Patch Analysis for November 2015

Welcome to this November Patch Tuesday Bulletin. This month serves patches for Internet Explorer, Edge, Windows, Office, Lync, Skype for Business, .Net, and Sharepoint. There are a large quantity of vulnerabilities being fixed this month but there do not appear to be known active attacks. Start the month with the patch for Internt Explorer MS15-112. A large number of vulnerabilities are fixed so roll it out as soon as possible. Both MS15-114 and MS15-115 resolve arbitrary code execution vulnerabilities and should be applied as soon as possible. A critical patch for Microsoft Edge was released so apply MS15-113 if it is used anywhere in the environment. MS15-116 is an arbitrary code execution vulnerability for Microsoft Office. This patch is only rated important but office docs are often used in spear phishing and other client side attacks. Apply MS15-117, MS15-118, and MS15-119 to remediate elevation of privilege vulnerabilities in Windows and .Net. MS15-120 fixes a denial of service vulnerability for servers which could cause damage if exploited. MS15-121 fixes a spoofing vulnerability in Windows. This next patch may seem like a feature to anyone who has needed to access data on a computer protected with bitlocker but it is still an important vulnerability to fix. MS15-122 remediates a vulnerability where an attacker can bypass authentication on a host with bitlocker enabled. Finally, MS15-123 fixes an information disclosure vulnerability with Lync and Skype.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

Visit the Lumension Patch Tuesday Center

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS15-121

3081320
Spoofing

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Restart requiredUpdate after testing
MS15-114

3100213
Arbitrary code

/ Microsoft Winodws
Workstations
Terminal Servers
Servers
No/NoYesCritical Vista
Server 2008
Server 2008 R2
Windows 7
May require restartUpdate immediately
MS15-117

3101722
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
May require restartUpdate after testing
MS15-120

3102939
Denial of service

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
.NET Framework 3.5
May require restartUpdate after testing
MS15-118

3104507
Privilege elevation

/ Windows .NET
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Does not require restartUpdate after testing
MS15-112

3104517
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoYesCritical Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, restart requiredUpdate immediately
MS15-113

3104519
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoCritical Microsoft Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS15-119

3104521
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate after testing
MS15-116

3104540
Arbitrary code

/ Microsoft Office, Lync, Skype for Business
Workstations
Terminal Servers
Servers
Sharepoint Servers
No/NoNoImportant Office 2007
SharePoint Server 2007
Office 2010
Office 2011 for MAC
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2013 Web Apps
Office 2010 Web Apps
Office 2016 for Mac
Office 2016
Multiple vulnerabilities, may require restartUpdate after testing
MS15-122

3105256
Security feature bypass

/ Microsoft Windows
Workstations
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Requires restartUpdate after testing
MS15-115

3105864
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate immediately
MS15-123

3105872
Information disclosure

/ Microsoft Office, Lync, Skype for Business
Workstations
Terminal Servers
No/NoNoImportant Lync 2010
Lync 2013
Skype for Business 2016
May require restartUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.