Patch Analysis for September 2015

Welcome to this September Patch Tuesday Bulletin. This month brings 12 total patches, 5 critical patches, and two patches for vulnerabilities that are being exploited in the wild. Patches for MS15-099 and MS15-097 have seen limited attacks in the wild so these two should be applied as quick as they can be safely pushed. Follow up with the Internet Explorer patch MS15-094. IE is one of the most commonly patched MS product so it might be worthwhile to begin tracking the time it takes to patch and working to decrease this time month to month. Finish up with the remaining 2 critical vulnerabilities that remediate issues with Microsoft Office, Lync, and Edge. None of the patches that are rated Important are being attacked in the wild so be sure to thoroughly test these before applying. MS15-06, MS15-100, MS15-101, and MS15-102 will affect most organizations so evaluate and test these first. If you run Hyper-V, Skype for Business, or OWA then take a look at the associated patches below and prioritize them accordingly.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

Visit the Lumension Patch Tuesday Center

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS15-096

3072595
Denial of service

/ Microsoft Winodws
Workstations
Terminal Servers
Servers
No/NoNoImportant Server 2008
Server 2008 R2
Server 2012
Server 2012 R2
Restart requiredUpdate after testing
MS15-100

3087918
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Vista
Windows 7
Windows 8
May require restartUpdate after testing
MS15-103

3089250
Information disclosure

/ Microsoft Exchange
Exchange Servers
No/NoNoImportant Exchange 2013
Multiple vulnerabilities, may require restartUpdate after testing
MS15-094

3089548
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoYesCritical Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, restart requiredUpdate immediately
MS15-097

3089656
Arbitrary code

/ Microsoft Office, Lync
Workstations
Servers
No/YesYesCritical Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, may require restartUpdate immediately
MS15-102

3089657
Privilege elevation

/ Microsoft Winodws
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, restart requiredUpdate after testing
MS15-101

3089662
Privilege elevation

/ Microsoft .NET Framework
Workstations
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Does not require restartUpdate after testing
MS15-099

3089664
Arbitrary code

/ Microsoft Office, Sharepoint, Foundation
Workstations
Servers
No/YesYesCritical Office 2007
Office 2010
Office 2011 for MAC
Office 2013 RT
Office 2013
Multiple vulnerabilities, may require restartUpdate immediately
MS15-095

3089665
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoCritical Windows 10
Multiple vulnerabilities, restart requiredUpdate immediately
MS15-098

3089669
Arbitrary code

/ Microsoft Winodws
Workstations
Terminal Servers
No/NoYesCritical Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Multiple vulnerabilities, may require restartUpdate immediately
MS15-104

3089952
Privilege elevation

/ Microsoft Lync, Skype
Servers
Web Servers
No/NoNoImportant Lync Server 2013
Multiple vulnerabilities, does not require restartUpdate immediately
MS15-105

3091287
Security feature bypass

/ Microsoft Winodws
Workstations
Servers
No/NoNoImportant Server 2012 R2
Windows 8.1
Windows 10
Requires restartUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.