Description:
Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:
MS15-124 Cumulative Security Update for Internet Explorer
MS15-125 Cumulative Security Update for Microsoft Edge
MS15-126 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution
MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution
MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution
MS15-129 Security Update for Silverlight to Address Remote Code Execution
MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution
MS15-131 Security Update for Microsoft Office to Address Remote Code Execution
MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution
MS15-133 Security Update for Windows PGM to Address Elevation of Privilege
MS15-134 Security Update for Windows Media Center to Address Remote Code Execution
MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege
Affected Systems:
- Microsoft .NET Framework 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6
- Microsoft Edge
- Microsoft Internet Explorer 7, 8, 9, 10, 11
- Microsoft Live Meeting 2007 Console
- Microsoft Lync 2010, 2013
- Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011, 2016
- Microsoft Office Compatibility Pack, Excel, Word Viewer
- Microsoft Silverlight 5
- Microsoft Skype for Business 2016
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
- Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1, 10
A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:
https://technet.microsoft.com/library/security/ms15-dec
Impact:
Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution and elevation of privilege.
Recommendation:
Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
- Microsoft Update
http://update.microsoft.com/microsoftupdate
B/Ds should be reminded that Microsoft has announced that only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates beginning from 16 January 2016. Please refer to "Browser Migration Guidance" in the below URL on the operating systems and browser version combinations that will be supported. B/Ds should upgrade or migrate the Internet Explorer to a platform with vendor support and implement compensating security measures before completing the upgrade or migration.
https://blogs.msdn.microsoft.com/ie/2014/08/07/stay-up-to-date-with-internet-explorer/
More Information:
https://technet.microsoft.com/en-us/library/security/ms15-dec
https://technet.microsoft.com/library/security/MS15-124
https://technet.microsoft.com/library/security/MS15-125
https://technet.microsoft.com/library/security/MS15-126
https://technet.microsoft.com/library/security/MS15-127
https://technet.microsoft.com/library/security/MS15-128
https://technet.microsoft.com/library/security/MS15-129
https://technet.microsoft.com/library/security/MS15-130
https://technet.microsoft.com/library/security/MS15-131
https://technet.microsoft.com/library/security/MS15-132
https://technet.microsoft.com/library/security/MS15-133
https://technet.microsoft.com/library/security/MS15-134
https://technet.microsoft.com/library/security/MS15-135
https://blogs.msdn.microsoft.com/ie/2014/08/07/stay-up-to-date-with-internet-explorer/
https://www.hkcert.org/my_url/en/alert/15120901
https://www.hkcert.org/my_url/en/alert/15120902
https://www.hkcert.org/my_url/en/alert/15120903
https://www.hkcert.org/my_url/en/alert/15120904
https://www.hkcert.org/my_url/en/alert/15120905
https://www.hkcert.org/my_url/en/alert/15120906
https://www.hkcert.org/my_url/en/alert/15120907
https://www.hkcert.org/my_url/en/alert/15120908
https://www.hkcert.org/my_url/en/alert/15120909
https://www.hkcert.org/my_url/en/alert/15120910
https://www.hkcert.org/my_url/en/alert/15120911
https://www.hkcert.org/my_url/en/alert/15120912
https://www.us-cert.gov/ncas/current-activity/2015/12/08/Microsoft-Releases-December-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6106 (to CVE-2015-6108)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6124 (to CVE-2015-6128)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6130 (to CVE-2015-6136)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6138 (to CVE-2015-6162)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6164 (to CVE-2015-6166)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168 (to CVE-2015-6177)