All Windows users have two new 'critical' flaws.
All Windows users should patch these two new 'critical' flaws
http://www.zdnet.com/article/november-2015-patch-tuesday/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f
Out of the dozen patches, four of the security vulnerabilities are considered "critical" and should be patched immediately.
Courtesy
Zack Whittaker for Zero Day | November 10, 2015
Coming on the release of information stating that "... Microsoft intends to make its Windows 10 updates... fall under critical category", the very same updates that exploit and send the personal information, and computer usage data of the user/owner of the Windows 10 machine and make them vulnerable to the massive information gathering that Microsoft feels it is entitled to, you have to, or at least should ask yourself, "Do I need these updates?" There is no data on what exactly these updates (all of them) do, either singly, or if you use them altogether. This could be the set of updates that reveal everything to Microsoft, except your brand of shampoo, although you could safely assume that Microsoft is working on that little problem, if there is a dollar to be made, and a machine to be had.
Microsoft has released patches for two critical security vulnerabilities that affect every supported version of Windows. The software giant released the patches Tuesday (November 10, 2015) as part of its monthly release of security updates. All users running Windows Vista and later - including Windows 10 - are affected by two flaws, which could allow an attacker to install malware on an affected machine.
The patch,
MS15-112 addresses a memory corruption flaw in Internet Explorer. If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user, such as installing programs, and deleting data.
Users must be tricked or convinced into clicking a link, such as from an email or instant message, which opens a website that contains code that can exploit the flaw. The software giant's new Edge browser, which runs exclusively on Windows 10 machines, is also affected by the flaw, and has its own separate bulletin,
MS15-113. Windows server systems -
including users running the third-preview of Windows Server 2016 - are also at risk, but its enhanced security mode helps to mitigate the vulnerability.
The other patch affecting all versions of Windows,
MS15-115, fixes a series of flaws that could allow an attacker to remotely execute code on an affected machine by exploiting how the operating system handles and displays fonts. Some of the flaws can only be triggered if an attacker logs on to the affected machine, but some can be triggered by the user visiting a web page that contains exploit code.
Quote:
|
Microsoft said the two flaws were not being publicly exploited by attackers.
|
The company said another critical flaw,
MS15-114, is a flaw in Windows Journal that affects Windows Vista and Windows 7. The vulnerability can allow an attacker to remotely execute code on an affected computer if a user opens an exploitable file. Users running lower user privileges are less impacted. Microsoft also released eight other other patches - MS15-116 through to MS15-123 - for "important" issues relating to Microsoft Office, .NET Framework, and Skype.
November's patches will be available through the usual update channels.
---------------------------------------------
More Info on the patches:
MS15-112
https://technet.microsoft.com/library/security/MS15-112
MS15-113
https://technet.microsoft.com/library/security/MS15-113
including users running the third-preview of Windows Server 2016
http://www.zdnet.com/article/microsoft-to-deliver-third-windows-server-2016-preview-with-windows-container-support/
MS15-115
https://technet.microsoft.com/library/security/MS15-115
MS15-114
https://technet.microsoft.com/library/security/MS15-114