November 2015 Microsoft Patch Tuesday

Published: 2015-11-10. Last Updated: 2015-11-10 18:05:54 UTC
by Johannes Ullrich (Version: 1)

Overview of the November 2015 Microsoft patches and their status.

#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	ISC rating(*)
#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	clients	servers
MS15-112	Cumulative Security Update for Internet Explorer (Replaces MS15-106 )
MS15-112	Internet Explorer CVE-2015-2427, CVE-2015-6064, CVE-2015-6065, CVE-2015-6066, CVE-2015-6067, CVE-2015-6068, CVE-2015-6069, CVE-2015-6070, CVE-2015-6071, CVE-2015-6072, CVE-2015-6073, CVE-2015-6074, CVE-2015-6075, CVE-2015-6076, CVE-2015-6077, CVE-2015-6078, CVE-2015-6079, CVE-2015-6080, CVE-2015-6081, CVE-2015-6082, CVE-2015-6084, CVE-2015-6085, CVE-2015-6086, CVE-2015-6087, CVE-2015-6088, CVE-2015-6089	KB 3104517	no.	Severity:Critical Exploitability: 1 and higher	Critical	Critical
MS15-113	Cumulative Security Update for Microsoft Edge (Replaces MS15-107 )
MS15-113	Microsoft Edge CVE-2015-6064, CVE-2015-6073, CVE-2015-6078, CVE-2015-6088	KB 3104519	no.	Severity:Critical Exploitability: 1,1,1,2	Critical	Critical
MS15-114	Remote Code Execution Vulnerability in Windows Journal (Replaces MS15-098 )
MS15-114	Microsoft Journal CVE-2015-6088	KB 3100213	no.	Severity:Critical Exploitability: 3	Critical	Important
MS15-115	Remote Code Execution Vulnerability in OpenType (Replaces MS15-097 MS15-111 MS15-073 )
MS15-115	OpenType Fonts CVE-2015-6100, CVE-2015-6101, CVE-2015-6102, CVE-2015-6103 CVE-2015-6014, CVE-2015-6109, CVE-2015-6113	KB 3105864	no.	Severity:Critical Exploitability: 1-2	Critical	Important
MS15-116	Remote Code Execution Vulnerabilties in Microsoft Office (Replaces MS15-046 MS15-110 MS12-066 MS14-048 MS14-020 MS13-035 MS15-081 MS15-022 )
MS15-116	Office, Office Services and Web Apps, Skype, Lync CVE-2015-2503, CVE-2015-6038, CVE-2015-6091, CVE-2015-6092 CVE-2015-6093, CVE-2015-6094, CVE-2015-6123	KB 3104540	no.	Severity:Important Exploitability: 1,1,1,2,1,1,3	Critical	Important
MS15-117	Elevation of Privilege Vulnerability in NDIS
MS15-117	NDIS CVE-2015-6098	KB 3101722	no.	Severity:Important Exploitability: 2-4	Important	Important
MS15-118	Elevation of Privilege Vulnerabilities in .Net Framework (Replaces MS14-057 MS11-100 MS14-009 )
MS15-118	.Net Framework CVE-2015-6096, CVE-2015-6099, CVE-2015-6115	KB 3104507	no.	Severity:Important Exploitability: 1,2,2	Important	Important
MS15-119	Elevation of Privilege Vulnerabilities in Winsock (Replaces MS14-040 )
MS15-119	Winsock CVE-2015-2478	KB 3104521	no.	Severity:Important Exploitability: 2	Important	Important
MS15-120	Denial of Service Vulnerability in IPSec
MS15-120	IPSec CVE-2015-6111	KB 3102939	no.	Severity:Important Exploitability: 2-4	N/A	Important
MS15-121	Spoofing Vulnerability in SChannel (Replaces MS15-055 MS15-076 )
MS15-121	SChannel CVE-2015-6112	KB 3081320	no.	Severity:Important Exploitability: 2	Important	Important
MS15-122	Security Feature Bypass in Kerberos (Replaces MS14-068 MS15-076 MS15-052 )
MS15-122	Kerberos CVE-2015-6095	KB 3105256	no.	Severity:Important Exploitability: 2	Important	Important
MS15-123	Information Disclosure Vulnerablity in Microsoft Lync and Skype for Business (Replaces MS15-097 )
MS15-123	Skype for Business, Lync CVE-2015-6061	KB 3105872	no.	Severity:Important Exploitability: 2	Important	Important

