MS16-097: Security update for Microsoft Graphics Component: August 9, 2016

Summary
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. 

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-097.
More information
Important
  • All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Additional information about this security update
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3178034 MS16-097: Description of the security update for Microsoft Graphics Component: August 9, 2016
  • 3176492 Cumulative update for Windows 10: August 9, 2016
  • 3176493 Cumulative update for Windows 10 Version 1511: August 9, 2016
  • 3176495 Cumulative Update for Windows 10 Version 1607: August 9, 2016
  • 3115109 MS16-097: Description of the security update for 2007 Microsoft Office Suite: August 9, 2016
  • 3115131 MS16-097: Description of the security update for Office 2010: August 9, 2016
  • 3115481 MS16-097: Description of the security update for Word Viewer: August 9, 2016
  • 3115408 MS16-097: Description of the security update for Skype for Business 2016: August 9, 2016
  • 3115431 MS16-097: Description of the security update for Lync 2013 (Skype for Business): August 9, 2016
  • 3174301 MS16-097: Description of the security update for Lync 2010: August 9, 2016
  • 3174302 MS16-097: Description of the security update for Lync 2010 Attendee (user level install): August 9, 2016
  • 3174304 MS16-097: Description of the security update for Lync 2010 Attendee (admin level install): August 9, 2016
  • 3174305 MS16-097: Description of the security update for Live Meeting Console: August 9, 2016
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-097 that corresponds to the version of Windows that you are running.
More information

Security update deployment information

 

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Vista:
Windows6.0-KB3178034-x86.msu
For all supported x64-based editions of Windows Vista:
Windows6.0-KB3178034-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Update log fileNot applicable
Restart requirementYou must restart the system after you apply this security update.
Removal informationWUSA.exe does not support uninstalling updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3178034
Registry key verificationThere is no registry key to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3178034-x86.msu
For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3178034-x64.msu
For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3178034-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Update log fileNot applicable
Restart requirementYou must restart the system after you apply this security update.
Removal informationWUSA.exe does not support uninstalling updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3178034
Registry key verificationThere is no registry key to validate the presence of this update.

Windows 7 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 7:
Windows6.1-KB3178034-x86.msu
For all supported x64-based editions of Windows 7:
Windows6.1-KB3178034-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Update log fileNot applicable
Restart requirementYou must restart the system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3178034
Registry key verificationThere is no registry key to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3178034-x64.msu
For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3178034-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Update log fileNot applicable
Restart requirementYou must restart the system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3178034
Registry key verificationThere is no registry key to validate the presence of this update.

Windows 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3178034-x86.msu
For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3178034-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYou must restart the system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then click Windows Update. Under See also, click Installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3178034
Registry key verificationRegistry keys do not exist to validate the presence of these updates.

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Windows Server 2012:
Windows8-RT-KB3178034-x64.msu
For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3178034-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYou must restart the system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then click Windows Update. Under See also, click Installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3178034
Registry key verificationRegistry keys do not exist to validate the presence of these updates.

Windows RT 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
DeploymentThe 3178034 update is available via Windows Update only.
Restart RequirementYou must restart the system after you apply this security update.
Removal InformationClick Control Panel, click System and Security, and then click Windows Update. Under See also, click Installed updates, and then select from the list of updates.
File InformationSee Microsoft Knowledge Base Article 3178034

Windows 10 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 10:
Windows10.0-KB3176492-x86.msu
For all supported x64-based editions of Windows 10:
Windows10.0-KB3176492-x64.msu
For all supported 32-bit editions of Windows 10 Version 1511:
Windows10.0-KB3176493-x86.msu
For all supported x64-based editions of Windows 10 Version 1511:
Windows10.0-KB3176493-x64.msu
For all supported 32-bit editions of Windows 10 Version 1607:
Windows10.0-KB3176495-x86.msu
For all supported x64-based editions of Windows 10 Version 1607:
Windows10.0-KB3176495-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYou must restart the system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3176492
See Microsoft Knowledge Base Article 3176493
See Microsoft Knowledge Base Article 3176495
Registry key verificationRegistry keys do not exist to validate the presence of these updates.

Microsoft Word Viewer (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Word Viewer:
office2003-kb3115481-fullfile-enu.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3115481
Registry key verificationNot applicable

Microsoft Office 2007 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Microsoft Office 2007:
ogl2007-kb3115109-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3115109
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Microsoft Office 2010 (32-bit editions):
ogl2010-kb3115131-fullfile-x86-glb.exe
For all supported editions of Microsoft Office 2010 (64-bit editions):
ogl2010-kb3115131-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3115131
Registry key verificationNot applicable

Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), and Microsoft Lync Basic 2013 (Skype for Business Basic)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Live Meeting 2007 Console (3174305):
LMSetup.exe
For Microsoft Lync 2010 (32-bit) (3174301):
lync.msp
For Microsoft Lync 2010 (64-bit) (3174301):
lync.msp
For Microsoft Lync 2010 Attendee (user level install) (3174302):
AttendeeUser.msp
For Microsoft Lync 2010 Attendee (admin level install) (3174304):
AttendeeAdmin.msp
For all supported editions of Microsoft Lync 2013 (Skype for Business) (32-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (32-bit):
lync2013-kb3115431-fullfile-x86-glb.exe
For all supported editions of Microsoft Lync 2013 (Skype for Business) (64-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (64-bit):
lync2013-kb3115431-fullfile-x64-glb.exe
For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:
lync2016-kb3115408-fullfile-x86-glb.exe
For all supported 64-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:
lync2016-kb3115408-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal InformationUse Add or Remove Programs item in Control Panel.
File InformationFor Microsoft Live Meeting 2007 Console:
See Microsoft Knowledge Base Article 3174305
For all supported editions of Microsoft Lync 2010:
See Microsoft Knowledge Base Article 3174301
For Microsoft Lync 2010 Attendee (user level install):
See Microsoft Knowledge Base Article 3174302
For Microsoft Lync 2010 Attendee (admin level install):
See Microsoft Knowledge Base Article 3174304
For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):
See Microsoft Knowledge Base Article 3115431
For Skype for Business 2016 and Skype for Business Basic 2016:
See Microsoft Knowledge Base Article 3115408
Registry Key VerificationFor Microsoft Live Meeting 2007 Console:
Not applicable
For Microsoft Lync 2010 (32-bit):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4498
For Microsoft Lync 2010 (64-bit):
HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4498
For Microsoft Lync 2010 Attendee (user level install):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4498
For Microsoft Lync 2010 Attendee (admin level install):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577.4498
For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):
Not applicable
For Skype for Business 2016 and Skype for Business Basic 2016:
Not applicable

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
malicious attacker exploit
Properties

Article ID: 3177393 - Last Review: 08/09/2016 17:46:00 - Revision: 1.0

Windows 10, Windows 10 Version 1511, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2, 2007 Microsoft Office Suite Service Pack 3, Microsoft Office 2010 Service Pack 2, Word Viewer, Skype for Business 2016, Microsoft Lync 2013, Skype for Business, Microsoft Lync 2010 Attendee, Microsoft Office Live Meeting 2007

  • atdownload kbbug kbnofix kbexpertiseinter kblist kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB3177393
Feedback