December 2015 Microsoft Patch Tuesday
Special Note: MS15-127 looks particularly "nasty". A remote code execution vulnerability in Microsoft's DNS server. Microsoft rates the exploitability as "2", but doesn't provide much details as to the nature of the vulnerability other than the fact that it can be triggered by remote DNS requests, which is bad news in particular if you are using a Microsoft DNS server exposed to the public internet. In this case, I would certainly expedite this patch. This is the vulnerability to look out for this time around.
Overview of the December 2015 Microsoft patches and their status.
# | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS15-124 | Cumulative Security Update for Internet Explorer (Replaces MS15-124 ) | |||||
Internet Explorer CVE-2015-6083, CVE-2015-6134, CVE-2015-6135, CVE-2015-6136, CVE-2015-6138, CVE-2015-6139, CVE-2015-6140, CVE-2015-6141, CVE-2015-6142, CVE-2015-6143, CVE-2015-6144, CVE-2015-6145, CVE-2015-6146, CVE-2015-6147, CVE-2015-6148, CVE-2015-6149, CVE-2015-6150, CVE-2015-6151, CVE-2015-6152, CVE-2015-6153, CVE-2015-6154, CVE-2015-6155, CVE-2015-6156, CVE-2015-6157, CVE-2015-6158, CVE-2015-6159, CVE-2015-6160, CVE-2015-6161, CVE-2015-6162, CVE-2015-6162 |
KB 3116180 | no. | Severity:Critical Exploitability: 1-4 |
Critical | Critical | |
MS15-125 | Cumulative Security Update for Microsoft Edge (Replaces MS15-112 ) | |||||
Microsoft Edge CVE-2015-6139 CVE-2015-6140, CVE-2015-6142, CVE-2015-6148, CVE-2015-6151, CVE-2015-6153, CVE-2015-6154, CVE-2015-6155, CVE-2015-6158, CVE-2015-6159, CVE-2015-6161, CVE-2015-6168, CVE-2015-6169, CVE-2015-6170, CVE-2015-6176 |
KB 3116184 | no. | Severity:Critical Exploitability: 1-4 |
Critical | Critical | |
MS15-126 | Cumulative Security Update for JScript and VBScript (Replaces MS15-066 ) | |||||
JScript/VBScript (IE8,Vista and 2008 only) CVE-2015-6135 CVE-2015-6136 |
KB 3116178 | no. | Severity:Critical Exploitability: 2,1 |
Critical | Critical | |
MS15-127 | Remote Code Execution in Microsoft Windows DNS (Replaces MS12-017 ) | |||||
Microsoft DNS Server CVE-2015-6125 |
KB 3100465 | no. | Severity:Critical Exploitability: 2 |
N/A | Critical | |
MS15-128 | Remote Code Execution Vulnerability in Microsoft Graphics Component (Replaces MS15-115 ) | |||||
various components (.Net, Lync, Silverlight, Skype..) CVE-2015-6106 CVE-2015-6107 CVE-2015-6108 |
KB 3104503 | no. | Severity:Critical Exploitability: 1,1,1 |
Critical | Critical | |
MS15-129 | Remote Code Execution in Microsoft Silverlight (Replaces MS15-080 ) | |||||
Silverlight CVE-2015-6114 CVE-2015-6165 CVE-2015-6166 |
KB 3106614 | no. | Severity:Critical Exploitability: 2,2,1 |
Critical | Important | |
MS15-130 | Remote Code Execution in Microsoft Uniscribe (Replaces MS14-036 ) | |||||
Uniscribe CVE-2015-6130 |
KB 3108670 | no. | Severity:Critical Exploitability: 3 |
Critical | Important | |
MS15-131 | Remote Code Execution Vulnerability in Microsoft Office (Replaces MS15-116 ) | |||||
Office CVE-2015-6040 CVE-2015-6118 CVE-2015-6122 CVE-2015-6124 CVE-2015-6172 CVE-2015-6177 |
KB 3116111 | no. | Severity:Critical Exploitability: 1,1,1,1,1,1 |
Critical | Important | |
MS15-132 | Remote Code Execution in Microsoft Windows (Replaces MS15-122 MS15-115 ) | |||||
Windows CVE-2015-6128 CVE-2015-6132 CVE-2015-6133 |
KB 3116162 | no. | Severity:Important Exploitability: 2,2,2 |
Critical | Important | |
MS15-133 | Privilege Escalation Vulnerability in Windows PGM | |||||
Microsoft Message Queuing (MSMQ) CVE-2015-6126 |
KB 3116130 | no. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-134 | Remote Code Execution in Windows Media Center (Replaces MS15-100 ) | |||||
Windows Media Center CVE-2015-6127 CVE-2015-6131 |
KB 3108669 | no. | Severity:Important Exploitability: 2,2 |
Critical | Important | |
MS15-135 | Privilege Elevation Vulnerability in Windows Kernel-Mode Drivers (Replaces MS15-122 MS15-115 ) | |||||
Kernel-Mode Drivers (Library Loading) CVE-2015-6171 CVE-2015-6173 CVE-2015-6174 CVE-2015-6175 |
KB 3119075 | yes (CVE-2015-6175). | Severity:Important Exploitability: 1,1,1,4 |
Important | Important |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds a\ re typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more tim\ e to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
Keywords: mspatchday
19 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
Anonymous
Dec 8th 2015
8 years ago
All machines launching Outlook in 'Safe Mode'.
Views, default settings and font preferences all blown out.
After last Month's attempt to get MS to pull a patch; 20 points of contact and 10+ hours wasted.
I will not be contacting them.
Microsoft... You are broken!!!
I pay you $20k+ a year for what?
Anonymous
Dec 8th 2015
8 years ago
Anonymous
Dec 8th 2015
8 years ago
KB3114409
MICROSOFT:
PLEASE PULL KB3114409 from Windows Update and STOP BREAKING COMPUTERS.
Anonymous
Dec 8th 2015
8 years ago
Win7Pro/64bit - Office 2010/32bit
I did experience a problem where one computer froze at 15% during the Windows Update reboot. I let it sit for 40 mins before I did a hard reset. All was well after the reset thankfully!!
Anonymous
Dec 8th 2015
8 years ago
There are a million reasons for something to appear in our production environment and not on another machine.
The problem is that MS no longer supports their products despite us spending large sums of corporate money on their 'Software Assurance'.
They have chosen to cheap out on 'support' to the point where it is impossible to alert them to a problem.
This leaves 'trial by public' as the only means to get their attention.
Anonymous
Dec 8th 2015
8 years ago
I probably missed that small type in the Outlook header the first time...and safe mode is probably why my Lync integration isn't working.
Anonymous
Dec 8th 2015
8 years ago
Anonymous
Dec 8th 2015
8 years ago
If KB3114409 is meant to fix CVE-2015-6124 (listed by MS as publicly exploited), then this is particularly unfortunate.
Anonymous
Dec 9th 2015
8 years ago
Anonymous
Dec 9th 2015
8 years ago