The most important updates this month are MS15-112 and MS15-113. They can be exposed by a user accessing a website or opening a specially crafted document. It is important to note that they require a reboot. Experience has taught us well that the closer we get to the holiday season, the more likely our users will be launching innocent looking websites.
UPDATES
MS15-112 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)
- This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-113 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)
- This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-114 (Impact: Remote Code Execution, Restart Requirement: May require restart, Severity Rating: Critical)
- This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS15-115 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)
- This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
MS15-116 (Impact: Remote Code Execution, Restart Requirement: May require restart, Severity Rating: Important)
- This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-117 (Impact: Elevation of Privilege, Restart Requirement: Requires restart, Severity Rating: Important)
- This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS15-118 (Impact: Elevation of Privilege, Restart Requirement: Does not require restart, Severity Rating: Important)
- This security update resolves vulnerabilities in Microsoft.NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
MS15-119 (Impact: Elevation of Privilege, Restart Requirement: Requires restart, Severity Rating: Important)
- This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.
MS15-120 (Impact: Denial of Service, Restart Requirement: May require restart, Severity Rating: Important)
- This security update resolves a denial-of-service vulnerability in Microsoft Windows. An attacker who successfully exploits the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability, an attacker must have valid credentials.
MS15-121 (Impact: Spoofing, Restart Requirement: Requires restart, Severity Rating: Important)
- This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
MS15-123 (Impact: Information Disclosure, Restart Requirement: May require restart, Severity Rating: Important)
- This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant-message session and then sends that user a message containing specially crafted JavaScript content.
MS15-122 (Impact: Security Feature Bypass, Restart Requirement: Requires restart, Severity Rating: Important)
- This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass is exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
Read the full article on channelpartners.com.