December 2015 Microsoft Patch Tuesday

Install your Windows updates folks!

Microsoft’s second Tuesday of the Month

  • 12 patch bundles, 8 of them critical, 4 important
  • Remote Code Execution vulnerabilities for: Office, Uniscribe, Silverlight, “Graphics Component”, DNS, JScript & VBScript.
  • Critical update packages for their Edge and IE browsers.

Adobe updates FLASH to v20.0.0.235

  • https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
  • Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
  • How many??? 78!!!
  • Now at v20.0.0.235
  • And still trying to push McAfee “Security Scan Plus” on us

Post from SAN Internet Storm Center:

Special Note: MS15-127 looks particularly “nasty”. A remote code execution vulnerability in Microsoft’s DNS server. Microsoft rates the exploitability as “2”, but doesn’t provide much detail as to the nature of the vulnerability other than the fact that it can be triggered by remote DNS requests, which is bad news in particular if you are using a Microsoft DNS server exposed to the public internet. In this case, I would certainly expedite this patch. This is the vulnerability to look out for this time around.

Overview of the December 2015 Microsoft patches and their status, color coded for you, here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s