The Microsoft Patch overview for October 2015 provides you with detailed information about security and non-security patches and advisories that Microsoft released in the past 30 days for Microsoft Windows and other company products.
The executive summary offers a quick overview of the updates released this month. What follows are information about operating systems and other Microsoft products that patches got released for.
Afterwards, you find the list of security bulletins, security advisories and non-security updates, all with links pointing to Microsoft's website where you find additional information and often downloads as well.
The last part lists download and deployment information as well as links to important resources.
Executive Summary
Operating System Distribution
All client versions of Windows are affected by one critical vulnerability (MS15-106) patching security issues in Microsoft Internet Explorer. The important bulletin for Windows 10 addresses the same issue in Microsoft Edge.
Server operating systems are affected by the same issue but only in a moderate way.
Other Microsoft Products
Security Bulletins
MS15-106 - Cumulative Security Update for Internet Explorer (3096441) - critical - remote code execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-107 - Cumulative Security Update for Microsoft Edge (3096448) - important- information disclosure
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-108 - Security Update for JScript and VBScript to Address Remote Code Execution (3089659) - critical - remote code execution
This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.
MS15-109 - Security Update for Windows Shell to Address Remote Code Execution (3096443) - critical - remote code execution
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
MS15-110 - Security Updates for Microsoft Office to Address Remote Code Execution (3096440) - important - remote code execution
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-111 - Security Update for Windows Kernel to Address Elevation of Privilege (3096447) - important - elevation of privilege
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Security Advisories and updates
Non-security related updates
How to download and install the October 2015 security updates
Security updates are made available through Windows Update and other services. The most common method for home users is the Windows Update service which, depending on how it is configured, can notify, download or even install updates automatically on the computer Windows is running on.
To check for updates manually, do the following:
Microsoft publishes all updates individually on its Download Center website and all security updates as a monthly released security ISO image that you can download as well.
Additional information
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
like clockwork, thank you martin!
Trying my best even though Microsoft has made it harder to be in time ;)
Thanks for this valuable information Martin!
Every day I’m more and more afraid about these “specially crafted” things, it seems to be very bad. It appears in all vulnerability reports…
Yet more updates to be wary of if you have not intention of installing Windows 10, was going to list them but it seems there’s so many this time around. :(
Thanks again Martin for this regular appointment with Windows Updates detailed, explained.
Concerning KB3083710 comments on the Web are opposed, some call to trust the update others to avoid it and Microsoft as always keeps a flat non informative rhetoric when it comes to explaining what an update exactly does. At this time consequently I haven’t installed it. Not to mention of course those other well-known Win10 incentives come-backs.
What about updates KB3042058 KB3080446 KB3088195 KB3093513 KB3097966?
I got them for Windows 7 Ultimate 64-bit.
They are not in your list as far as I can see…
I also got KB 3088195 and 3080446. You don’t mention those.
Thanks as always for this blog every month. It helps to know which updates to install.
KB3088195 is MS15-111 and KB3080446 is MS15-109.
I believe KB2976978 is yet another Windows 10 Update! …per online
argghh just lovely bill
🍺٩(˘◡˘ )
Hi can someone tell me were to find which updates are safe to install. The ones from this oct. 2015 I do not understand what each update means above. Thanks
Little late to respond, but how do you list:
“Update for Windows 7 and Windows Server 2008 R2 (KB3080079) – Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2”
as a non-security update? It’s a HUGE security update for anyone that uses Remote Desktop Services.