Tuesday, March 7, 2017

Microsoft Security Bulletin Release for November 2015

Microsoft Security Bulletin Release for November 2015



Microsoft released twelve (12) bulletins.  Four (4) bulletins are identified as Critical and the remaining eight (8) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft, Skype for Business, Microsoft .NET Framework, Microsoft Edge and Internet Explorer.

Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.  Watch for the November 2015 "monthly patch review" by Dustin Childs picking up where MSRC has left us hanging. The review can be found on the HP Security Research blog.

Critical:
  • MS15-112 -- Cumulative Security Update for Internet Explorer (3104517) 
  • MS15-113 -- Cumulative Security Update for Microsoft Edge (3104519) 
  • MS15-114 -- Security Update for Windows Journal to Address Remote Code Execution (3100213)
  • MS15-115 -- Security Update for Microsoft Windows to Address Remote Code Execution (3105864)   
    Important:
    • MS15-116 -- Security Update for Microsoft Office to Address Remote Code Execution (3104540) 
    • MS15-117 -- Security Update for NDIS to Address Elevation of Privilege (3101722) 
    • MS15-118 -- Security Update for .NET Framework to Address Elevation of Privilege (3104507) 
    • MS15-119 -- Security Update for Winsock to Address Elevation of Privilege (3104521) 
    • MS15-120 -- Security Update for IPSec to Address Denial of Service (3102939) 
    • MS15-121 -- Security Update for Schannel to Address Spoofing (3081320) 
    • MS15-122 -- Security Update for Kerberos to Address Security Feature Bypass (3105256) 
    • MS15-123 -- Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)

    Additional Update Notes

    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. The updated version includes detection for the the following ransomware families:  Crowti, Critroni, Teerac and Tescrypt . Details are available in the MMPC Blog Post.
    • Windows 8.x and Windows 10 -- Non-security new features and improvements for Windows 8.1 and Windows 10 are included with the updates.

    References

    • MSRC
    • TechNet: Microsoft Security Bulletin for November 2015 

      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...






      Available link for download