Yet another Patch Tuesday (November 10 2015) has rolled out, and the result is 21 new updates, 15 of which are listed as Important and 8 as Recommended. Keep in mind that if you install updates automatically, you may easily end up with patches your system doesn’t really need. Most of the updates are security-related and should be installed. The first update on the list is about fixing issues on Internet Explorer 11.
We have gathered the information about the updates for your convenience. Read it carefully. You should always have an idea of what you’re downloading to your personal computer.
As pointed out by security researchers, Microsoft is patching multiple vulnerabilities this month (some quite severe). 37 CVE listed vulnerabilities are being fixed with the four critical Bulletins. The company claims that none of the exploits you’re about to read about are being abused.
Let’s start with an important message from Microsoft regarding the security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: all of them require the installation of the update 2919355.
The official description goes like that:
“This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-112. Additionally, this security update includes several nonsecurity-related fixes for Internet Explorer.”
The update is described like an ‘Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: November 10, 2015.’
KB 3097992, KB 3097997, KB 3098779
The official description of these updates:
This update resolves vulnerabilities in the Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an attacker injects a client-side script into a user’s browser.
This security update resolves a vulnerability in the OS. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle attack between a client and a legitimate server.
This patch takes care of a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privileges if an attacker logs on to a computer and runs specially crafted code that exploits the vulnerability.
Another important security-driven fix for Windows. Exploiting severe vulnerabilities could allow remote code execution if an attacker tricks a user into opening a malicious document or to visit a suspicious webpage that contains embedded fonts.
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a computer and decrypt drives that have BitLocker enabled. The bypass can be exploited only if the computer has BitLocker enabled without a PIN or USB key, the computer is domain joined, and the attacker has physical access to the computer.
What is Kerberos authentication?
Kerberos is a computer network authentication protocol. It functions by relying on ‘tickets’ to enable nodes communicate over a non-secure network and prove their identity to one another.
The update is needed to fix vulnerabilities that could allow remote code execution.
This update concerns a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become unresponsive. Exploiting the vulnerability requires an attacker to have valid credentials.
The update should fix an “Access denied” error when the user runs a Windows Store app to configure printer property settings in Windows.
An update for the Transatel (France, Worldwide) network in Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT.
An update that contains some improvements for the Windows Update client in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.
An update concerning the Microsoft Windows Malicious Software Removal Tool designed to help remove specific, prevalent malicious software from computers running supported versions of Windows.
Users should note that MSRT will no longer be supported on Windows 2000-based systems after July 13, 2010.
And now we’re done with the important updates. We’re still waiting to see if any problems occur with any of them.
What about the Cumulative updates for Windows 10 – KB 3105213, KB 3105211?
KB 3105213 is a cumulative update for Win10. If we count correctly, this should be the 11th cumulative update for Win10 RTM. The second one is a cumulative update for Windows 10 version 1511. If we get things straight, this is the first update for Windows 10 build 1511. There’s something particularly interesting about this update and it is the fact that it was released before the product itself.