Security Alert (A15-11-02): Multiple Vulnerabilities in Microsoft Products (November 2015)


 

Published on: 11 November 2015

Last update on: 12 November 2015

  
  

Description:

Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS15-112    Cumulative Security Update for Internet Explorer
MS15-113    Cumulative Security Update for Microsoft Edge
MS15-114    Security Update for Windows Journal to Address Remote Code Execution
MS15-115    Security Update for Microsoft Windows to Address Remote Code Execution
MS15-116    Security Update for Microsoft Office to Address Remote Code Execution
MS15-117    Security Update for NDIS to Address Elevation of Privilege
MS15-118    Security Update for .NET Framework to Address Elevation of Privilege
MS15-119    Security Update for Winsock to Address Elevation of Privilege
MS15-120    Security Update for IPSec to Address Denial of Service
MS15-121    Security Update for Schannel to Address Spoofing
MS15-122    Security Update for Kerberos to Address Security Feature Bypass
MS15-123    Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure


Affected Systems:

  • Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6
  • Microsoft Edge
  • Microsoft Internet Explorer 7, 8, 9, 10, 11
  • Microsoft Lync Room System, Lync 2010, 2013
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011 & 2016
  • Microsoft Office Compatibility Pack, Excel, Word Viewer
  • Microsoft Office Web Apps 2010, 2013
  • Microsoft SharePoint 2007, 2010, 2013
  • Microsoft Skype for Business 2016
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
  • Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1, 10

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:

https://technet.microsoft.com/library/security/ms15-nov


Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, elevation of privilege, bypass of security restrictions, denial of services, spoofing or information disclosure.


Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate
Users should be reminded that Microsoft Windows Server 2003 has reached its End-Of-Support on 14 July 2015. No more security updates are available from the vendor. Users should upgrade or migrate the obsolete Windows Server 2003 to a platform with vendor support and implement compensating security measures before completing the upgrade or migration.
Microsoft has re-released the security bulletin MS15-115 to address an issue that caused crashes for some users when they viewed certain emails. Users who previously installed the update should reinstall the newly released update 3097877 to correct the issue.

More Information:

https://technet.microsoft.com/en-us/library/security/ms15-nov
https://technet.microsoft.com/library/security/MS15-112
https://technet.microsoft.com/library/security/MS15-113
https://technet.microsoft.com/library/security/MS15-114
https://technet.microsoft.com/library/security/MS15-115
https://technet.microsoft.com/library/security/MS15-116
https://technet.microsoft.com/library/security/MS15-117
https://technet.microsoft.com/library/security/MS15-118
https://technet.microsoft.com/library/security/MS15-119
https://technet.microsoft.com/library/security/MS15-120
https://technet.microsoft.com/library/security/MS15-121
https://technet.microsoft.com/library/security/MS15-122
https://technet.microsoft.com/library/security/MS15-123
https://www.hkcert.org/my_url/en/alert/15111101
https://www.hkcert.org/my_url/en/alert/15111102
https://www.hkcert.org/my_url/en/alert/15111103
https://www.hkcert.org/my_url/en/alert/15111104
https://www.hkcert.org/my_url/en/alert/15111105
https://www.hkcert.org/my_url/en/alert/15111106
https://www.hkcert.org/my_url/en/alert/15111107
https://www.hkcert.org/my_url/en/alert/15111108
https://www.hkcert.org/my_url/en/alert/15111109
https://www.hkcert.org/my_url/en/alert/15111110
https://www.hkcert.org/my_url/en/alert/15111111
https://www.hkcert.org/my_url/en/alert/15111112
https://www.us-cert.gov/ncas/current-activity/2015/11/10/Microsoft-Releases-November-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6064 (to CVE-2015-6066)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6068 (to CVE-2015-6082)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6084 (to CVE-2015-6089)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6091 (to CVE-2015-6104)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6111 (to CVE-2015-6113)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6123



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , SharePoint , Lync , Skype , .NET Framework
Tags