Microsoft Critical Security Bulletins Summary for November 2015

Number: AV15-108
Date: 10 November 2015

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for November 2015.

Assessment

The summary covers 12 bulletins (4 Critical and 8 Important), which addresses multiple vulnerabilities in Internet Explorer, Microsoft Edge, Windows Journal, Microsoft Windows, Microsoft Office, NDIS, .NET Framework, Winsock, IPSec, Schannel, Kerberos, Skype for Business and Microsoft Lync.

*** Critical ***
MS15-112 Cumulative Security Update for Internet Explorer (3104517)
MS15-113 Cumulative Security Update for Microsoft Edge (3104519)
MS15-114 Security Update for Windows Journal to Address Remote Code Execution (3100213)
MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution (3105864)

*** Important ***
MS15-116 Security Update for Microsoft Office to Address Remote Code Execution (3104540)
MS15-117 Security Update for NDIS to Address Elevation of Privilege (3101722)
MS15-118 Security Update for .NET Framework to Address Elevation of Privilege (3104507)
MS15-119 Security Update for Winsock to Address Elevation of Privilege (3104521)
MS15-120 Security Update for IPSec to Address Denial of Service (3102939)
MS15-121 Security Update for Schannel to Address Spoofing (3081320)
MS15-122 Security Update for Kerberos to Address Security Feature Bypass (3105256)
MS15-123 Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

Reference:
https://technet.microsoft.com/en-us/library/security/ms15-nov.aspx

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: