC4DE11D726E20AE5D62A938A522A3BD3B0E87938BFE9034926829E406
Windows6.1-KB3146963-ia64.msu075259B6018B02B5CAF037A27871A29574B4EFD6B1959F58C784E508D6D91436B1C58107A345B802302E233149E67DB0B548EAE2
Windows6.0-KB3146963-ia64.msu6800A4F489569C65FB53DB37E3C2CF8E036BA4BCB57990B06DBC91D0C91B3047F1C1D9A4A8D0F3BA984F693007590C3A0A97439A
Windows8-RT-KB3146963-x64.msu1A9739432AE3DEFC3761D202B08238CA37355941DD3817B87DC326D905B137AC3672F8376405E8571EB264C75E09F2319445BF7C
Windows8.1-KB3146963-x86.msu780DF5C34CE8A740A2A2BD673E59AA0958DA854B531F0823DA450831FC35EFD6EE412CE55E2CD4BCEEDEA60ACCB332B252B4A84D
Windows6.0-KB3146963-x64.msuD667514933C43D13D1A4724F7CB1246B35752A20CB93373056C2ABB2FB42C61EEB192E5C951513B24C99618F67B1144020B7B4E7

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows 7 and Windows Server 2008 R2 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Version Product Milestone Service branch
    6.1.760 1.18xxxWindows 7 or Windows Server 2008 R2 SP1GDR
    6.1.760 1.23 xxxWindows 7 or Windows Server 2008 R2 SP1 LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.110.7601.233731,240,57606-Mar-201618:38x86
Msxml3r.dll8.110.7601.233732,04806-Mar-201618:38x86
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.110.7601.233731,885,69606-Mar-201618:53x64
Msxml3r.dll8.110.7601.233732,04806-Mar-201618:53x64
Msxml3.dll8.110.7601.233731,240,57606-Mar-201618:38x86
Msxml3r.dll8.110.7601.233732,04806-Mar-201618:38x86
For all supported ia64-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.110.7601.233733,157,50406-Mar-201618:00IA-64
Msxml3r.dll8.110.7601.233732,04806-Mar-201618:00IA-64
Msxml3.dll8.110.7601.233731,240,57606-Mar-201618:38x86
Msxml3r.dll8.110.7601.233732,04806-Mar-201618:38x86

Windows Vista and Windows Server 2008 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Version Product Milestone Service branch
    6.0.600 2.19xxxWindows Vista or Windows Server 2008SP2GDR
    6.0.600 2.23xxxWindows Vista or Windows Server 2008SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.100.5013.01,253,37604-Mar-201616:52x86
Msxml3r.dll8.20.8730.12,04827-Aug-201400:55x86
Msxml3.dll8.100.5013.01,253,37605-Mar-201616:30x86
Msxml3r.dll8.20.8730.12,04805-Mar-201616:30x86
For all supported ia64-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.100.5013.03,170,81604-Mar-201616:24IA-64
Msxml3r.dll8.20.8730.12,04827-Aug-201400:23IA-64
Msxml3.dll8.100.5013.03,171,84005-Mar-201615:59IA-64
Msxml3r.dll8.20.8730.12,04805-Mar-201615:59IA-64
Msxml3.dll8.100.5013.01,253,37604-Mar-201616:52x86
Msxml3r.dll8.20.8730.12,04827-Aug-201400:55x86
Msxml3.dll8.100.5013.01,253,37605-Mar-201616:30x86
Msxml3r.dll8.20.8730.12,04805-Mar-201616:30x86
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.100.5013.01,875,96804-Mar-201616:40x64
Msxml3r.dll8.20.8730.12,04827-Aug-201400:41x64
Msxml3.dll8.100.5013.01,875,96805-Mar-201616:38x64
Msxml3r.dll8.20.8730.12,04805-Mar-201616:38x64
Msxml3.dll8.100.5013.01,253,37604-Mar-201616:52x86
Msxml3r.dll8.20.8730.12,04827-Aug-201400:55x86
Msxml3.dll8.100.5013.01,253,37605-Mar-201616:30x86
Msxml3r.dll8.20.8730.12,04805-Mar-201616:30x86

Windows 8.1 and Windows Server 2012 R2 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.3.960 0.17 xxxWindows RT 8.1, Windows 8.1, and Windows Server 2012 R2RTMGDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.110.9600.182582,345,47203-Mar-201616:47x64
Msxml3r.dll8.110.9600.163842,04822-Aug-201311:44x64
Msxml3.dll8.110.9600.182581,556,99203-Mar-201616:33x86
Msxml3r.dll8.110.9600.163842,04822-Aug-201304:16x86
For all supported x86-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.110.9600.182581,556,99203-Mar-201616:33x86
Msxml3r.dll8.110.9600.163842,04822-Aug-201304:16x86

Windows Server 2012 file information

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Version Product Milestone Service branch
    6.2.920 0.17xxxWindows 8, Windows RT, or Windows Server 2012RTMGDR
    6.2.920 0.21xxxWindows 8, Windows RT, or Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x64-based versions
File nameFile versionFile sizeDateTimePlatform
Msxml3.dll8.110.9200.217931,844,22406-Mar-201614:25x64
Msxml3r.dll8.110.9200.205512,04801-Nov-201204:21x64
Msxml3.dll8.110.9200.217941,442,81606-Mar-201614:29x86
Msxml3r.dll8.110.9200.205512,04801-Nov-201204:21x86
malicious attacker exploit
Properties

Article ID: 3146963 - Last Review: 04/12/2016 17:34:00 - Revision: 1.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3146963
Feedback