Microsoft's November 2015 Patch Tuesday: Critical Updates Address Wide Range of Vulnerabilities
Microsoft's November 2015 Patch Tuesday addressed a wide range of vulnerabilities across its products, including Windows, Office, and Edge. The updates aim to protect users from denial of service (DoS), man-in-the-middle (MITM) attacks, and encryption bypasses, among other threats.
Microsoft released 12 bulletins this month, with MS15-115 being the most critical. It fixes seven vulnerabilities in Windows, including two remotely exploitable font subsystem issues affecting all Windows versions. Browser and email attacks are common, with the Center for Internet Security (CIS) ranking them as priority 7 in their Critical Security Controls.
MS15-113 and MS15-114 should be patched promptly. The former addresses issues in Microsoft Edge Browser, while the latter fixes problems in Windows Journal. Adobe Flash update APSB15-28 also addresses critical vulnerabilities that allow code execution within the user's context.
Internet Explorer (MS15-112) and Skype (MS15-123) are among the products patched. MS15-112 brings 25 fixes, 23 of which are critical and can be exploited for Remote Code Execution (RCE) through malicious webpages. The remaining bulletins (MS15-118 to MS15-123) are rated important and should be addressed in the normal patch cycle. MS15-116 addresses seven flaws in Microsoft Word, five of which can be used for Remote Code Execution (RCE) and account control.
In total, Microsoft's November 2015 Patch Tuesday addresses 12 bulletins, with several critical updates that should be prioritized. Users are advised to apply these updates promptly to maintain the latest security level and protect against potential threats.
