|
|
|
Severity Rating: Critical
Revision Note: V1.2 (November 30, 2015): Bulletin revised to clarify that the 3093513 update is only offered to Windows 7 systems if the Tablet PC Components feature is enabled. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
|
|
|
Full View / NID: 57088 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.0 (November 11, 2015): Bulletin revised to inform customers running Windows 7 that the 3097877 update has been re-released to address an issue that caused crashes for some customers when they viewed certain emails. Customers who previously installed update 3097877 should reinstall the update to correct this known issue. See Microsoft Knowledge Base Article 3097877 for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
|
|
|
Full View / NID: 56832 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56952 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.
|
|
|
Full View / NID: 56874 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Click here to enter text.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
|
|
|
Full View / NID: 56856 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V5.0 (November 10, 2015): To comprehensively address CVE-2015-2545, Microsoft re-released security updates for all affected Microsoft Office software. Microsoft recommends that customers running affected editions of Microsoft Office software should install the security updates released with this bulletin revision to be fully protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3089664 for more information.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56818 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (November 10, 2015): Click here to enter text.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56817 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
|
|
|
Full View / NID: 56814 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key.
|
|
|
Full View / NID: 56813 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
|
|
|
Full View / NID: 56812 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56782 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
|
|
|
Full View / NID: 56781 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
|
|
|
Full View / NID: 56780 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.
|
|
|
Full View / NID: 56779 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 56778 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.2 (October 29, 2015): Bulletin revised to announce a detection change in the 3088195 update for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The detection change temporarily blocks deployment of the 3088195 update to systems running a specific version of USB Blocker software that is incompatible with the update. For more information, see Microsoft Knowledge Base Article 3088195. Note: This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
|
|
|
Full View / NID: 56617 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.0 (October 29, 2015): Bulletin revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, which has been added to this bulletin. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or have received the fix in the original updates of October 13, 2015. See Microsoft Knowledge Base Article 3105210 for more information and the download link.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56616 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.2 (October 16, 2015): Bulletin revised to announce a detection change in the 3097617 cumulative update for Windows 10. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56455 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (October 16, 2015): Bulletin revised to announce a detection change in the 3097617 cumulative update for Windows 10. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
|
|
|
Full View / NID: 56454 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (October 16, 2015): Bulletin revised to announce a detection change in the 3097617 cumulative update for Windows 10. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
|
|
|
Full View / NID: 56453 / Submitted by: The Zilla of Zuron
|
|
