Virtual Administrator’s December 2015 Patch Recommendations

12 Security Bulletins were released – 8 Critical, 4 Important, and 0 Moderate

This Month In Brief

12 Security Bulletins were released – 8 Critical, 4 Important

Update: KB3102429 added to denied patches on 12/17

We have not uncovered any problems with any of the Security Bulletins and are releasing all of them.

Denied Non-Security Bulletin Updates: KB3114409 and KB3102429 have been denied

Opinions vary on which patch should be the top priority this month. Some say MS15-127 (a remote code execution vulnerability in Microsoft’s DNS server), while others say MS15-128 (RCE vulnerabilities in the Microsoft Graphics Component) and a few even think MS15-135 (vulnerability in the Windows kernel ) should be number one. MS15-135 isn’t even rated as a critical patch but it is being actively exploited. MS15-124 is the cumulative update for Internet Explorer (MS15-125 is the Edge version). Because MS15-131 affects Office should also be a high priority. After your next patch cycle completes you should follow up and make sure all of these are installed.

No out-of-band security updates were released during the last month.

Details about denied patches/updates
KB3114409 Update for Microsoft Outlook 2010 Critical Update (High Priority)
https://support.microsoft.com/en-us/kb/3114409

Microsoft pulled the patch the day after it was released and added this notice to the page.
“After you install this update, Outlook 2010 may start only in safe mode. If this issue occurs, uninstall the update. This update is no longer available now.”

If you have machines that did get KB3114409 installed, the above link has a “How to uninstall this update” section. We also have a “KB3114409 uninstall” script posted on ClubMSP.

http://clubmsp.com/msp/script/kb3114409-uninstall-script/

KB3102429 Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows [Update (Optional – Software)] https://support.microsoft.com/en-us/kb/3102429

Known issues in this update
-Microsoft .NET Framework C# applications that were developed in Microsoft Visual Studio 2010 or Microsoft Visual Studio 2008 and that use SAP Crystal Reports to create reports from raw data generate Crystal Reports error messages.
-In Crystal Reports version 9 (Crystal 9) and version 10 (Crystal 10), the “export as PDF” functionality fails.

Notable news:
Support for older versions of Internet Explorer ends on January 12, 2016
https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
“Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.”

Microsoft released a total of 135 Security Bulletins in 2015. They broke their previous 2013 record of 106 back in October.

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS15-124 Cumulative Security Update for Internet Explorer (3116180) (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
Affected Software: Internet Explorer 7-10
Known Issues per MS:
MS15-125 Cumulative Security Update for Microsoft Edge (3116184) (Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Details
Affected Software: Edge
Known Issues per MS:
MS15-126 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178) (Microsoft Windows) The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website.
Details
Affected Software: Vista, Server 2008
Known Issues per MS:
MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465) (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
Details
Affected Software: Server 2008/2008R2/2012/2012R2
Known Issues per MS:
MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) (Microsoft .NET Framework, Office, Skype, Lync, Silverlight) The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
Details
Affected Software: Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, Silverlight
Known Issues per MS:
MS15-129 Security Update for Silverlight to Address Remote Code Execution (3106614) (Microsoft Silverlight) The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read- and write-access violations.
Details
Affected Software: Silverlight 5, Silverlight 5 Developer
Known Issues per MS:
MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670) (Microsoft Windows) The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
Details
Affected Software: Windows 7, Server 2008R2
Known Issues per MS:
MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
Affected Software: Office 2007/2010/2013/2016
Known Issues per MS:

IMPORTANT

MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162) (Microsoft Windows) The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.
Details
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-133 Security Update for Windows PGM to Address Elevation of Privilege (3116130) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed.
Details
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-134 Security Update for Windows Media Center to Address Remote Code Execution (3108669) (Microsoft Windows) The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
Details
Affected Software: Vista, Windows 7/8/8.1
Known Issues per MS:
MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075) (Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.
Details
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:

MODERATE