MS16-077: Description of the security update for WPAD: June 14, 2016

Summary

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system. 

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-077.

More Information

Important

  • All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Behavior changes after installation

After you install this security update, the following changes are applied:

  • NETBIOS communication outside of the local subnet is hardened. Therefore, by default, some features that depend on NETBIOS (such as SMB over NETBIOS) will not work outside the local subnet. To change this new default behavior, create the following registry entry:

    SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    Value Name: AllowNBToInternet
    Type: Dword
    Value: 1
    Default value of the flag: 0

  • By default, WPAD resolution for auto proxy detection will not use NETBIOS. Therefore, if proxy detection depends on NETBIOS alone for WPAD resolution, it may fail. We recommend that you use the DHCP option or DNS for WPAD resolution instead of NETBIOS. To change this new default behavior, create the following registry entry.

    Note This registry entry only applies for Windows 8.1 and earlier versions of Windows.

    SUBKEY: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
    Value Name: AllowOnlyDNSQueryForWPAD
    Type: DWORD
    Value: 0
    Default value of the flag: 1

  • The default behavior of PAC file download is changed so that the client's domain credentials are not automatically sent in response to an NTLM or Negotiate Authentication challenge when WinHTTP requests the PAC file. This occurs regardless of the value of the fAutoLogonIfChallenged flag that is specified in WINHTTP_AUTOPROXY_OPTIONS. To change this new default behavior, create the following registry entry:

    Note This registry entry only applies for Windows 8.1 and earlier versions of Windows.

    SUBKEY: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
    Value Name: AutoProxyAutoLogonIfChallenged
    Type: DWORD
    Value: 1
    Default value of the flag: 0

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-077 that corresponds to the version of Windows that you are running.

More Information

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

File Information

File name

SHA1 hash

SHA256 hash

Windows8.1-KB3161949-x86.msu

A15B1E6C4E2D8C061C13AD6697340030D11300F9

684F04EC92FDB71A0587910F5223F29B1B1126E69B049EA4E6C1AB3E32BCD103

Windows8.1-KB3161949-x64.msu

303F894A71FAD84F147E1EE715F8C60DDFC752D7

39F78CC8472AA4ACB6AF6BD18CC13BDEFB9728ED71FCEE2001E063683FED2B50

Windows8-RT-KB3161949-x64.msu

FD0D730F70653946886E358E9896364816937500

86967AF0963599C4E49835B35EF3A8A6BFA39FCBCB3C6DA378D02E70F34A023C

Windows6.0-KB3161949-x64.msu

E60F107F4F893C19885931B3C6121FDDF1150E52

D2F0E848E7D45C428324DD6833CE1F6B9E36F4EC0C27FA33993B482C20A870E0

Windows6.0-KB3161949-x86.msu

45C230D3302716D81E413BD233F953BD6F6F1F09

B45C8FB5F7E96CE551E752F67E45AAB6657B9E204C603F23AA7284BB39FA3E8D

Windows6.1-KB3161949-x86.msu

0055D0D1E103D374E042F31EBDD26931853B882B

F968AB471633DB7EBAF2619902CBB6246D14B14AF6E29CCA6C2981EB898DE0B7

Windows6.1-KB3161949-ia64.msu

9136B0FC403D6CDCD8CF94B061953CC11723CADB

7A2FFB83D4CE22325768FF94C71A9FFE839C653D1B8EA2C3BA73DDF89B2555C8

Windows6.1-KB3161949-x64.msu

E2372FB5746E9474CEC6EF1710F8D58EC5C6C000

7CFC5DCDDD7A72E1CB143E41A98D5EAF23CE554104F05311EFD8B317BCE8E847

Windows6.0-KB3161949-ia64.msu

2F913DA164CBAD6FD4331A9D06BA3F457EC6887F

540668B9660A8CD03240B7DCF84A9DFAEBCCBE3C4661340389FB0A049F317825


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Be aware that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.

Windows 8.1 and Windows Server 2012 R2 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.3.960 0.16 xxx

    Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

    RTM

    GDR

    6.3.960 0.17 xxx

    Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

    RTM

    GDR

    6.3.960 0.18 xxx

    Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

    RTM

    GDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.3.9600.18340

213,504

13-May-2016

22:22

x86

None

Not applicable

Mswsock.dll

6.3.9600.18340

286,208

13-May-2016

21:35

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.3.9600.18340

320,720

14-May-2016

20:01

x86

None

Not applicable

Winhttp.dll

6.3.9600.18340

631,808

13-May-2016

21:26

x86

None

Not applicable

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.3.9600.18340

281,088

13-May-2016

23:07

x64

None

Not applicable

Mswsock.dll

6.3.9600.18340

339,456

13-May-2016

21:58

x64

SP_

AMD64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.3.9600.18340

363,104

14-May-2016

20:01

x64

None

Not applicable

Winhttp.dll

6.3.9600.18340

802,816

13-May-2016

21:45

x64

None

Not applicable

Winhttp.dll

6.3.9600.18340

631,808

13-May-2016

21:26

x86

None

Not applicable

Mswsock.dll

6.3.9600.18340

286,208

13-May-2016

21:35

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.3.9600.18340

320,720

14-May-2016

20:01

x86

None

Not applicable

Windows Server 2012 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.17xxx

    Windows 8, Windows RT, or Windows Server 2012

    RTM

    GDR

    6.2.920 0.21xxx

    Windows 8, Windows RT, or Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.2.9200.21859

318,976

09-May-2016

13:19

x64

None

Not applicable

Mswsock.dll

6.2.9200.21858

355,328

09-May-2016

15:41

x64

SP_

AMD64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.2.9200.21858

343,552

09-May-2016

15:41

x64

None

Not applicable

Winhttp.dll

6.2.9200.21858

711,680

09-May-2016

15:41

x64

None

Not applicable

Winhttp.dll

6.2.9200.21797

516,096

08-Mar-2016

16:04

x86

None

Not applicable

Mswsock.dll

6.2.9200.21858

288,768

09-May-2016

16:38

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.2.9200.21858

307,712

09-May-2016

16:39

x86

None

Not applicable

Windows Vista and Windows Server 2008 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.0.600 2.19xxx

    Windows Vista or Windows Server 2008

    SP2

    GDR

    6.0.600 2.23xxx

    Windows Vista or Windows Server 2008

    SP2

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.0.6002.19655

248,320

10-May-2016

14:55

x64

None

Not applicable

Netbtugc.exe

6.0.6002.19655

24,064

10-May-2016

14:55

x64

None

Not applicable

Netbt.sys

6.0.6002.23970

248,320

10-May-2016

14:53

x64

None

Not applicable

Netbtugc.exe

6.0.6002.23970

24,064

10-May-2016

14:53

x64

None

Not applicable

Mswsock.dll

6.0.6002.19655

304,128

10-May-2016

15:54

x64

SP_

AMD64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Mswsock.dll

6.0.6002.23970

303,616

10-May-2016

15:34

x64

SP_

AMD64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.0.6002.19655

264,704

10-May-2016

15:55

x64

None

Not applicable

Ws2_32.dll

6.0.6002.23970

264,704

10-May-2016

15:35

x64

None

Not applicable

Winhttp.dll

6.0.6002.19655

442,880

10-May-2016

15:54

x64

None

Not applicable

Winhttp.dll

6.0.6002.23970

442,880

10-May-2016

15:35

x64

None

Not applicable

Netbtugc.exe

6.0.6002.19655

21,504

10-May-2016

14:28

x86

None

Not applicable

Netbtugc.exe

6.0.6002.23970

21,504

10-May-2016

14:28

x86

None

Not applicable

Winhttp.dll

6.0.6002.19655

377,344

10-May-2016

15:31

x86

None

Not applicable

Winhttp.dll

6.0.6002.23970

377,344

10-May-2016

15:14

x86

None

Not applicable

Mswsock.dll

6.0.6002.19655

223,232

10-May-2016

15:31

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Mswsock.dll

6.0.6002.23970

223,232

10-May-2016

15:14

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.0.6002.19655

179,200

10-May-2016

15:31

x86

None

Not applicable

Ws2_32.dll

6.0.6002.23970

179,200

10-May-2016

15:14

x86

None

Not applicable

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.0.6002.19655

185,856

10-May-2016

14:28

x86

None

Not applicable

Netbtugc.exe

6.0.6002.19655

21,504

10-May-2016

14:28

x86

None

Not applicable

Netbt.sys

6.0.6002.23970

186,368

10-May-2016

14:28

x86

None

Not applicable

Netbtugc.exe

6.0.6002.23970

21,504

10-May-2016

14:28

x86

None

Not applicable

Mswsock.dll

6.0.6002.19655

223,232

10-May-2016

15:31

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Mswsock.dll

6.0.6002.23970

223,232

10-May-2016

15:14

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.0.6002.19655

179,200

10-May-2016

15:31

x86

None

Not applicable

Ws2_32.dll

6.0.6002.23970

179,200

10-May-2016

15:14

x86

None

Not applicable

Winhttp.dll

6.0.6002.19655

377,344

10-May-2016

15:31

x86

None

Not applicable

Winhttp.dll

6.0.6002.23970

377,344

10-May-2016

15:14

x86

None

Not applicable

For all supported ia64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.0.6002.19655

632,832

10-May-2016

14:37

IA-64

None

Not applicable

Netbtugc.exe

6.0.6002.19655

52,224

10-May-2016

14:36

IA-64

None

Not applicable

Netbt.sys

6.0.6002.23970

632,832

10-May-2016

14:38

IA-64

None

Not applicable

Netbtugc.exe

6.0.6002.23970

52,224

10-May-2016

14:37

IA-64

None

Not applicable

Mswsock.dll

6.0.6002.19655

709,632

10-May-2016

15:23

IA-64

SP_

IA64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Mswsock.dll

6.0.6002.23970

709,120

10-May-2016

15:12

IA-64

SP_

IA64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.0.6002.19655

519,168

10-May-2016

15:23

IA-64

None

Not applicable

Ws2_32.dll

6.0.6002.23970

519,168

10-May-2016

15:13

IA-64

None

Not applicable

Winhttp.dll

6.0.6002.19655

962,048

10-May-2016

15:23

IA-64

None

Not applicable

Winhttp.dll

6.0.6002.23970

962,048

10-May-2016

15:13

IA-64

None

Not applicable

Netbtugc.exe

6.0.6002.19655

21,504

10-May-2016

14:28

x86

None

Not applicable

Netbtugc.exe

6.0.6002.23970

21,504

10-May-2016

14:28

x86

None

Not applicable

Winhttp.dll

6.0.6002.19655

377,344

10-May-2016

15:31

x86

None

Not applicable

Winhttp.dll

6.0.6002.23970

377,344

10-May-2016

15:14

x86

None

Not applicable

Mswsock.dll

6.0.6002.19655

223,232

10-May-2016

15:31

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Mswsock.dll

6.0.6002.23970

223,232

10-May-2016

15:14

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.0.6002.19655

179,200

10-May-2016

15:31

x86

None

Not applicable

Ws2_32.dll

6.0.6002.23970

179,200

10-May-2016

15:14

x86

None

Not applicable

Windows 7 and Windows Server 2008 R2 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.760 1.18xxx

    Windows 7 or Windows Server 2008 R2

    SP1

    GDR

    6.1.760 1.23 xxx

    Windows 7 or Windows Server 2008 R2

    SP1

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.1.7601.23451

188,928

11-May-2016

14:52

x86

None

Not applicable

Netbtugc.exe

6.1.7601.23451

26,624

11-May-2016

15:01

x86

None

Not applicable

Mswsock.dll

6.1.7601.23451

231,424

11-May-2016

15:19

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.1.7601.23451

206,336

11-May-2016

15:19

x86

None

Not applicable

Winhttp.dll

6.1.7601.23451

351,744

11-May-2016

15:19

x86

None

Not applicable

For all supported ia64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.1.7601.23451

616,960

11-May-2016

14:44

IA-64

None

Not applicable

Netbtugc.exe

6.1.7601.23451

53,760

11-May-2016

14:58

IA-64

None

Not applicable

Mswsock.dll

6.1.7601.23451

750,592

11-May-2016

15:13

IA-64

SP_

IA64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.1.7601.23451

546,304

11-May-2016

15:13

IA-64

None

Not applicable

Winhttp.dll

6.1.7601.23451

812,032

11-May-2016

15:13

IA-64

None

Not applicable

Netbtugc.exe

6.1.7601.23451

26,624

11-May-2016

15:01

x86

None

Not applicable

Winhttp.dll

6.1.7601.23451

351,744

11-May-2016

15:19

x86

None

Not applicable

Mswsock.dll

6.1.7601.23451

231,424

11-May-2016

15:19

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.1.7601.23451

206,336

11-May-2016

15:19

x86

None

Not applicable

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

SP requirement

Service branch

Netbt.sys

6.1.7601.23451

262,144

11-May-2016

14:58

x64

None

Not applicable

Netbtugc.exe

6.1.7601.23451

25,088

11-May-2016

15:11

x64

None

Not applicable

Mswsock.dll

6.1.7601.23451

327,168

11-May-2016

17:02

x64

SP_

AMD64_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.1.7601.23451

296,448

11-May-2016

17:02

x64

None

Not applicable

Winhttp.dll

6.1.7601.23451

444,928

11-May-2016

17:02

x64

None

Not applicable

Netbtugc.exe

6.1.7601.23451

26,624

11-May-2016

15:01

x86

None

Not applicable

Winhttp.dll

6.1.7601.23451

351,744

11-May-2016

15:19

x86

None

Not applicable

Mswsock.dll

6.1.7601.23451

231,424

11-May-2016

15:19

x86

SP_

X86_MICROSOFT-WINDOWS-W..-INFRASTRUCTURE-BSP

Ws2_32.dll

6.1.7601.23451

206,336

11-May-2016

15:19

x86

None

Not applicable


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×