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds a\ re typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more tim\ e to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: mspatchday

8 comment(s)

Comments

Adobe Flash and Air has an update out as well, 19.0.0.245. Considering the recent report that flash has provided, so far, been 8 out of 10 exploits used by exploit kits in 2015, you don't want to miss that either.

Beware of KB3097877. It is causing Outlook 2010 and 2013 to crash on some HTML emails. Removing it resolves this issue. I have personally seen this. I recommend you not install until Microsoft fixes it. A thread talking about it is here: https://social.technet.microsoft.com/Forums/en-US/482486ba-a378-4dcd-bd21-08ae19760b93/crashes-since-111115-updates-in-both-outlook-2010-and-2013-when-viewing-html-emails?forum=officeitproprevious

More problems with 3097877, including network logon black screens, detailed here: http://www.infoworld.com/article/3004519/microsoft-windows/kb-3097877crashes-outlook-causes-network-sign-in-black-screens.html?nsdr=true

Confirmed that KB3097877 is crashing Outlook 2010 when viewing specific HTML emails; i.e. JetBlue reservations etc.

Uninstalling KB3097877 resolves the issue.

Unfortunately, the update will be re-installled unless you manually block the specific update or stop windows update services.

Despite widespread reports of problems with this patch, Microsoft has not pulled it from the Windows Update 'site'.

40 minutes in and three transfers later, I am still attempting to reach someone at Microsoft to get KB3097877 pulled from Windows Update so that it does not continue to re-install itself.

Today (Wednesday, 14:38 Pacific), I launched Windows Update, and 28 updates (Office & Windows 7) were found, but KB3097877 was not "tick-marked". So, 27 updates are being downloaded/applied, not 28.

We installed updates to our exchange 2013 hybrid server. KB3097877 Causes issues with SMTP starting. After the patch, you are unable to telnet to port 25 on the server or send emails as a relay through it of course. We did find workaround for this, but really its just best to uninstall the patch. We removed and restarted the server and found no further issues after this.

KB 3097877 has been re-released http://www.infoworld.com/article/3004441/microsoft-windows/microsoft-surreptitiously-reissues-botched-patch-kb-3097877-for-windows-7.html?nsdr=true

It looks like your table is too wide for your layout, at least on my screen (in both the diary and forum).

Internet Storm Center

November 2015 Microsoft Patch Tuesday

Comments

Anonymous

Nov 11th 2015
8 years ago

Anonymous

Nov 11th 2015
8 years ago

Anonymous

Nov 11th 2015
8 years ago

Anonymous

Nov 11th 2015
8 years ago

Anonymous

Nov 11th 2015
8 years ago

Anonymous

Nov 12th 2015
8 years ago

Anonymous

Nov 12th 2015
8 years ago

Anonymous

Nov 16th 2015
8 years ago

November 2015 Microsoft Patch Tuesday

Comments

Anonymous

Nov 11th 20158 years ago

Anonymous

Nov 11th 20158 years ago

Anonymous

Nov 11th 20158 years ago

Anonymous

Nov 11th 20158 years ago

Anonymous

Nov 11th 20158 years ago

Anonymous

Nov 12th 20158 years ago

Anonymous

Nov 12th 20158 years ago

Anonymous

Nov 16th 20158 years ago

Nov 11th 2015
8 years ago

Nov 11th 2015
8 years ago

Nov 11th 2015
8 years ago

Nov 11th 2015
8 years ago

Nov 11th 2015
8 years ago

Nov 12th 2015
8 years ago

Nov 12th 2015
8 years ago

Nov 16th 2015
8 years ago