Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Microsoft releases 12 bulletins as part of November 2015 patch

Microsoft releases 12 bulletins as part of November 2015 patch


Microsoft has released 12 bulletins as part of November’s patch which includes four critical updates, all of which can lead to remote code execution. The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers on practically every build of Windows, Internet Explorer and Edge. The Internet Explorer bulletin is marked critical for any users running versions of IE 7 to IE 11 and fixes 25 different vulnerabilities, mostly memory corruption bugs that can lead to code execution, in the browser. These vulnerabilities could be exploited by remote attackers to view a specially crafted website and gain the same user rights as the user.  In addition to the memory corruption vulnerabilities, three other issues, including an information disclosure vulnerability, an ASLR bypass, and a different type of memory corruption bug (in the scripting engines JScript and VBScript) were also fixed.
 
Source:
 
Threat Post
 
TechNet
 
Securelist
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis