Security Alert (A15-11-02): Multiple Vulnerabilities in Microsoft Products (November 2015)
11 November 2015
Last update on:
12 November 2015
Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:
MS15-112 Cumulative Security Update for Internet Explorer MS15-113 Cumulative Security Update for Microsoft Edge MS15-114 Security Update for Windows Journal to Address Remote Code Execution MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution MS15-116 Security Update for Microsoft Office to Address Remote Code Execution MS15-117 Security Update for NDIS to Address Elevation of Privilege MS15-118 Security Update for .NET Framework to Address Elevation of Privilege MS15-119 Security Update for Winsock to Address Elevation of Privilege MS15-120 Security Update for IPSec to Address Denial of Service MS15-121 Security Update for Schannel to Address Spoofing MS15-122 Security Update for Kerberos to Address Security Feature Bypass MS15-123 Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure
Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, elevation of privilege, bypass of security restrictions, denial of services, spoofing or information disclosure.
Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
Microsoft Update http://update.microsoft.com/microsoftupdate
Users should be reminded that Microsoft Windows Server 2003 has reached its End-Of-Support on 14 July 2015. No more security updates are available from the vendor. Users should upgrade or migrate the obsolete Windows Server 2003 to a platform with vendor support and implement compensating security measures before completing the upgrade or migration.
Microsoft has re-released the security bulletin MS15-115 to address an issue that caused crashes for some users when they viewed certain emails. Users who previously installed the update should reinstall the newly released update 3097877 to correct the issue.