Microsoft Security Bulletins For October 2015
The Microsoft Patch overview for October 2015 provides you with detailed information about security and non-security patches and advisories that Microsoft released in the past 30 days for Microsoft Windows and other company products.
The executive summary offers a quick overview of the updates released this month. What follows are information about operating systems and other Microsoft products that patches got released for.
Afterwards, you find the list of security bulletins, security advisories and non-security updates, all with links pointing to Microsoft's website where you find additional information and often downloads as well.
The last part lists download and deployment information as well as links to important resources.
Executive Summary
- A total of 6 security bulletins were released on the October 2015 patch day.
- 3 bulletins are rated as critical, the highest severity rating.
- The security patches affect Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Server Software.
- All client versions of Windows are affected by one critical vulnerability.
Operating System Distribution
All client versions of Windows are affected by one critical vulnerability (MS15-106) patching security issues in Microsoft Internet Explorer. The important bulletin for Windows 10 addresses the same issue in Microsoft Edge.
Server operating systems are affected by the same issue but only in a moderate way.
- Windows Vista: 1 critical
- Windows 7:Â 1 critical
- Windows 8 and 8.1: 1 critical
- Windows RT and RT 8.1: 1 critical
- Windows 10:Â 1 critical, 1 important
- Windows Server 2008:Â 1 moderate
- Windows Server 2008 R2: 1 moderate
- Windows Server 2012 and 2012 R2: 1 moderate
- Server core: none
Other Microsoft Products
- Microsoft Office 2007, 2010, 2013 and 2016: 1 important
- Microsoft Office 2013 RT: 1 important
- Microsoft Office for Mac: 1 important
- Microsoft Excel Viewer, Microsoft Office Compatibility Pack Service Pack 3: 1 important
- Microsoft SharePoint Server 2007, 2010 and 2013: 1 important
- Microsoft Office Web Apps 2010 and 2013: 1 important
Security Bulletins
MS15-106 - Cumulative Security Update for Internet Explorer (3096441)Â - critical - remote code execution
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-107 - Cumulative Security Update for Microsoft Edge (3096448) - important- information disclosure
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-108 - Security Update for JScript and VBScript to Address Remote Code Execution (3089659) - critical - remote code execution
This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.
MS15-109 - Security Update for Windows Shell to Address Remote Code Execution (3096443) - critical - remote code execution
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
MS15-110 - Security Updates for Microsoft Office to Address Remote Code Execution (3096440) - important - remote code execution
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-111 - Security Update for Windows Kernel to Address Elevation of Privilege (3096447)Â - important - elevation of privilege
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Security Advisories and updates
- Security Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3042058)
- Security Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB3097966)
- Security Update for Internet Explorer Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3099406)
- Microsoft Security Advisory 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing
- Microsoft Security Advisory 3042058 - Update to Default Cipher Suite Priority Order
- Microsoft Security Advisory 2960358 - Update for Disabling RC4 in .NET TLS
- Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge.
- Microsoft Security Advisory 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing.
- Security Update for Internet Explorer Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3087040)
Non-security related updates
- Update for Windows 8.1 and Windows 7 (KB3090045) - Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1.
- Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7.
- Update for Windows 8 and Windows 8.1 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8.
- Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM-
- Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3083710) - Windows Update Client for Windows 7 and Windows Server 2008 R2: October 2015
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3083711) - Windows Update Client for Windows 8.1 and Windows Server 2012 R2: October 2015
- Update for Windows 7 (KB3035583) - Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- Update for Windows 8.1 (KB3035583) - Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1
- Update for Windows 8.1 and Windows 7 (KB3090045) - Windows Update for reserved devices in Windows 8.1 or Windows 7 SP1
- Cumulative Update for Windows 10 (KB3093266) - Cumulative update for Windows 10: September 30, 2015
- Dynamic Update for Windows 10 (KB3096652) - Compatibility update for upgrading to Windows 10: September 30, 2015
- Update for Windows Server 2008 and Windows Vista (KB2999226) - Update for Universal C Runtime in Windows
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB3096053) - September 2015 servicing stack update for Windows 8 and Windows Server 2012
- Cumulative Update for Windows 10 (KB3095020)
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB2999226)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3073874) - Compatibility update for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: September 2015
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3080042) - CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2
- Update for Windows 7 and Windows Server 2008 R2 (KB3080079) - Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2
- Update for Windows 8.1 and Windows RT 8.1 (KB3080800) - "Access violation (c0000005)" error if the NcdAutoSetup service crashes in Windows 8.1 or Windows RT 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3082353) - Windows 8.1 or Windows Server 2012 R2 hosts crash when they set up IPSec tunnel
- Update for Windows Server 2012 R2 (KB3083729) - WDS has a high CPU usage when many client computers try to start in Windows Server 2012 R2
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3084905) - TPM lockout occurs unexpectedly in Windows 8.1 or Windows RT 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3087041) - You can't select the first item in a list by touching in Windows 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3087137) - Gradient rendering issue when an application has nested transformed geometries in Windows 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3087390) - Application may crash with 0x8002801D error in Windows 8.1 or Windows Server 2012 R2
How to download and install the October 2015 security updates
Security updates are made available through Windows Update and other services. The most common method for home users is the Windows Update service which, depending on how it is configured, can notify, download or even install updates automatically on the computer Windows is running on.
To check for updates manually, do the following:
- Tap on the Windows-key on the keyboard, type Windows Update and hit the enter key.
- Click the "check for updates" link on the page that opens.
- Windows queries the update server to find out if updates are available. If that is the case, it displays the updates to you on the screen.
Microsoft publishes all updates individually on its Download Center website and all security updates as a monthly released security ISO image that you can download as well.
Additional information
- Microsoft Security Response Center blog on the 2015 Bulletin Release
- Microsoft Security Bulletin Summary for October 2015
- List of software updates for Microsoft products
- List of security advisories of 2015
- Our in-depth update guide for Windows
Martin, I would appreciate that you do not censor this post, as it’s informative writing.
Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).
For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.
You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.
If you used AI to help write this article, it has failed miserably.
AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI
Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.
Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.
Don’t tell me!
Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!
Bring in the dictatorship!!!
And screw Rreedom of Association – too radical for Ghacks maybe
GateKeeper ?
That’s called “appointing” businesses to do the state’s dirty work!!!!!
But the article says itself that those appointed were not happy – implying they had not choice!!!!!!
@The Dark Lady,
@KeZa,
@Database failure,
@Howard Pearce,
@Howard Allan Pearce,
Note: I replaced the quoted URI scheme: https:// with “>>” and posted.
The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
>> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
>> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
How to display only articles by a specific author:
Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
>> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033
By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
>> github.com/martinrotter/rssguard#readme
We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.
“Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”
Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.