Skip to main content

Microsoft Security Bulletins For December 2015

Welcome to this month's overview of the Microsoft December 2015 Patch Day. The guide provides you with relevant information about all security and non-security patches that Microsoft released since the November 2015 Patch day.

The executive summary lists the most important information about this month's update. It is then followed by distribution information divided into operating system and other Microsoft product distribution.

The main part of the guide consists of all security bulletins Microsoft released this month, links to security updates and advisories, and non-security updates.

The last section lists information about downloads and how the updates can be obtained, as well as links to core Microsoft websites.

Executive Summary

  1. Microsoft released 12 security bulletins in December 2015.
  2. Eight bulletins received an aggregate severity rating of critical, the highest rating.
  3. Threats include remote code execution (all critical vulnerabilities) and elevation of privilege.
  4. All client versions of Windows are affected by at least one critically rated bulletin.

Operating System Distribution

Windows 7 is the only operating system on the client side that is affected by two critical vulnerabilities. It is the only client operating system affected by MS15-130, a remote code execution vulnerability in Microsoft Uniscribe.

Windows Server 2008 R2 is the only server operating system affected by the Bulletin.

  • Windows Vista: 1 critical, 3 important
  • Windows 7:  2 critical, 3 important
  • Windows 8 and 8.1: 1 critical, 3 important
  • Windows RT and RT 8.1: 1 critical, 2 important
  • Windows 10: 1 critical, 2 important
  • Windows Server 2008:  2 important, 1 moderate
  • Windows Server 2008 R2: 1 critical, 2 important, 1 moderate
  • Windows Server 2012 and 2012 R2: 2 important, 1 moderate
  • Server core: 1 critical, 2 important

Other Microsoft Products

  • Microsoft Office 2007 and 2010: 2 critical
  • Microsoft Office 2013 and 2016: 1 critical
  • Microsoft Office RT: 1 critical
  • Microsoft Office for Mac: 1 important
  • Microsoft Office Compatibility Pack SP3, Microsoft Excel Viewer, Microsoft Word Viewer: 1 critical, 1 important
  • Microsoft Live Meeting 2007 Console: 1 critical
  • Microsoft Lync 2010 and 2013: 1 critical
  • Skype for Business: 1 critical
  • Microsoft Silverlight: 2 critical

Security Bulletins

  • MS15-124 - Cumulative Security Update for Internet Explorer (3116180) - Critical  -Remote Code Execution - This security update resolves vulnerabilities in Internet Explorer.
  • MS15-125 - Cumulative Security Update for Microsoft Edge (3116184) - Critical - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
  • MS15-126 - Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178) - Critical - Remote Code Execution - This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows.
  • MS15-127 - Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)  - Critical - Remote Code Execution - This security update resolves a vulnerability in Microsoft Windows.
  • MS15-128 - Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) - Critical - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight.
  • MS15-129 - Security Update for Silverlight to Address Remote Code Execution (3106614) - Critical -
    Remote Code Execution - This security update resolves vulnerabilities in Microsoft Silverlight.
  • MS15-130 - Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670) - Critical - Remote Code Execution - This security update resolves a vulnerability in Microsoft Windows.
  • MS15-131 - Security Update for Microsoft Office to Address Remote Code Execution (3116111) - Critical - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
  • MS15-132 - Security Update for Microsoft Windows to Address Remote Code Execution (3116162)  - Important - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Windows.
  • MS15-133 - Security Update for Windows PGM to Address Elevation of Privilege (3116130) - Important - Elevation of Privilege - This security update resolves a vulnerability in Microsoft Windows.
  • MS15-134 - Security Update for Windows Media Center to Address Remote Code Execution (3108669) - Important - Remote Code Execution - This security update resolves vulnerabilities in Microsoft Windows.
  • MS15-135 - Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075) - Important - Elevation of Privilege - This security update resolves vulnerabilities in Microsoft Windows.

