In this month’s scheduled Microsoft patch Tuesday, we have 12 security bulletins. These updates are made up of 4 marked as Critical with the remaining 8 updates marked as Important which are reported to resolve over 80 individual vulnerabilities.
Security Officers are warned this baseline contains many updates which have a vulnerability impact of Remote Code Execution or Elevation of Privilege, which are more often exposed by your users, rather than a failure in technology. In addition, they should be wary and pay particular attention with the number of reboots required in this release.James Rowney, Service Manager at Verismic Software advises, “The number of reboots is very high in this public release. Even if you deploy these patches to the systems in your network, unless you reboot, the vulnerability remains… careful communication will be required to minimize user impact.”
Although initially marked as Important, our eyes are closely watching one of the bulletins which carry a vulnerability impact of Security Feature bypass. We understand this effects the internal security password database of all Microsoft Operating Systems, so with such a large range of operating systems available, we are sure this patch warrants a higher priority than the severity suggests.
Robert Brown, Directory of Services at Syxsense says, “It would not be the first time Microsoft have changed their mind & increased the Severity post release, so please keep your eyes peeled.” If it is elevated to Critical, we would strongly advise to ensure this patch is deployed post haste.
For those of you who are using Windows 10, there could be a big software release coming today. What’s been labelled as “Threshold 10”, sees the Autumn update improve security and added features as well as some bug fixes, although we hear some users will not be happy that Microsoft have cancelled their “unlimited OneDrive Storage” promise.
Chris Geottl, Product Manager at Shavlik expects Microsoft to roll out its November security fixes today, but wait two days before starting to push Windows 10’s first feature and functionality upgrade to customers.
We will be recommending to our patch management as a service clients and subscribers to consider the following updates for their remediation cycle this month as a priority; MS15-112, MS15-113, MS15-114, MS15-115 & MS15-122. This recommendation is justified by combining the vendor severity, the vulnerability impact & the current exposure. The most important update in this release in our opinion is MS15-115 because it can be exposed by a user accessing a website or opening a specially crafted document. Experience has taught any IT Admin that the nearer we get to the holiday season, the more likely our users will be to launching innocent looking websites.
| Bulletin ID | Description | Impact | Restart Requirement | Severity Rating |
| MS15-112 | This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | Remote Code Execution | Requires restart | Critical |
| MS15-113 | This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | Remote Code Execution | Requires restart | Critical |
| MS15-114 | This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | Remote Code Execution | May require restart | Critical |
| MS15-115 | This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts. | Remote Code Execution | Requires restart | Critical |
| MS15-116 | This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | Remote Code Execution | May require restart | Important |
| MS15-117 | This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. | Elevation of Privilege | Requires restart | Important |
| MS15-118 | This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser. | Elevation of Privilege | Does not require restart | Important |
| MS15-119 | This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability. | Elevation of Privilege | Requires restart | Important |
| MS15-120 | This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials. | Denial of Service | May require restart | Important |
| MS15-121 | This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server. | Spoofing | Requires restart | Important |
| MS15-122 | This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer. | Security Feature Bypass | Requires restart | Important |
| MS15-123 | This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content. | Information Disclosure | May require restart | Important |
