Microsoft Security Bulletins For November 2015

Welcome to the Microsoft Windows patch overview for November 2015. The guide provides you with relevant information about all security and non-security patches that Microsoft released for Windows and other company products in the past 30 day period.
It begins with an executive summary that lists the most important information in condensed form, followed by distribution information.
The distribution sections list all versions of Windows and other Microsoft products that have received patches this month.
This is followed by the list of security bulletins, security advisories and revisions, and non-security updates.
Last but not least, information about deployment are provided.
Executive Summary
- A total of 12 security bulletins have been released on the November 2015 Patch Day.
- Four of the bulletins are rated as critical, the highest available rating, the remaining eight as important, the second highest rating.
- Threats range from remote code execution over elevation of privilege to spoofing and information disclosure.
- All client versions of Windows are affected by at least one vulnerability in a critical way
Operating System Distribution
Windows 10 is the only client-based operating system that is affected by vulnerabilities in two critically rated bulletins while all other client systems only by one. The only reason for that is that it is affected by MS15-112 which describes issues in Internet Explorer and MS15-113 which describes issues in Microsoft Edge.
- Windows Vista: 1 critical, 4 important
- Windows 7:Â 1 critical, 4 important
- Windows 8 and 8.1: 1 critical, 5 important
- Windows RT and RT 8.1: 1 critical, 4 important
- Windows 10: 2 critical, 3 important
- Windows Server 2008:Â 4 important, 1 moderate
- Windows Server 2008 R2:Â 4 important, 1 moderate
- Windows Server 2012 and 2012 R2:Â 5 important, 1 moderate
- Server core: 5 important
Other Microsoft Products
All Microsoft Office products are affected by Ms15-116 (Security Update for Microsoft Office to Address Remote Code Execution).
- Microsoft Office 2007, 2010, 2013 and 2016: 1 important
- Office 2013 RT: 1 important
- Microsoft Office for Mac: 1 important
- Microsoft Office Compatibility Pack SP3, Excel Viewer and Word Viewer: 1 important
- Microsoft SharePoint Server 2007, 2010 and 2013: 1 important
- Microsoft Office Web Apps 2010 and 2013: 1 important
- Microsoft Lync Smart Room System: 2 important
- Microsoft Lync 2010 and 2013: 2 important
- Skype for Business 2016: 2 important
Security Bulletins
MS15-112 - Critical - Remote Code Execution - Cumulative Security Update for Internet Explorer (3104517) - This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-113 - Critical - Remote Code Execution - Cumulative Security Update for Microsoft Edge (3104519) - This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-114 - Critical - Remote Code Execution- Security Update for Windows Journal to Address Remote Code Execution (3100213) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS15-115 - Critical - Remote Code Execution- Security Update for Microsoft Windows to Address Remote Code Execution (3105864) - This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
MS15-116 - Important - Remote Code Execution - Security Update for Microsoft Office to Address Remote Code Execution (3104540) - This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-117 - Important - Elevation of Privilege - Security Update for NDIS to Address Elevation of Privilege (3101722) - This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS15-118 - Important - Elevation of Privilege - Security Update for .NET Framework to Address Elevation of Privilege (3104507) - This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
MS15-119 - Important - Elevation of Privilege - Security Update for Winsock to Address Elevation of Privilege (3104521) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.
MS15-120 - Important - Denial of Service - Security Update for IPSec to Address Denial of Service (3102939) - This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
MS15-121 - Important - Spoofing - Security Update for Schannel to Address Spoofing (3081320)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
MS15-122 - Important - Security Feature Bypass - Security Update for Kerberos to Address Security Feature Bypass (3105256) - This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
MS15-123 - Important - Information Disclosure - Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)Â - This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.
Security Advisories and updates
Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
Microsoft Security Advisory 3108638 - Update for Windows Hyper-V to Address CPU Weakness
MS15-106: Cumulative update for Windows 10 (KB3105210) - This update for Windows 10 includes functionality improvements and resolves the vulnerabilities MS15-106 and MS15-107.
Security Update for Internet Explorer Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3105216)
Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
Non-security related updates
Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3102810) - Installing and searching for updates is slow and high CPU usage occurs in Windows 7 and Windows Server 2008 R2
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3102812) - Installing and searching for updates is slow and high CPU usage occurs in Windows 8.1 and Windows Server 2012 R2
Dynamic update for Windows 10 (KB3106937) - Compatibility update for upgrading to Windows 10: October 29, 2015
Update for Windows 10 (KB3106928) - OOBE Update for Windows 10: October 29, 2015
Update for Windows 10 (KB3106932) - Compatibility update for upgrading to Windows 10: October 29, 2015
Dynamic Update for Windows 10 (KB3106937) - Compatibility update for upgrading to Windows 10: October 29, 2015
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3034348) - "Access denied" error when you use a Windows Store app to configure printer property settings in Windows
Update for Windows 8, Windows RT, and Windows Server 2012 (KB3058163) - Activation doesn't work if the sppsvc.exe process doesn't start automatically in Windows 8 or Windows Server 2012
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3078405) - "0x0000004A" or "0x0000009F" Stop error occurs in Windows 8.1
Update for Windows 7 (KB3081954) - Update for Work Folders improvements in Windows 7 SP1
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3087418) - Hebrew text is reversed in Visio 2013 on Windows 8.1-based devices
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3091297) - You can't logon to an AD FS server from a Windows Store app on a Windows 8.1 or Windows RT 8.1 device
Update for Windows Server 2012 R2 (KB3094486) - KDS service doesn't start if domain controllers are located in a child OU in Windows Server 2012 R2
Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB3095108) - Updated APN database entry for Transatel (France, Worldwide) network for Windows 8.1 and Windows 8
Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7, and Windows Server 2008 R2 (KB3095649) - Win32k.sys update in Windows: October 2015
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3095701) - TPM 2.0 device can't be recognized in Windows Server 2012 R2
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3096433) - Chkdsk command freezes when it's running in Windows
Update for Windows 10 (KB3105514) - Cumulative update for Windows 10: October 20, 2015
Dynamic Update for Windows 10 (KB3097626) - Compatibility update for upgrading to Windows 10: October 14, 2015
How to download and install the November 2015 security updates
The November 2015 patches are already available via Windows Update. Since Windows is configured to download and install security patches automatically by default, they will be installed on all of those systems automatically at one point.
Update checks are not in real-time however and if you want to speed up the deployment, you can check for updates manually:
- Tap on the Windows-key on your computer keyboard, type Windows Update and hit the enter-key.
- This should open the Windows Update interface. Depending on your version of Windows, this may be in form of a the new Settings application or a program window.
- Select the "check for updates" option on the page and wait for the results.
- All available updates are listed on the page and it takes another click to download and install those on the device.
Other options to deploy the updates included downloading them individually from Microsoft's Download Center, by downloading monthly security images that Microsoft releases, or by using third-party software to do so.
Additional information
- Microsoft Security Response Center blog on the 2015 Bulletin Release
- Microsoft Security Bulletin Summary for November 2015
- List of software updates for Microsoft products
- List of security advisories of 2015
- Our in-depth update guide for Windows

Martin, I would appreciate that you do not censor this post, as it’s informative writing.
Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).
For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.
You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.
If you used AI to help write this article, it has failed miserably.
AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI
Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.
Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.
Don’t tell me!
Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!
Bring in the dictatorship!!!
And screw Rreedom of Association – too radical for Ghacks maybe
GateKeeper ?
That’s called “appointing” businesses to do the state’s dirty work!!!!!
But the article says itself that those appointed were not happy – implying they had not choice!!!!!!
@The Dark Lady,
@KeZa,
@Database failure,
@Howard Pearce,
@Howard Allan Pearce,
Note: I replaced the quoted URI scheme: https:// with “>>” and posted.
The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
>> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
>> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
How to display only articles by a specific author:
Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
>> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033
By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
>> github.com/martinrotter/rssguard#readme
We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.
“Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”
Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.