Security Advisories and updates

  • Microsoft Security Advisory 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing
  • Microsoft Security Advisory 3057154 - Update to Harden Use of DES Encryption
  • Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
  • Microsoft Security Advisory 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing
  • Windows Malicious Software Removal Tool - December 2015 (KB890830)/Windows Malicious Software Removal Tool - December 2015 (KB890830) - Internet Explorer Version
  • MS15-115: Security Update for Windows Embedded Standard 7, Windows 7 and Windows Server 2008 R2 (KB3097877) - This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to go to an untrusted webpage that contains embedded fonts.
  • Security Update for Internet Explorer Flash Player for Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3103688) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: November 10, 2015.
  • Security Update for Internet Explorer Flash Player for Windows 10 (KB3103688) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: November 10, 2015.
  • Security Update for Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 (KB3108604) - Microsoft security advisory: Description of the security update for Windows Hyper-V: November 10, 2015

Non-security related updates

  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded (KB3112148) - December 2015, cumulative time zone update for Windows operating systems.
  • Update for Windows 10 (KB3118714) - OOBE update for Windows 10: December 8, 2015.
  • Update for Windows 10 (KB3119598) - OOBE update for Windows 10: December 8, 2015.
    Update for Windows 10 (KB3122947) - Some settings aren't retained when users upgrade to Windows 10 Version 1511 from an earlier Windows 10 version
  • Cumulative Update for Windows 10 (KB3116908) - This update includes improvements to enhance the functionality of Windows 10 Version 1511.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3112336) - This update enables support for additional upgrade scenarios from Windows 8.1 to Windows 10, and provides a smoother experience when you have to retry an operating system upgrade because of certain failure conditions. This update also improves the ability of Microsoft to monitor the quality of the upgrade experience.
  • Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3112343) - This update enables support for additional upgrade scenarios from Windows 7 to Windows 10, and provides a smoother experience when you have to retry an operating system upgrade because of certain failure conditions. This update also improves the ability of Microsoft to monitor the quality of the upgrade experience.
  • Cumulative Update for Windows 10 (KB3120677) - This update improves the functionality of Windows 10 version 1511.
  • Dynamic Update for Windows 10 (KB3120678) - This update improves the upgrade experience to Windows 10 version 1511.
  • Dynamic Update for Windows 10 (KB3116906) - Compatibility update for upgrading to and recovering Windows 10 version 1511: November 19, 2015.
  • Update for Windows 8.1 (KB3072318) - Update for Windows 8.1 OOBE to upgrade to Windows 10
  • Update for Windows 10 (KB3116097) - OOBE update for Windows 10: November 18, 2015.
  • Update for Windows 10 (KB3116278) - OOBE update for Windows 10 Version 1511: November 18, 2015.
  • Dynamic Update for Windows 10 (KB3116903) - Compatibility update for upgrading to Windows 10: November 18, 2015.
  • Update for Windows 10 (KB3118754) - Cumulative update for Windows 10 Version 1511: November 18, 2015.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3083800) - System crashes when you switch to another user and select a certificate in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows Server 2012 R2 (KB3096411) - Windows Error Reporting settings option is unavailable after update 3000850 is installed in Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3099834) - "Access violation" error and application that uses private keys crashes in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3100919) - Virtual memory size of Explorer increases when you open programs continuously in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3100956) - You may experience slow logon when services are in start-pending state in Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3101183) - You can't log on to a domain-joined computer in Windows 8.1 or Windows Server 2012 R2.
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3102429) - Update that supports Azerbaijani Manat and Georgian Lari currency symbols in Windows.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3103696) - Update for USB Type-C billboard support and Kingston thumb drive is enumerated incorrectly in Windows.
  • Update for Windows Server 2012 R2 (KB3105885) - Update to support auto-redirection of Windows Server 2012 R2 Essentials for Windows 10 client connector.
  • Update for Windows 10 (KB3106246) - Update for Windows 10 DVD Player: November 12, 2015

How to download and install the December 2015 security updates

windows updates

Updates are provided via Windows Update. The operating system should pick up those updates eventually but if you want to download those updates as fast as possible, you need to run a manual check for updates for that.

  1. Tap on the Windows-key, type Windows Update and hit enter.
  2. Click the "check for updates" button to run an update check in the window that opens.

Updates can also be obtained from monthly released security images, from Microsoft's official Download Center, and by using third-party tools.

Additional information

 

This article was first seen on ComTek's "TekBits" Technology News

HOME