Microsoft Patch Tuesday – November 2015
November 10, 2015 under the “Patch Tuesday” Microsoft released 12 security bulletins, which correct a total of 49 vulnerabilities in the company’s products. Four of them are critical, the other eight – important.
Critical patches are for flaws in Windows, Internet Explorer, and the new browser Edge, allowing remotely execute code.
Important bulletins fix vulnerabilities through which an attacker couldЖ elevate their privileges on the system (affects NDIS, .NET Framework, and Winsock), to remotely execute code (Microsoft Office), to cause a denial of service (IPSec), to carry out spoofing attack (Schannel), circumvent security features (Kerberos), and to disclose information (Skype for Business and Microsoft Lync).
The critical bulletin fixes disclosed vulnerabilities for which in 2-4 weeks may appear working exploits. Information security expert Wolfgang Kandek from Qualys compared patches for Internet Explorer and Edge and found differences in safety. According to expert, the new browser from Microsoft is much safer than its predecessor. In Internet Explorer, corrected 25 vulnerabilities, 23 of them critical, which allows you to remotely execute code.
Maximum Severity Rating and Vulnerability Impact
- #1 [MS15-112] Critical – Remote Code Execution
- #2 [MS15-113] Critical – Remote Code Execution
- #3 [MS15-114] Critical – Remote Code Execution
- #4 [MS15-115] Critical – Remote Code Execution
- #5 [MS15-116] Important – Remote Code Execution
- #6 [MS15-117] Important – Elevation of Privilege
- #7 [MS15-118] Important – Elevation of Privilege
- #8 [MS15-119] Important – Elevation of Privilege
- #9 [MS15-120] Important – Denial of Service
- #10[ MS15-121] Important – Spoofing
- #11 [MS15-122] Important – Security Feature Bypass
- #12 [MS15-123] Important – Information Disclosure