November Patch Tuesday Addresses Various Remote Code Execution Flaws

Microsoft has rolled out twelve security updates for the month of November. Out of the twelve, four are rated critical while the rest are rated as important. All four critical bulletins address bugs that could allow remote code execution if the user opens a specially crafted file or webpage.

Microsoft rolled out cumulative security updates for both Internet Explorer (MS15-112) and Microsoft Edge (MS15-113). These address various vulnerabilities, the most severe of which could allow remote code execution if a user views a specially crafted webpage using the browsers. However, Microsoft did note that “customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

The other two critical updates address vulnerabilities for Microsoft Windows and Windows Journal. MS15-114 patches a bug that can allow remote code execution if a user opens a specially crafted Journal file.  MS15-115, meanwhile, resolves vulnerabilities that may “allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.”

Updating software and systems with the latest patches from Microsoft is strongly advised.

Trend Micro Solutions

Trend Micro Deep Security and Vulnerability Protection defend systems from threats that anchor on vulnerabilities with the following DPI rules:

  • 1007139 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6064)
  • 1007140 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065)
  • 1007141 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066)
  • 1007142 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068)
  • 1007143 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070)
  • 1007144 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071)
  • 1007145 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072)
  • 1007146 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6073)
  • 1007147 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
  • 1007148 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076)
  • 1007149 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077)
  • 1007150 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6078)
  • 1007151 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079)
  • 1007152 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080)
  • 1007153 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081)
  • 1007154 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082)
  • 1007155 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084)
  • 1007156 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085)
  • 1007157 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087)
  • 1007158 – Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6089)
  • 1007159 – Microsoft Windows Journal Heap Overflow Vulnerability (CVE-2015-6097)
  • 1007160 – Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103)
  • 1007161 – Microsoft Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104)
  • 1007166 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038)
  • 1007167 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091)
  • 1007168 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092)
  • 1007169 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094)
  • 1007177 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086)
  • 1007180 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6088)
  • 1007183 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093)

Read more: November Patch Tuesday Addresses Various Remote Code Execution Flaws

Story added 11. November 2015, content source with full text you can find at link above.