Friday, February 17, 2017

Microsoft Security Bulletin Release for December 2015

Microsoft Security Bulletin Release for December 2015



Microsoft released twelve (12) bulletins.  Eight (8) bulletins are identified as Critical and the remaining four (4) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync Silverlight and Microsoft Silverlight.

Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.  If you are prioritizing updates, the most critical is MS15-0131.

Also released today is Microsoft Security Advisory 3123040 which revokes a certificate for *.xboxlive.com where private keys were disclosed.

Critical:
  • MS15-124 Cumulative Security Update for Internet Explorer (3116180
  • MS15-125 Cumulative Security Update for Microsoft Edge (3116184) 
  • MS15-126 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178) 
  • MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
  • MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
  • MS15-129 Security Update for Silverlight to Address Remote Code Execution (3106614)
  • MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
  • MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111)

Important:
  • MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162) 
  • MS15-133 Security Update for Windows PGM to Address Elevation of Privilege (3116130
  • MS15-134 Security Update for Windows Media Center to Address Remote Code Execution (3108669)
  • MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)

Additional Update Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. The updated version includes detection for the Blakamba, Brambul, Diplugem, Drixed, Escad, Joanap and Tescrypt.
  • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.

References

  • MSRC
  • TechNet: Microsoft Security Bulletin for December 2015 

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...







    Available link for download