Business as usual as Microsoft issues 12 bulletins after last month’s modest security update
Microsoft’s Patch Tuesday update for November highlights the differences between Internet Explorer and its more secure focused successor, Microsoft Edge.
For November’s update, Redmond delivered 12 bulletins, in stark contrast to the relatively modest Patch Tuesday for October, which only contained six bulletins, including updates for a range of products including Skype and Internet Explorer.
Of the 12 bulletins, four rated as critical, with the remaining eight rated as important.
One of the highest priority patch is MS15-115, which addresses seven vulnerabilities in Windows, the most severe of which could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
Microsoft’s decision to build a more secure web browser with Edge is evidenced by another critical patch (MS15-112) for Internet Explorer. “The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” said Microsoft.
Microsoft Office also receives an update (MS15-116), and the patch repairs seven Office flaw, the most severe of which could allow remote code execution if a user opens a specially crafted Microsoft Office file.
“We are back to normal for Patch Tuesday November 2015,” blogged Qualys CTO Wolfgang Kandek. “Twelve bulletins that cover a wide mix of products from Internet Explorer (MS15-112) to Skype (MS15-123).”
“Last month’s lower number of six bulletins was an anomaly – maybe caused by the summer vacation?,” he added. “What is not an anomaly but the product of serious security engineering is the pronounced difference between Internet Explorer and Edge patches.”
“Edge is clearly more secure than Internet Explorer and a solid choice as your Internet Browser if your users can run all their business applications with it,” he wrote.
Meanwhile the security experts over at Tripwire highlighted the record number of security bulletins from Microsoft in 2015, as well as .
“As Microsoft’s record setting bulletin number continues to climb, we see all of the usual suspects once again,” said Tyler Reguly, manager of software development at Tripwire.
“Microsoft’s browsers (Internet Explorer and Edge), along with Office, .NET, and the Windows Kernel all appear to have standing invites to Patch Tuesday every year but we’re definitely seeing new contenders for regular spots this year. Windows Journal and Lync/Skype for Business are definitely at the top of that list making numerous appearances this year.
“One of the more interesting updates is likely the SChannel update (MS15-121) since this issue has been publicly discussed for a while on the IETF mailing lists as they worked through a draft to implement an RFC on the topic,” said Reguly. “Watching protocol discussions, while it may be boring, is an interesting way to gain insight into upcoming vendor updates. It was recently mentioned on one of the mailing lists that Microsoft would soon have support for this issue, making this one of the most expected patches in a while.”
Meanwhile system administrators should also be aware that Adobe has released a security update for Flash Player that addresses 17 different flaws.
What do you know about Windows 10? Try our quiz!