Patch Analysis for October 2015

This October Patch Tuesday Bulletin is a very active one. There are active attacks, exploit code, and links to potential espionage groups. First up this month should be Internet Explorer MS14-056 since multiple actively targeted vulnerabilities are fixed in this bulletin. Next up should be MS14-058 due to active attacks and the wide array of supported operating systems that are affected by this vulnerability in TrueType fonts. Delivery mechanisms may include documents, webpages, or even advertisements so this vulnerability could be a good candidate for a watering hole attack. Although MS14-060 is only rated important it should be followed up next if users are especially susceptible to phishing attacks. This bulletin fixes an actively attacked vulnerability in Microsoft Office OLE objects that may be used in a targeted espionage campaign. MS14-057 remediates an arbitrary code execution vulnerability in .NET web applications and should be applied if your organization uses this technology. MS14-061 remediated yet another Microsoft Office vulnerability. This bulletin is rated important but should be looked at due to the arbitrary code execution impact of vulnerability. The remaining bulletins MS14-059,MS14-062, MS14-063 should be examined to determine if they are deemed critical or even applicable to the organization.

Click here assess your vulnerabilities now

Visit the Lumension Patch Tuesday Center

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS15-108

3089659
Information disclosure
Security feature bypass
Remote Code Execution

/ VBScript and JScript in Windows
Workstations
Servers
No/NoNoCritical Vista
Server 2008
VBScript 5.7
VBScript 5.8
JScript 5.7
JScript 5.8
Only affects certain versions of JScript and VBScript. Version can be found on the details tab in the properties of vbscript.dll and jscript.dll in your System32 directory.Patch after testing if you have JScript and VBScript 5.7 and 5.8 with IE7 or IE8.
MS15-110

3096440
Arbitrary code
Information disclosure
Spoofing
Security feature bypass
Remote Code Execution

/ Office and SharePoint
Workstations
Servers
Sharepoint Servers
Yes/NoNoImportant Office 2007
Excel Viewer
SharePoint Server 2007
Office 2010
Office 2011 for MAC
Office Web Apps 2010
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
.NET Framework 3.5.1
Office 2016 for Mac
Office 2016
Office Compatibility Pack SP3
Office Web Apps 2013
SharePoint Foundation 2013
Multiple vulnerabilitiesPatch after testing.
MS15-106

3096441
Privilege elevation
Information disclosure
Security feature bypass
Remote Code Execution

/ Internet Explorer
Workstations
Servers
No/NoNoCritical Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Affects IE7 through IE11 on multiple OS's. Also fixes multiple vulnerabilities.Rated critical, patch ASAP
MS15-109

3096443
Remote Code Execution

/ Microsoft Windows
Workstations
Servers
No/NoNoCritical Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Please note that Windows Server Technical Preview 3 is affected. Also, this bulletin fixes multiple vulnerabilities.Rated critical, patch ASAP
MS15-111

3096447
Privilege elevation

/ Microsoft Windows
Workstations
Servers
Virtual Servers
Yes/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Please note that Windows Server Technical Preview 3 is affected. Also, this bulletin fixes multiple vulnerabilities. Patch after testing.
MS15-107

3096448
Information disclosure
Security feature bypass

/ Microsoft Edge
Servers
No/NoNoImportant Windows 10
Edge
Affects x32 and x64 systems. Windows Server Technical Preview 3 is also affected. Patch after testing.

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.