|
Severity Rating: Important Revision Note: V1.1 (December 23, 2015): Bulletin revised to correct the Updates Replaced for the Server Core installation option on Windows Server 2008 and Windows Server 2008 R2.This is an informational change only. Customers who have successfully installed the updates do not need to take any further action. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
|
|
Full View / NID: 57473 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V2.1 (December 18, 2015): Bulletin revised to correct the Updates Replaced for 3101532 and 3114342, and to add a workaround for CVE-2015-6172. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57424 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.1 (December 16, 2015): Revised the vulnerability description for CVE-2015-6161 to more accurately describe the ASLR Bypass. This is an informational change only. Customers who have already successfully installed security update 3116869 or 3116900 do not need to take any action. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57392 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.1 (December 16, 2015): Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57391 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V2.0 (December 10, 2015): Bulletin revised to announce that the 3119518 update is available for Microsoft Office 2016 for Mac, and the 3119517 update is available for Microsoft Office for Mac 2011. For more information, see Microsoft Knowledge Base Article 3119518 and Microsoft Knowledge Base Article 3119517. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57294 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.1 (December 9, 2015): Revised bulletin to remove all references to the requirement that an attacker have physical access to the target machine to exploit CVE-2015-6095. This is an informational change only. Customers who have already successfully installed the update do not need to take any action. Summary: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key.
|
|
Full View / NID: 57269 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.1 (December 9, 2015): Bulletin revised to correct the Publicly disclosed and Exploited status of CVE-2015-6124. This is an informational change only. Customers who have successfully installed the update do not need to take any further action. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57268 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.2 (December 9, 2015): Bulletin revised to clarify the product version guidance in the Update FAQ section by aligning it with the guidance provided in earlier releases. This is an informational change only. Customers who have already successfully installed the update do not need to take any action. Summary: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
|
|
Full View / NID: 57266 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.
|
|
Full View / NID: 57363 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin Published Summary: This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
|
|
Full View / NID: 57320 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Click here to enter text. Summary: This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read- and write-access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.
|
|
Full View / NID: 57318 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57267 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
|
|
Full View / NID: 57240 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.
|
|
Full View / NID: 57239 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed. Microsoft Message Queuing (MSMQ) must be installed and the Windows Pragmatic General Multicast (PGM) protocol specifically enabled for a system to be vulnerable. MSMQ is not present in default configurations and, if it is installed, the PGM protocol is available but disabled by default.
|
|
Full View / NID: 57238 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.
|
|
Full View / NID: 57237 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57236 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57235 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
|
|
Full View / NID: 57234 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 57233 / Submitted by: The Zilla of Zuron
|