Spyware, Viruses, & Security forum

Alert

Microsoft Security Bulletin Summary for December 2015

by Carol~ Moderator / December 8, 2015 10:50 AM PST

Microsoft released 12 new security updates today. Eight (8) are rated Critical and Four (4) are rated as Important.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 8
MS15-124 - Cumulative Security Update for Internet Explorer (3116180)
MS15-125 - Cumulative Security Update for Microsoft Edge (3116184)
MS15-126 - Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
MS15-127 - Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
MS15-128 - Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
MS15-129 - Security Update for Silverlight to Address Remote Code Execution (3106614)
MS15-130 - Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
MS15-131 - Security Update for Microsoft Office to Address Remote Code Execution (3116111)

Important: 4
MS15-132 - Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
MS15-133 - Security Update for Windows PGM to Address Elevation of Privilege (3116130)
MS15-134 - Security Update for Windows Media Center to Address Remote Code Execution (3108669)
MS15-135 - Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)

Security Bulletin: https://technet.microsoft.com/library/security/ms15-Dec

Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for December 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for December 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft Security Advisory Notification
by Carol~ Moderator / December 8, 2015 11:10 AM PST
Security Advisories Updated or Released Today

Issued: December 8, 2015

* Microsoft Security Advisory (3123040)
- Title: Inadvertently Disclosed Digital Certificate Could Allow Spoofing
- Originally published: December 8, 2015
- https://technet.microsoft.com/library/security/3123040
- Reason for Revision: V1.0 (December 8, 2015): Advisory published.

* Microsoft Security Advisory (3057154)
- Title: Update to Harden Use of DES Encryption
- Originally published: July 14, 2015
- https://technet.microsoft.com/library/security/3057154
- Reason for Revision: V1.1 (December 8, 2015): Advisory updated to include more information about disabling DES by default in Windows 7 and Windows Server 2008 R2 and later operating systems. The update allows DES to be used between client and server to address scenarios in which DES is still required for application compatibility reasons.

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- Originally published: September 21, 2012
- https://technet.microsoft.com/library/security/2755801
- Reason for Revision: V51.0 (December 8, 2015): Added the 3119147 update to the Current Update section.
Collapse -
Microsoft Security Bulletin Releases
by Carol~ Moderator / December 11, 2015 8:45 AM PST

Issued: December 10, 2015

Summary
The following bulletins have undergone a major revision increment.

* MS15-131 - Critical

Bulletin Information:

MS15-131 - Critical

- Title: Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.microsoft.com/library/security/ms15-131
- Reason for Revision: V2.0 (December 10, 2015): Bulletin revised to announce that the 3119518 update is available for Microsoft Office 2016 for Mac, and the 3119517 update is available for Microsoft Office for Mac 2011. For more information, see Microsoft Knowledge Base Article 3119518 and Microsoft Knowledge Base Article 3119517.
- Originally posted: December 8, 2015
- Updated: December 10, 2015
- Bulletin Severity Rating: Critical
- Version: 2.0

Collapse -
Microsoft Security Bulletin Minor Revisions
by Carol~ Moderator / December 16, 2015 7:08 PM PST

Issued: December 16, 2015

Summary
The following bulletins and/or bulletin summaries have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-124 - Critical
* MS15-125 - Critical
* MS15-DEC

Bulletin Information:

MS15-124 - Critical

- Title: Cumulative Security Update for Internet Explorer (3116180)
- https://technet.microsoft.com/library/security/ms15-124.aspx
- Reason for Revision: V1.1 (December 16, 2015): Bulletin revised to further clarify the steps users must take to be protected from the vulnerability described in CVE-2015-6161. This bulletin, MS15-124, provides protections for this issue, but user action is required to enable them; the cumulative update for Internet Explorer does not enable the protections by default. Before applying the protections, Microsoft recommends that customers perform testing appropriate to their environment and system configurations.
- Originally posted: December 08, 2015
- Updated: December 16, 2015
- Bulletin Severity Rating: Critical
- Version: 1.1

MS15-125 - Critical

- Title: Cumulative Security Update for Microsoft Edge (3116184)
- https://technet.microsoft.com/library/security/ms15-125.aspx
- Reason for Revision: V1.1 (December 16, 2015): Revised the vulnerability description for CVE-2015-6161 to more accurately describe the ASLR Bypass. This is an informational change only. Customers who have already successfully installed security update 3116869 or 3116900 do not need to take any action.
- Originally posted: November 10, 2015
- Updated: December 09, 2015
- Bulletin Severity Rating: Critical
- Version: 1.1

MS15-DEC

- Title: Microsoft Security Bulletin Summary for December 2015
- https://technet.microsoft.com/library/security/ms15-dec.aspx
- Reason for Revision: V1.2 (December 16, 2015): Bulletin Summary revised to add a Known Issue to the Executive Summaries table for 3104002. To resolve the issue, install hotfix 3125446. See Microsoft Knowledge Base Article 3104002 for more information.
- Originally posted: December 08, 2015
- Updated: December 16, 2015
- Version: 1.2

Collapse -
Microsoft Security Bulletin Minor Revisions
by Carol~ Moderator / December 18, 2015 4:32 AM PST

Issued: December 17, 2015

Summary
The following bulletins and/or bulletin summaries have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-NOV

Bulletin Information:

MS15-NOV

- Title: Microsoft Security Bulletin Summary for November 2015
- https://technet.microsoft.com/library/security/ms15-nov.aspx
- Reason for Revision: V2.2 (December 17, 2015): Bulletin Summary revised to add a Known Issue to the Executive Summaries table for MS15-116 and MS15-123. After you install security update 3101496, "Lync" is displayed in the title bar of the Contacts list. This issue occurs if you have configured the Skype for Business user interface to display in the Lync 2013 (Skype for Business) client. Microsoft is researching this problem and will post more information in this article when the information becomes available.
- Originally posted: November 10, 2015
- Updated: December 17, 2015
- Version: 2.2

Collapse -
Microsoft Security Bulletin Minor Revisions
by Carol~ Moderator / December 18, 2015 3:26 PM PST

Issued: December 18, 2015

Summary
The following bulletins and/or bulletin summaries have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-131

Bulletin Information:

MS15-131

- Title: Security Update for Microsoft Office to Address Remote Code Execution (3116111)
- https://technet.microsoft.com/library/security/ms15-131.aspx
- Reason for Revision: V2.1 (December 18, 2015): Bulletin revised to correct the Updates Replaced for 3101532 and 3114342, and to add a workaround for CVE-2015-6172. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
- Originally posted: December 12, 2015
- Updated: December 18, 2015
- Version: 2.1

Collapse -
Microsoft Security Advisory Notification
by Carol~ Moderator / December 29, 2015 1:26 PM PST
Security Advisories Updated or Released Today

Issued: December 29, 2015

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- Originally published: September 21, 2012
- https://technet.microsoft.com/library/security/2755801
- Reason for Revision: V52.0 (December 29, 2015): Added the 3132372 update to the Current Update section.
Collapse -
Microsoft Security Advisory Notification
by Carol~ Moderator / January 5, 2016 4:06 PM PST
Security Advisories Updated or Released Today

Issued: January 5, 2016

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
- Originally published: September 21, 2012
- https://technet.microsoft.com/library/security/2755801
- Reason for Revision: V53.0 (January 5, 2016): Added the 3133431 update to the Current Update section.
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?