Microsoft today unleashed a new cumulative update for Windows 10, as it has released the updates for Patch Tuesday November 2015. For this edition, Microsoft has released 12 security bulletins, out of which four rated as critical and the remaining 8 are important.
As always, the latest cumulative update comes with “functionality improvements and resolves the vulnerabilities” in Windows 10. Here are all the patches that have been released for Windows 10 users as part of Patch Tuesday November 2015 and their explanations:
- 3105256 MS15-122: Security update for Kerberos to address security feature bypass
MS15-122 patches Kerberos to resolves a security feature bypass. Microsoft noted, “An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.”
- 3104521 MS15-119: Security update in TDX.sys to address elevation of privilege
MS15-119 addresses a hole in Winsock across all supported versions of Windows. Microsoft added, “The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.”
- 3104507 MS15-118: Security updates in the .NET Framework to address elevation of privilege
MS15-118 resolves three vulnerabilities in Microsoft .NET framework. Kandek noted that one allows an attacker “to execute code as the user browsing the website (Cross Site Scripting). These vulnerabilities can often be used to steal the user’s session information and impersonate the user; depending on the application, this can be quite significant.”
- 3105864 MS15-115: Security update for Windows to address remote code execution
MS15-115 addresses holes in Microsoft Windows; the worst of which are two in Windows graphics memory that an attacker could exploit for remote code execution. Additionally, this patches two Windows kernel memory bugs that could lead to elevation of privilege, two more kernel bugs that could allow information disclosure and another flaw in Windows kernel that could allow security feature bypass.
- 3104519 MS15-113: Cumulative security update for Microsoft Edge
MS15-113 is the cumulative security update for Microsoft’s newest Edge browser, patching four different vulnerabilities, the most severe could allow remote code execution. Microsoft noted that this new patch for Windows 10 32-bit and 64-bit systems replaces MS15-107, the cumulative security update for Edge issued in October.
- 3104517 MS15-112: Cumulative security update for Internet Explorer
MS15-112 is the cumulative fix for remote code execution flaws in Internet Explorer. Microsoft lists 25 CVEs, most of which are IE memory corruption vulnerabilities. 19 are called Internet Explorer memory corruption vulnerabilities, with three CVEs labeled slightly different as Microsoft browser memory corruption vulnerabilities. Of the remaining CVEs, one involves Microsoft browser ASLR bypass, one is for an IE information disclosure flaw, and one is a scripting engine memory corruption vulnerability. You should deploy this as soon as possible
As we can see, these updates are quite serious, as they address some important products, such as the .NET Framework, and both the Microsoft Edge and Internet Explorer browsers. Furthermore, the Microsoft security advisory also released an update to Hyper-V to address CPU weakness.
This cumulative update is just a security update and while it doesn’t bring any new features, it’s most likely going to fix quite a few annoying bugs and glitches for Windows 10 users that have been affected. Here are some other updates that have been released on this Patch Tuesday:
- MS15-114 – resolves a vulnerability in Windows, specifically Windows Journal, that could allow remote code execution. This patch is rated critical for all supported editions of Windows Vista and Windows 7, and for all supported non-Itanium editions of Windows Server 2008 and Windows Server 2008 R2.
- MS15-116 addresses bugs and issues in Microsoft Office, according to Network World, who is citing Qualys CTO Wolfgang Kandek:
Five of the vulnerabilities can be used to gain control over the account of the user that opens the malicious document, they provide RCE. This is enough control over the machine for a number of attacks, such as Ransomware for example. However the attacker can pair it with a local vulnerability in the Windows kernel to get a full compromise of the machine, allowing for complete control and the installation of multiple backdoors.
- MS15-117 provides the fix for a flaw in Microsoft Windows NDIS to stop an attacker from exploiting the bug and gaining elevation of privilege
- MS15-120 resolves a denial of service vulnerability in Windows IPSEC
- MS15-121 fixes a flaw in Windows Schannel that “could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server. This security update is rated Important for all supported releases of Microsoft Windows excluding Windows 10.”
Let us know by leaving your comment below if this Patch Tuesday fixed things for you, or, as it happens sometimes, it actually brought botched updates.