Microsoft Security Bulletin Release for November, 2015

Forum|Forum|10 years ago
November 10, 2015
5 replies
3 views

+52

Petrovic
Gold VIP

Microsoft released twelve (12) bulletins. Four (4) bulletins are identified as Critical and the remaining eight (8) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft, Skype for Business, Microsoft .NET Framework, Microsoft Edge and Internet Explorer.

Details about the CVEs can be found in the below-referenced TechNet Security Bulletin. Watch for the November 2015 "monthly patch review" by Dustin Childs picking up where MSRC has left us hanging. The review can be found on the HPSecurity Research blog.

Critical:

MS15-112 -- Cumulative Security Update for Internet Explorer (3104517)
MS15-113 -- Cumulative Security Update for Microsoft Edge (3104519)
MS15-114 -- Security Update for Windows Journal to Address Remote Code Execution (3100213)
MS15-115 -- Security Update for Microsoft Windows to Address Remote Code Execution (3105864)

Important:

MS15-116 -- Security Update for Microsoft Office to Address Remote Code Execution (3104540)
MS15-117 -- Security Update for NDIS to Address Elevation of Privilege (3101722)
MS15-118 -- Security Update for .NET Framework to Address Elevation of Privilege (3104507)
MS15-119 -- Security Update for Winsock to Address Elevation of Privilege (3104521)
MS15-120 -- Security Update for IPSec to Address Denial of Service (3102939)
MS15-121 -- Security Update for Schannel to Address Spoofing (3081320)
MS15-122 -- Security Update for Kerberos to Address Security Feature Bypass (3105256)
MS15-123 -- Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)

Additional Update Notes

MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. The updated version includes detection for the the following ransomware families: Crowti, Critroni, Teerac and Tescrypt . Details are available in the MMPC Blog Post.
Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.

Source

Baldrick
Gold VIP
Forum|Forum|10 years ago
November 10, 2015

Thanks, Petr!

Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

tMc9072
Popular Voice
Forum|Forum|10 years ago
November 10, 2015

Many thanks Petrov. I sometimes have to go find updates on my own although the default is for Windows to do this automatically. Anyway, new is good!

Where Every Body Reflects One cOmmon Thread

+56

RetiredTripleHelix
Gold VIP
Forum|Forum|10 years ago
November 10, 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 10, 2015
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
* MS15-099 - Critical
* MS15-SEP
Bulletin Information:
=====================
MS15-099 - Critical
- Title: Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (3089664)
- https://technet.microsoft.com/library/security/ms15-099
- Reason for Revision: V5.0: (November 10, 2015): To comprehensively
address CVE-2015-2545, Microsoft re-released security updates for
all affected Microsoft Office software. Microsoft recommends that
customers running affected editions of Microsoft Office software
should install the security updates released with this bulletin
revision to be fully protected from this vulnerability. Customers
running other Microsoft Office software do not need to take any
action. See Microsoft Knowledge Base Article 3089664 for more
information.
- Originally posted: September 8, 2015
- Updated: November 10, 2015
- Bulletin Severity Rating: Critical
- Version: 5.0
MS15-OCT
- Title: Microsoft Security Bulletin Summary for September 2015
- https://technet.microsoft.com/library/security/ms15-sep.aspx
- Reason for Revision: V4.0 (November 10, 2015): For MS15-099, to
comprehensively address CVE-2015-2545, Microsoft re-released
security updates for all affected Microsoft Office software.
Microsoft recommends that customers running affected editions of
Microsoft Office software should install the security updates
released with this bulletin revision to be fully protected from
this vulnerability. Customers running other Microsoft Office
software do not need to take any action. See MS15-099 for
download links and see Microsoft Knowledge Base Article 3089664
for more information.
- Originally posted: September 8, 2015
- Updated: November 10, 2015
- Version: 4.0

Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

Baldrick
Gold VIP
Forum|Forum|10 years ago
November 10, 2015

Cheers, Daniel!

Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

+62

Ssherjj
Moderator
Forum|Forum|10 years ago
November 11, 2015

Thanks Daniel!:D

IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded