Author Topic: Microsoft Security Bulletin Release for November 2015  (Read 5406 times)

0 Members and 1 Guest are viewing this topic.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7197
  • Liverpool FC - YNWA
    • View Profile
Microsoft Security Bulletin Release for November 2015
« on: November 10, 2015, 04:16:59 PM »
Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:  https://technet.microsoft.com/library/security/ms15-nov


Critical (4)

Microsoft Security Bulletin MS15-112
Cumulative Security Update for Internet Explorer (3104517)
https://technet.microsoft.com/library/security/ms15-112

Microsoft Security Bulletin MS15-113
Cumulative Security Update for Microsoft Edge (3104519)
https://technet.microsoft.com/library/security/ms15-113

Microsoft Security Bulletin MS15-114
Security Update for Windows Journal to Address Remote Code Execution (3100213)
https://technet.microsoft.com/library/security/ms15-114

Microsoft Security Bulletin MS15-115
Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
https://technet.microsoft.com/library/security/ms15-115

Important (8 )

Microsoft Security Bulletin MS15-116
Security Update for Microsoft Office to Address Remote Code Execution (3104540)
https://technet.microsoft.com/library/security/ms15-116

Microsoft Security Bulletin MS15-117
Security Update for NDIS to Address Elevation of Privilege (3101722)
https://technet.microsoft.com/library/security/ms15-117

Microsoft Security Bulletin MS15-118
Security Update for .NET Framework to Address Elevation of Privilege (3104507)
https://technet.microsoft.com/library/security/ms15-118

Microsoft Security Bulletin MS15-119
Security Update for Winsock to Address Elevation of Privilege (3104521)
https://technet.microsoft.com/library/security/ms15-119

Microsoft Security Bulletin MS15-120
Security Update for IPSec to Address Denial of Service (3102939)
https://technet.microsoft.com/library/security/ms15-120

Microsoft Security Bulletin MS15-121
Security Update for Schannel to Address Spoofing (3081320)
https://technet.microsoft.com/library/security/ms15-121

Microsoft Security Bulletin MS15-122
Security Update for Kerberos to Address Security Feature Bypass (3105256)
https://technet.microsoft.com/library/security/ms15-122

Microsoft Security Bulletin MS15-123
Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
https://technet.microsoft.com/library/security/ms15-123
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft Security Bulletin Release for November 2015
« Reply #1 on: November 10, 2015, 06:39:14 PM »
In the event anyone is looking for information on https://support.microsoft.com/en-us/kb/3107998, you'll only see it if you have a Lenovo system.
Quote
Remove Lenovo USB Blocker version 1.0.0.37 to avoid a system crash with OCTOBER Update MS15-111.

This problem occurs because Lenovo USB Blocker version 1.0.0.37 has a bug that's exposed by Security Update 3088195.

h/t:  ky331

Edit Note:  Apparently the USB Blocker is only on the Lenovo IdeaPad, https://support.lenovo.com/us/en/documents/ht077027



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 210
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #2 on: November 11, 2015, 01:55:45 PM »
It appears that KB3097877 is causing issues with Outlook, possibly more.

This one really is Critical, I'd expect a quick fix re-release from MS.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft Security Bulletin Release for November 2015
« Reply #3 on: November 11, 2015, 02:24:26 PM »
The issue appears to be restricted to viewing emails with HTML -- Crashes since 11/11/15 Updates in both Outlook 2010 and 2013 when viewing HTML e-mails.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 610
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #4 on: November 11, 2015, 02:58:00 PM »
Having just seen this, I can confirm that Outlook 2010 is indeed crashing on my Win7x64 SP1 system.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 610
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #5 on: November 11, 2015, 03:21:15 PM »
.... and I can further confirm that removing Update KB3097877 solves the Outlook conflict... but at the cost of putting one (back) at risk of the Critical Vulnerability that the MS15-115 update was intending to fix.

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 210
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #6 on: November 11, 2015, 04:59:36 PM »
.... and I can further confirm that removing Update KB3097877 solves the Outlook conflict... but at the cost of putting one (back) at risk of the Critical Vulnerability that the MS15-115 update was intending to fix.
I'm pretty sure that this Critical update was triggered by recent drive by exploits through Flash/Reader, if you don't use Flash or Reader in your browsers/email clients, or you've updated to ?yesterday's? patched versions, you should be at lower risk as the main entry point for the attack should be significantly reduced - until the bad guys find an an alternative vulnerability in Flash...

I'm also seeing reports on reddit that it's causing login issues on tablets and touchscreens, some workarounds for that there.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft Security Bulletin Release for November 2015
« Reply #7 on: November 11, 2015, 06:12:40 PM »
Multiple issues reported in this InfoWorld article: KB 3097877 crashes Outlook, causes network sign-in black screens.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19284
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft Security Bulletin Release for November 2015
« Reply #8 on: November 11, 2015, 10:33:13 PM »
Known Issues added to KB 3907877:

Quote
  • We are aware of reports of crashes in all supported versions of  Microsoft Outlook that occur when users are reading certain emails after  this update is installed.
   We are investigating this issue and will update this article when further information is available.

Nothing mentioned about the other problems some have had.
 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 610
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #9 on: November 12, 2015, 11:26:36 AM »
Bulletin revised to inform customers running Windows 7 that the 3097877 update has been re-released to address an issue that caused crashes for some customers when they viewed certain emails. Customers who previously installed update 3097877 should reinstall the update to correct this known issue. See Microsoft Knowledge Base Article 3097877 for more information.

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1067
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #10 on: November 12, 2015, 05:20:03 PM »
I think I'll wait another day because I read threads of people who had black screens and others who could not log into Windows. Those problems seemed to also be related to that patch.

I don't use Outlook so that wouldn't affect me but I don't want to either be staring at a black screen instead of Windows are be unable to log in.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 610
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #11 on: November 12, 2015, 05:47:35 PM »
Probably a prudent move to wait, as there indeed have been other problems reported, allegedly due to this same update:   Login problems on Win7 touchscreen systems, Windows gadgets no longer working,  and/or Asus Audio Center not working.

In releasing the update, Microsoft has only acknowledged the problem with Outlook.

Having said that, I have already installed the revised update on 2 Win7x64 SP1 systems.   On the one system with Outlook, that e-mail client is now working again.  (The other system had Live Mail, which was never an issue).

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1067
    • View Profile
Re: Microsoft Security Bulletin Release for November 2015
« Reply #12 on: November 12, 2015, 05:55:34 PM »
I just read a post where TeamViewer broke.
The poster uninstalled the patch and it is working again.