Virtual Administrator’s October 2015 Patch Recommendations

6 Security Bulletins were released – 3 Critical, 3 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS15-106, MS15-108 and MS15-109 are rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.

No out-of-band security updates were released during the last month.

Notable news: The month’s releases breaks the record for the most bulletins released by Microsoft in a single year – and it’s only October. We’re up to 111 and the previous record was 106 in 2013. This doesn’t necessarily mean Microsoft products are less secure these days but it does seem to reflect an increased commitment to address vulnerabilities. Which is a good thing.

Exploitability

• Publically disclosed: MS15-110 and MS15-111
• Being exploited: None
• Rated CRITICAL: MS15-106, MS15-108, MS15-109
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS15-106 Cumulative Security Update for Internet Explorer (3096441)	(Internet Explorer) The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details Affected Software: Internet Explorer 7-11 Known Issues per MS:
	MS15-108 Security Update for JScript and VBScript to Address Remote Code Execution (3089659)	(VBScript and JScript in Windows) The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. Details Affected Software: Vista, Server 2008, VBScript 5.7/5.8, JScript 5.7/5.8 Known Issues per MS:
	MS15-109 Security Update for Windows Shell to Address Remote Code Execution (3096443)	(Microsoft Windows) The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online. Details Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:

IMPORTANT

	MS15-107 Cumulative Security Update for Microsoft Edge (3096448)	(Microsoft Edge) The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. Details Affected Software: Windows 10 Edge Known Issues per MS:
	MS15-110 Security Updates for Microsoft Office to Address Remote Code Execution (3096440)	(Office and SharePoint) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Details Affected Software: Office 2007/2010/2013/2016, Office 2011/2016 for MAC, Excel Viewer ,SharePoint Server 207/2010/2013, SharePoint Foundation 2013, .NET Framework 3.5.1 Known Issues per MS:
	MS15-111 Security Update for Windows Kernel to Address Elevation of Privilege (3096447)	(Microsoft Windows) The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Details Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS: