Microsoft Security Bulletins For November 2015
Welcome to the Microsoft Windows patch overview for November 2015. The guide provides you with relevant information about all security and non-security patches that Microsoft released for Windows and other company products in the past 30 day period.
It begins with an executive summary that lists the most important information in condensed form, followed by distribution information.
The distribution sections list all versions of Windows and other Microsoft products that have received patches this month.
This is followed by the list of security bulletins, security advisories and revisions, and non-security updates.
Last but not least, information about deployment are provided.
Executive Summary
- A total of 12 security bulletins have been released on the November 2015 Patch Day.
- Four of the bulletins are rated as critical, the highest available rating, the remaining eight as important, the second highest rating.
- Threats range from remote code execution over elevation of privilege to spoofing and information disclosure.
- All client versions of Windows are affected by at least one vulnerability in a critical way
Operating System Distribution
Windows 10 is the only client-based operating system that is affected by vulnerabilities in two critically rated bulletins while all other client systems only by one. The only reason for that is that it is affected by MS15-112 which describes issues in Internet Explorer and MS15-113 which describes issues in Microsoft Edge.
- Windows Vista: 1 critical, 4 important
- Windows 7:Â 1 critical, 4 important
- Windows 8 and 8.1: 1 critical, 5 important
- Windows RT and RT 8.1: 1 critical, 4 important
- Windows 10: 2 critical, 3 important
- Windows Server 2008:Â 4 important, 1 moderate
- Windows Server 2008 R2:Â 4 important, 1 moderate
- Windows Server 2012 and 2012 R2:Â 5 important, 1 moderate
- Server core: 5 important
Other Microsoft Products
All Microsoft Office products are affected by Ms15-116 (Security Update for Microsoft Office to Address Remote Code Execution).
- Microsoft Office 2007, 2010, 2013 and 2016: 1 important
- Office 2013 RT: 1 important
- Microsoft Office for Mac: 1 important
- Microsoft Office Compatibility Pack SP3, Excel Viewer and Word Viewer: 1 important
- Microsoft SharePoint Server 2007, 2010 and 2013: 1 important
- Microsoft Office Web Apps 2010 and 2013: 1 important
- Microsoft Lync Smart Room System: 2 important
- Microsoft Lync 2010 and 2013: 2 important
- Skype for Business 2016: 2 important
Security Bulletins
MS15-112 - Critical - Remote Code Execution - Cumulative Security Update for Internet Explorer (3104517) - This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-113 - Critical - Remote Code Execution - Cumulative Security Update for Microsoft Edge (3104519) - This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-114 - Critical - Remote Code Execution- Security Update for Windows Journal to Address Remote Code Execution (3100213) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS15-115 - Critical - Remote Code Execution- Security Update for Microsoft Windows to Address Remote Code Execution (3105864) - This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
MS15-116 - Important - Remote Code Execution - Security Update for Microsoft Office to Address Remote Code Execution (3104540) - This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-117 - Important - Elevation of Privilege - Security Update for NDIS to Address Elevation of Privilege (3101722) - This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS15-118 - Important - Elevation of Privilege - Security Update for .NET Framework to Address Elevation of Privilege (3104507) - This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
MS15-119 - Important - Elevation of Privilege - Security Update for Winsock to Address Elevation of Privilege (3104521) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.
MS15-120 - Important - Denial of Service - Security Update for IPSec to Address Denial of Service (3102939) - This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
MS15-121 - Important - Spoofing - Security Update for Schannel to Address Spoofing (3081320)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
MS15-122 - Important - Security Feature Bypass - Security Update for Kerberos to Address Security Feature Bypass (3105256) - This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
MS15-123 - Important - Information Disclosure - Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)Â - This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.
Security Advisories and updates
Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
Microsoft Security Advisory 3108638 - Update for Windows Hyper-V to Address CPU Weakness
MS15-106: Cumulative update for Windows 10 (KB3105210) - This update for Windows 10 includes functionality improvements and resolves the vulnerabilities MS15-106 and MS15-107.
Security Update for Internet Explorer Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3105216)
Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
Non-security related updates
Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3102810) - Installing and searching for updates is slow and high CPU usage occurs in Windows 7 and Windows Server 2008 R2
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3102812) - Installing and searching for updates is slow and high CPU usage occurs in Windows 8.1 and Windows Server 2012 R2
Dynamic update for Windows 10 (KB3106937) - Compatibility update for upgrading to Windows 10: October 29, 2015
Update for Windows 10 (KB3106928) - OOBE Update for Windows 10: October 29, 2015
Update for Windows 10 (KB3106932) - Compatibility update for upgrading to Windows 10: October 29, 2015
Dynamic Update for Windows 10 (KB3106937) - Compatibility update for upgrading to Windows 10: October 29, 2015
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3034348) - "Access denied" error when you use a Windows Store app to configure printer property settings in Windows
Update for Windows 8, Windows RT, and Windows Server 2012 (KB3058163) - Activation doesn't work if the sppsvc.exe process doesn't start automatically in Windows 8 or Windows Server 2012
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3078405) - "0x0000004A" or "0x0000009F" Stop error occurs in Windows 8.1
Update for Windows 7 (KB3081954) - Update for Work Folders improvements in Windows 7 SP1
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3087418) - Hebrew text is reversed in Visio 2013 on Windows 8.1-based devices
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3091297) - You can't logon to an AD FS server from a Windows Store app on a Windows 8.1 or Windows RT 8.1 device
Update for Windows Server 2012 R2 (KB3094486) - KDS service doesn't start if domain controllers are located in a child OU in Windows Server 2012 R2
Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB3095108) - Updated APN database entry for Transatel (France, Worldwide) network for Windows 8.1 and Windows 8
Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2 (KB3095649) - Win32k.sys update in Windows: October 2015
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3095701) - TPM 2.0 device can't be recognized in Windows Server 2012 R2
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3096433) - Chkdsk command freezes when it's running in Windows
Update for Windows 10 (KB3105514) - Cumulative update for Windows 10: October 20, 2015
Dynamic Update for Windows 10 (KB3097626) - Compatibility update for upgrading to Windows 10: October 14, 2015
How to download and install the November 2015 security updates
The November 2015 patches are already available via Windows Update. Since Windows is configured to download and install security patches automatically by default, they will be installed on all of those systems automatically at one point.
Update checks are not in real-time however and if you want to speed up the deployment, you can check for updates manually:
- Tap on the Windows-key on your computer keyboard, type Windows Update and hit the enter-key.
- This should open the Windows Update interface. Depending on your version of Windows, this may be in form of a the new Settings application or a program window.
- Select the "check for updates" option on the page and wait for the results.
- All available updates are listed on the page and it takes another click to download and install those on the device.
Other options to deploy the updates included downloading them individually from Microsoft's Download Center, by downloading monthly security images that Microsoft releases, or by using third-party software to do so.
Additional information
- Microsoft Security Response Center blog on the 2015 Bulletin Release
- Microsoft Security Bulletin Summary for November 2015
- List of software updates for Microsoft products
- List of security advisories of 2015
- Our in-depth update guide for Windows
In the wake of Microsoft’s announcement that they would soon be moving the Windows 10 downyourthroatware package from the Optional to the Important section, I changed my automatic update settings from “automatically download and install” to “check but let me decide.” And after getting suckered in by the buggy KB3097877 patch, I decided to start waiting a few days after new patches are issued and vet every single one of them before installing, including the critical security ones (like KB3097877).
Actually, for a while there I disabled automatic updates entirely (“don’t check for updates”), but it turns out that that disabled manual Windows Update checks and the Windows Update Standalone Installer as well. Curious.
Anyway, when I ran a post-Patch-Tuesday manual Windows Update check today, I had two “important” updates and one “optional” update. One important update was what I hope is a properly functioning replacement for the KB3097877 patch — I still haven’t installed it, though — and the other was a run-of-the-mill definitions update for Windows Defender. The optional update was yet another effing “Upgrade to Windows 10 Pro” package … and it was preselected for installation. And here I was thinking that optional updates weren’t supposed to be preselected. Probably another “accident” from Microsoft’s Windows Update team, right? I wonder how many people got suckered into upgrading.
There’s already no question that Windows 7 will be my last Microsoft OS and that I will be moving to Linux, but I though I might stay with 7 through the end of support in January 2020. If this keeps up, though — the botched patches and the sneaky, coercive tactics to force non-Enterprise licensees to “upgrade” to 10 — I will be making the switch a lot sooner than expected. Basta.
KB3097877 caused my Outlook to crash when viewing a SBS2003 server report on 11-11-15. The KB was uninstalled and fixed the problem. The same number KB was reinstalled by auto updates last night at 3AM PST 11-12-15. Outlook crashed again this morning. I can’t tell which version of the KB was installed, but for now I am uninstalling it.
According to LawrenceSystems.com, the “fixed” replacement for KB3097877 was released on Wednesday 12 November 2015 at around 1:30 AM Redmond time (PST), around an hour and a half before your automatic updates downloaded. I guess there might be a possibility that the re-released patch didn’t get propagated to all of Microsoft’s update servers within that time, or that your ISP served you a cached copy of the old, buggy patch instead.
I initially downloaded the ‘bad’ one. I didn’t have any problems with it, but I uninstalled it anyway just in case. Two days later I noticed that MS had a new version, and it’s description stated that it had fixed the problems with the previous version. I’d say that is the first time I’ve seen MS take responsibility for a buggy update and promptly replace it. Although I think there should have been a public announcement about it, at least the replaced it and actually mentioned they made a mistake with it.
FYI: MS15-115 contains KB3097877; this patch is killing Outlook for a lot of people. On my Win7home-x64, Outlook 2010 was crashing on every 2nd or 3rd email I read. I ended up doing a system restore… A post elsewhere identified this KB as the culprit; apparently something to do with pictures in the email. I re-installed all but KB3097877 and my Outlook 2010 is stable again.
Microsoft just released an update to its problematic KB3097877 of November 10th 2015
KB3097877 indeed has been reported to crash Outlook and even on some systems to block Windows login.
KB3097877 of Nov. 12th installed over KB3097877 of Nov. 10 : no need to uninstall first update (in my case anyway).
Kinda makes you wonder if MS have reduced/removed the QA/test divisions and now just totally rely on telemetry to find all the bugs – first thru the insider golden rimmer’s club, and then the general public.
“the insider golden rimmer’s club”–that’s hysterical. I’m stealin’ this one, too!
What … no MS Spyware sneaking in this month?
It’s a miracle I tell you, and absolute miracle.
I count six updates above pertaining to Windows 10, under “Non-security-related updates”…
There’s been quite a lot of buzz with this Windows Ten-tatorship, maybe Microsoft decided to stop, or pause, or change its strategy…. but this November Patch Tuesday seems clean to me.
Let us pray.
“Clean” … I’m actually referring to the updates of a big, universally known software company… and I am in the process of making a distinction between its “clean” and implicitly “dirty” updates : what has become of this world, having to be wary of the very company we grew up with? This is mad!
I think I mis-read that–looks they are all are FOR Win 10. Wow…wonder where they snuck them in this month? :)
i might have overlooked something, but as far as i can see on my win7 machine i get completely different kb numbers than those listed above.
You’ll probably think I’m insane for this but it worked for me. :)
About every month since I got Windows 8.1 more than a year ago it has screwed up one way or another. I got sick of trying to keep it running right all the time. Since 8.1 was released there have been more than 350 Windows Updates. Many of them are buggy and installing that many seems to gum up the works.
Two months ago I reset Windows back to factory settings and disabled all Windows Updates. I then installed Sandboxie. I haven’t had a single problem since.
I’d rather be part of a botnet or whatever rather than go back to the way it was.
I wouldn’t take that risk, even with Sandboxie (which I don’t use), but you may be right, who knows? Not me.
Ever since I use Windows (3.1) I’ve always installed its Updates, blindly. I started filtering when the Ten-tatorship syndrome arose. Bothering to have to be both cautious and confident but IMO the required position to balance privacy and security.
Whatever, a side-effect of this Windows Ten-tatorship will have been — is — an abandon by many users of the monthly Patch Tuesday. Microsoft has been irresponsible on this point. I tend to mention this as a past event because November Windows Updates seem to be clear (I gain confidence as fast as I loose it). Time will tell. But I will never set Windows Updates to automatic. Never.
Tom makes a good point here. I, too, always installed most or all monthly security updates, and only began very strict filtering of them when the Windows Ten-tatorship arose a few months ago. Now I find myself forced, yet again (HSTS, etc.), to choose between privacy and security, and in the Ten-tatorship I find myself erring not on the side of security but on privacy.
Microsoft forcing their Ten-tatorship on people and then having people reluctant to install monthly updates, or not install them at all, as some here are doing, has the effect of having more unpatched machines out there on the net. Obviously the money to be made from harvesting and selling people’s personal data completely trumps (surprise!) any concerns about more unpatched PCs in the world. So much for “trustworthy computing†(which according to its Wikipedia page had security and privacy as two of its four key areas, but which, according to the same page, was shut down last year!).
Finally, each of us here perhaps, if we choose, can make sure we never set Windows Updates to automatic, but for the many other folks who’s PCs I help maintain, that may not be an option. I have tried to explain to as many of them as I could what has been happening and what is coming up soon in the Ten-tatorship, but it’s clear in most cases there is only limited understanding at best. I’m bracing myself for all of the calls I’m going to receive in January when people wake up and suddenly find that their OS is gone…
all links in Bulletins are SUDDENLY broken, and ends “We are sorry, the page you requested cannot be found.” message.
Any new sneaky privacy updates ?
I just checked, my windows 7 installation was apr 26-2010 (64bit) with service pack1. System restore is always off. I never install updates. Avast free a/v & a Macrium backup once a week.
Any others like me that do not install updates and never have problems?
ps internet explorer is always chopped off.
I stopped installing Windows 7 64bit updates a year ago.
System restore is always ON.
Full image backup with Acronis every 2 weeks (keeping 3 last backups).
Never install software (excluding Kaspersky anti-virus..security apps, Chrome browser). I use only portable apps.
Not sure if people have heard there is a forum discussion noting which updates are for win 10 telementary and a tool for removing them http://forum.notebookreview.com/threads/updates-to-hide-to-prevent-windows-10-upgrade-disable-telemetry.780476/
Since November patch installed repetitive error on start up with gadgets service, not possible to launch any of them… I removed completely the patch, problem removed, but no updates make no sense, to be honest I do not know which of those important updates influenced on that, someone could help?
Thanks Martin, For guiding me threw this mounts Microsoft Windows 7 system o.s., and outer MS products update who this mount is about the size of the Bergstraße-Odenwald Geopark, with the total amount of 29 windows updates.
At least that feeling I have now after that the complete necessaries were done being: To let no only main system download the new updates but after the download also installing those updates. Next on the to do list is then: restart the system and fragment the now update o.s. hard disk and last but not least to make a brand crispy new backup. :-)
No TH2 update. :(
I agree with the 1st two posts.. Thank you very much for this update summary..!! It’s sorely needed. I count 3 updates for “compatibility for upgrading to Windows 10”. Hiding all three of those.
Like Hy said, many thanks for these monthly reports. Much appreciated.
Martin, I can’t thank you enough for doing this update overview every month! I never make a move with Microsoft monthly updates–especially in this new era of Windows Ten-tatorship–without reading your summary and Susan Bradley’s Patch Watch summary first.
Thank you so very much again!
P.S. Credit to Pants, I think it was, for “Windows Ten-tatorship” :)
– “and a great name to boot!”
I just find it hilarious that there are now hundreds and hundreds of comments on ghacks with people saying the word ‘pants’ .. one day, the top search result on google for pants will be ghacks .. all part of my evil master plan
– “Ten-tatorship”
You can thank some viewer/caller/tweeter who was read out on The Talking Dead (chat show about The Walking Dead) who called Rick Grime’s tight control of the group a “Ricktatorship”. It’s catchy, huh!
– for a laugh (go on, it’s worth it)
https://thechive.files.wordpress.com/2015/11/sht-happens-sometimes-29.jpg
Pants, that “Unattended Laptops…” photo is great! Thanks for posting it!
I’ve heard about it but when it happens most of the time there isn’t a reply as yours :)
Congrats from the Queen of Suede !
“Pants didn’t deny being a man and that confirms what I thought”
have you never heard of security by obscurity? Or silence? I neither confirmed nor denied – so I could be either .. or a macaque monkey with a penchant for selfies .. who PETA (in their silly lawsuit) think is a male, but everyone else thinks is a female …
You say it so perfectly well, Hy.
Also, “Ten-tatorship”, as pertinent as it is funny. Perhaps another of Pant’s talents!
“Pants: a man of many talents (and a great name to boot!) :)”
Totally off-topic but now that I think about it, is it only me to consider unconsciously that all guests on a forum are males unless clearly mentioned or suggested? Pants didn’t deny being a man and that confirms what I thought but, I mean, how often do we not, unconsciously most of the time, consider the speaker as male “by default” so to say? I don’t think it is because I’m a male myself that I default to this initial reaction, but I’ll have to investigate to know for sure : do the ladies consider all speakers to be females?!
:)
Pants: a man of many talents (and a great name to boot!) :)