|
|
|
Severity Rating: Important
Revision Note: V1.1 (October 16, 2015): Bulletin revised to announce a detection change in the 3097617 cumulative update for Windows 10. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56452 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (October 14, 2015): V1.1 (October 14, 2015): Bulletin revised to correct the security impact and severity for CVE-2015-6046. This is an informational change only.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56412 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56451 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V4.0 (October 13, 2015): Revised bulletin to announce the availability of update package 2920693 for Microsoft Excel 2016. Customers running Microsoft Excel 2016 should apply the update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56408 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V3.0 (October 13, 2015): Revised bulletin to announce the availability of update packages for Microsoft Office 2016, Microsoft Visio 2016, and Microsoft Word 2016. Customers running Microsoft Office 2016, Microsoft Visio 2016, or Microsoft Word 2016 should apply the applicable updates to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the updates will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56407 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V4.0 (October 13, 2015): Revised bulletin to announce the availability of a new update (3085544) for Microsoft Office 2007 that addresses issues with the previously-released update (2965282). Customers running Microsoft Office 2007 are encouraged to install update 3085544 at the earliest opportunity to be fully protected from the vulnerability discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3085544 for more information and download links.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56394 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56393 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
|
|
|
Full View / NID: 56392 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
|
|
|
Full View / NID: 56391 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.
|
|
|
Full View / NID: 56390 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56389 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.1 (October 7, 2015): Added a footnote to the Microsoft Communication Platforms and Software table and an Update FAQ to explain that customers running affected editions of Microsoft Lync 2013 (Skype for Business) must install prerequisite updates before installing the 3085500 security update. See the Update FAQ for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
|
|
|
Full View / NID: 56305 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.2 (October 7, 2015): Added a footnote to the Microsoft Communication Platforms and Software table and an Update FAQ to explain that customers running affected editions of Microsoft Lync 2013 (Skype for Business) must install prerequisite updates before installing the 3055014 security update. See the Update FAQ for more information.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
|
|
|
Full View / NID: 56304 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V3.0 (September 30, 2015): Revised bulletin to announce the availability of an update package for Microsoft Office 2016. Customers running Microsoft Office 2016 should apply the 2910993 update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 56201 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.0 (September 30, 2015): Revised bulletin to announce the availability of an update package for Skype for Business 2016. Customers running Skype for Business 2016 should apply the 2910994 update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
|
|
|
Full View / NID: 56200 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (September 25, 2015): Removed Windows Server Technical Preview 3 from the Affected Software table footnote because it is not affected by the vulnerabilities described in this security bulletin. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
|
|
|
Full View / NID: 56104 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.2 (September 25, 2015): Added a footnote to the Affected Software table to inform customers that Windows Server Technical Preview 2 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
|
|
|
Full View / NID: 56103 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (September 23, 2015): Bulletin revised to correct the severity and impact for CVE-2015-2514. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 56076 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.0 (September 15, 2015): Bulletin revised to announce that the 3088502 update for Microsoft Office for Mac 2016 is available. For more information see Microsoft Knowledge Base Article 3088502.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 55949 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (September 11, 2015): Bulletin revised to update the prerequisite detail in the Update FAQ section. This is an informational change only. Customers who have already successfully installed the updates do not need to take any action.
Summary: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.
|
|
|
Full View / NID: 55907 / Submitted by: The Zilla of Zuron
|
|
