Microsoft Security Bulletins For December 2015 - gHacks Tech News

Microsoft Security Bulletins For December 2015

Welcome to this month's overview of the Microsoft December 2015 Patch Day. The guide provides you with relevant information about all security and non-security patches that Microsoft released since the November 2015 Patch day.

The executive summary lists the most important information about this month's update. It is then followed by distribution information divided into operating system and other Microsoft product distribution.

The main part of the guide consists of all security bulletins Microsoft released this month, links to security updates and advisories, and non-security updates.

The last section lists information about downloads and how the updates can be obtained, as well as links to core Microsoft websites.

Executive Summary

  1. Microsoft released 12 security bulletins in December 2015.
  2. Eight bulletins received an aggregate severity rating of critical, the highest rating.
  3. Threats include remote code execution (all critical vulnerabilities) and elevation of privilege.
  4. All client versions of Windows are affected by at least one critically rated bulletin.

Operating System Distribution

Windows 7 is the only operating system on the client side that is affected by two critical vulnerabilities. It is the only client operating system affected by MS15-130, a remote code execution vulnerability in Microsoft Uniscribe.

Windows Server 2008 R2 is the only server operating system affected by the Bulletin.

  • Windows Vista: 1 critical, 3 important
  • Windows 7:  2 critical, 3 important
  • Windows 8 and 8.1: 1 critical, 3 important
  • Windows RT and RT 8.1: 1 critical, 2 important
  • Windows 10: 1 critical, 2 important
  • Windows Server 2008:  2 important, 1 moderate
  • Windows Server 2008 R2: 1 critical, 2 important, 1 moderate
  • Windows Server 2012 and 2012 R2: 2 important, 1 moderate
  • Server core: 1 critical, 2 important

Other Microsoft Products

  • Microsoft Office 2007 and 2010: 2 critical
  • Microsoft Office 2013 and 2016: 1 critical
  • Microsoft Office RT: 1 critical
  • Microsoft Office for Mac: 1 important
  • Microsoft Office Compatibility Pack SP3, Microsoft Excel Viewer, Microsoft Word Viewer: 1 critical, 1 important
  • Microsoft Live Meeting 2007 Console: 1 critical
  • Microsoft Lync 2010 and 2013: 1 critical
  • Skype for Business: 1 critical
  • Microsoft Silverlight: 2 critical

Security Bulletins

  • MS15-124 - Cumulative Security Update for Internet Explorer (3116180) - Critical  -Remote Code Execution - This security update resolves vulnerabilities in Internet Explorer.
  • MS15-125 - Cumulative Security Update for Microsoft Edge (3116184) - Critical - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
  • MS15-126 - Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178) - Critical - Remote Code Execution - This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows.
  • MS15-127 - Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)  - Critical - Remote Code Execution - This security update resolves a vulnerability in Microsoft Windows.
  • MS15-128 - Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) - Critical - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight.
  • MS15-129 - Security Update for Silverlight to Address Remote Code Execution (3106614) - Critical -
    Remote Code Execution - This security update resolves vulnerabilities in Microsoft Silverlight.
  • MS15-130 - Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670) - Critical - Remote Code Execution - This security update resolves a vulnerability in Microsoft Windows.
  • MS15-131 - Security Update for Microsoft Office to Address Remote Code Execution (3116111) - Critical - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
  • MS15-132 - Security Update for Microsoft Windows to Address Remote Code Execution (3116162)  - Important - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Windows.
  • MS15-133 - Security Update for Windows PGM to Address Elevation of Privilege (3116130) - Important - Elevation of Privilege - This security update resolves a vulnerability in Microsoft Windows.
  • MS15-134 - Security Update for Windows Media Center to Address Remote Code Execution (3108669) - Important - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Windows.
  • MS15-135 - Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075) - Important - Elevation of Privilege - This security update resolves vulnerabilities in Microsoft Windows.

Security Advisories and updates

  • Microsoft Security Advisory 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing
  • Microsoft Security Advisory 3057154 - Update to Harden Use of DES Encryption
  • Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
  • Microsoft Security Advisory 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing
  • Windows Malicious Software Removal Tool - December 2015 (KB890830)/Windows Malicious Software Removal Tool - December 2015 (KB890830) - Internet Explorer Version
  • MS15-115: Security Update for Windows Embedded Standard 7, Windows 7 and Windows Server 2008 R2 (KB3097877) - This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to go to an untrusted webpage that contains embedded fonts.
  • Security Update for Internet Explorer Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3103688) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: November 10, 2015.
  • Security Update for Internet Explorer Flash Player for Windows 10 (KB3103688) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: November 10, 2015.
  • Security Update for Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 (KB3108604) - Microsoft security advisory: Description of the security update for Windows Hyper-V: November 10, 2015

Non-security related updates

  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded (KB3112148) - December 2015, cumulative time zone update for Windows operating systems.
  • Update for Windows 10 (KB3118714) - OOBE update for Windows 10: December 8, 2015.
  • Update for Windows 10 (KB3119598) - OOBE update for Windows 10: December 8, 2015.
    Update for Windows 10 (KB3122947) - Some settings aren't retained when users upgrade to Windows 10 Version 1511 from an earlier Windows 10 version
  • Cumulative Update for Windows 10 (KB3116908) - This update includes improvements to enhance the functionality of Windows 10 Version 1511.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3112336) - This update enables support for additional upgrade scenarios from Windows 8.1 to Windows 10, and provides a smoother experience when you have to retry an operating system upgrade because of certain failure conditions. This update also improves the ability of Microsoft to monitor the quality of the upgrade experience.
  • Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3112343) - This update enables support for additional upgrade scenarios from Windows 7 to Windows 10, and provides a smoother experience when you have to retry an operating system upgrade because of certain failure conditions. This update also improves the ability of Microsoft to monitor the quality of the upgrade experience.
  • Cumulative Update for Windows 10 (KB3120677) - This update improves the functionality of Windows 10 version 1511.
  • Dynamic Update for Windows 10 (KB3120678) - This update improves the upgrade experience to Windows 10 version 1511.
  • Dynamic Update for Windows 10 (KB3116906) - Compatibility update for upgrading to and recovering Windows 10 version 1511: November 19, 2015.
  • Update for Windows 8.1 (KB3072318) - Update for Windows 8.1 OOBE to upgrade to Windows 10
  • Update for Windows 10 (KB3116097) - OOBE update for Windows 10: November 18, 2015.
  • Update for Windows 10 (KB3116278) - OOBE update for Windows 10 Version 1511: November 18, 2015.
  • Dynamic Update for Windows 10 (KB3116903) - Compatibility update for upgrading to Windows 10: November 18, 2015.
  • Update for Windows 10 (KB3118754) - Cumulative update for Windows 10 Version 1511: November 18, 2015.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3083800) - System crashes when you switch to another user and select a certificate in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows Server 2012 R2 (KB3096411) - Windows Error Reporting settings option is unavailable after update 3000850 is installed in Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3099834) - "Access violation" error and application that uses private keys crashes in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3100919) - Virtual memory size of Explorer increases when you open programs continuously in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3100956) - You may experience slow logon when services are in start-pending state in Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3101183) - You can't log on to a domain-joined computer in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3102429) - Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3103696) - Update for USB Type-C billboard support and Kingston thumb drive is enumerated incorrectly in Windows.
  • Update for Windows Server 2012 R2 (KB3105885) - Update to support auto-redirection of Windows Server 2012 R2 Essentials for Windows 10 client connector.
  • Update for Windows 10 (KB3106246) - Update for Windows 10 DVD Player: November 12, 2015

How to download and install the December 2015 security updates

windows updates

Updates are provided via Windows Update. The operating system should pick up those updates eventually but if you want to download those updates as fast as possible, you need to run a manual check for updates for that.

  1. Tap on the Windows-key, type Windows Update and hit enter.
  2. Click the "check for updates" button to run an update check in the window that opens.

Updates can also be obtained from monthly released security images, from Microsoft's official Download Center, and by using third-party tools.

Additional information

Summary
Microsoft Security Bulletins For December 2015
Article Name
Microsoft Security Bulletins For December 2015
Description
The Microsoft December 2015 Patch Day guide provides you with detailed information about updates released by the company in that month.
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Scott said on December 8, 2015 at 9:49 pm
      Reply

      Martin, thank you, thank you, thank you.

    2. Eagle said on December 8, 2015 at 9:58 pm
      Reply

      Anything more about KB3112148?

      1. Martin Brinkmann said on December 8, 2015 at 10:27 pm
        Reply

        Yes, the support page is finally up: December 2015, cumulative time zone update for Windows operating systems

    3. Jeff said on December 9, 2015 at 4:07 am
      Reply

      “(KB3112343) – This update enables support for additional upgrade scenarios from Windows 7 to Windows 10”

      Thanks once again, Martin, for the report. I was able to hide yet another attempt by MS to shove 10 down my throat. No matter how many of these I hide, the next month there’s another one, or past hidden ones return.

      Getting real tired of your shit, Microsoft.

      1. hirobo2 said on December 10, 2015 at 1:52 am
        Reply

        Don’t know why ppl are so keen on installing updates, especially during the W10 free upgrade window. They only marginally improve security. Try visiting a webpage infested with malware, your PC will become infected no matter if you have the latest updates or not.

        I’ve stopped updating my Windows systems since this April. Will resume again once the W10 free upgrade period is over.

    4. Dwight Stegall said on December 9, 2015 at 5:09 am
      Reply

      The smartest thing I ever did was disable all updates in Windows 8.1. They have screwed them up so bad I just couldn’t justify installing them anymore. I used to have lots of browser problems. Now I have almost none. I’d rather be part of a botnet than have my computer screw up constantly.

      1. Pete said on December 9, 2015 at 1:14 pm
        Reply

        Before this W10 fiasco, I was already checking EVERY update descriptions from MS site.. imagine how I feel now. I have stopped updating too, disabled update service, I just can’t find the time or interest to fight against MS shit. Thanks MS! ALL faith in MS is lost, all. Linux is the way I’m heading.

    5. Tom Hawack said on December 9, 2015 at 10:50 am
      Reply

      Windows Updates for Windows 7 64-BIT – 2015-12-08 :
      All were OK except KB3112343, added to my list of hidden updates.
      No previously hidden updates reappeared, thanks to Santa Claus?

    6. Ace said on December 9, 2015 at 1:05 pm
      Reply

      In the old days, I would just let the updates install freely. Now I come here first!

    7. Xi said on December 9, 2015 at 3:30 pm
      Reply

      For Win 8.1, how about KB3108347, KB3108381, KB3109103, KB3102812?
      Are these updates good or have any issues/backdoor/privacy issue/any other issues?

    8. b said on December 9, 2015 at 4:50 pm
      Reply

      Hi Martin
      unfortunately I installed without checking first. I therefore got KB112343 on my pc even though I’ve set the update-tools to only download important updates automatically. i’m too much of a tech- amateur to risk security issues, so I dare not disable the update service. what I don’t understand is that when I run the GWX-control program, mentioned by you in a former post, it tells me, that i have no hidden windows 10 upgrade stuff on my pc? besides: how do I uninstall KB112343?

      1. Martin Brinkmann said on December 9, 2015 at 4:54 pm
        Reply

        You can uninstall any installed update from the command line. Tap on Windows, type cmd.exe, right-click on the result and select run as adminstrator.

        Use the command wusa /uninstall /kb:112343 /quiet /norestart

        Replace the kb: value as you see fit.

        1. b said on December 9, 2015 at 6:36 pm
          Reply

          thank you for the instructions. However i guess i need to study the troubleshooting site of ultimate outsider. I installed the new version of GWX. it did alert me about the “get windows 10” app running. however it keeps displaying this warning although i’ve cleared the update cache via the button. easiest way would be to leave a comment on his website, but you can only do so if you have a google account! I’m so tired of these giant monopolies that tracks you all over the place.

      2. Jeff said on December 9, 2015 at 6:26 pm
        Reply

        “even though I’ve set the update-tools to only download important updates automatically. ”

        KB112343 was, unfortunately, listed among “important” updates. I’m sure it really is important … to Microsoft!

    9. Jim Hastings said on December 9, 2015 at 5:41 pm
      Reply

      Martin for some reason i have stopped getting your newsletter. Can you make sure I am on your list. my e-mail
      is as shown by name name. on the submit comment link.
      Thanks
      Jim

    10. Marci said on December 10, 2015 at 2:08 pm
      Reply

      Since the update, I’ve lost the Microsoft Office programs that I purchased. These were replaced with a Word Starter and some 2016 programs. Any idea how to reclaim Word? I’m working from home today and this is not helpful.

      Thank you!

    11. kalmly said on December 10, 2015 at 2:53 pm
      Reply

      I don’t want every day to be an adventure, I just want my computers to wake up and go to work every morning. After the first update rendered several apps useless (Win7) computer, I turned all updates off, like I did on my XP machine long before MS stopped supporting it. Both now run smoothly and without glitches. SO tired of MS BS.

    12. Sophia said on December 15, 2015 at 4:05 am
      Reply

      Hi Martin,

      I have gone along with the most recent windows 10 update, which happened to me on Dec 14, 2015, I suppose this update included what you have listed above. However, I came across a problem right after the update and it persists til this moment. Ever since the update my wireless internet has been acting up, keeping jump on and off line. The network adapter seems to be the issue where it stopped detecting WiFi properly. Now every 10 -20 minutes my internet disconnects and troubleshoot wouldn’t do anything. I have tried to restore the system to just a few days before but unfortunately I couldn’t find a restore point for that. I have uninstalled the Network Adapter then reinstalled it. No luck. When I trouble shoot it sometimes the problem goes away for 10 minutes before the internet gets disconnected again. My adapter is Broadcom 802.11n Version 5.106.199.1. I wonder if there is any way at all to fix this? Or what update should I un-update using the command line to get back to where I was 4 days ago??

      Thank you so much!

    13. Bill said on December 16, 2015 at 4:37 pm
      Reply

      My computer started having browser problems after updating Windows 10 in early November, 2015. I reinstalled Windows 8 and then 8.1 and everything was fine until an early December 2015 8.1 update. The following day I began to have browser problems with long delays and hang ups. I did a system restore to the day prior to the last update and now everything is back to normal. Anyone have ideas about what happened? Seems like something in common between the Windows 10 and 8.1 updates.

    14. iris said on December 16, 2015 at 8:18 pm
      Reply

      This update fried one if our computers windows system. Any idea how to fix it. Windows will no longer work on that device.

    15. Jbt619 said on December 16, 2015 at 10:03 pm
      Reply

      On Dec 12 my laptop did a force update on me while I was using it afte the update was finished and they installed “new features” my laptops run complete slower to the point that watching a video on my laptop take forever to load, even booting up my laptop is taking longer than usual any idea how I can make my laptop go back to the way it was before the force update? And yes I tried system restore points my laptop couldn’t find any

    16. Jbt619 said on December 16, 2015 at 10:13 pm
      Reply

      My laptop often freezes as well programs take longer to load and often not responding constantly if I click something or move the mouse too fast

    Leave a Reply