Exploit This

Security News, Exploits, and Vulnerabilities.

Microsoft Security Updates November 2015


Microsoft posted four critical bulletins today, along with another eight rated Important and lesser. Microsoft’s summary is at the Technet site. All in all, the software maker is patching a large number of vulnerabilities this month, with 37 CVE listed vulnerabilities being fixed with the four critical Bulletins alone. On the bright side, Microsoft claims that none of these exploits are being publicly exploited at the time of notification.

Software affected with Bulletins rated critical are listed here (MS15-112, MS15-113, MS15-114, MS15-115):

  • Web browsers Microsoft Edge and Internet Explorer
  • Windows Journal
  • Windows’ font handing code

Software affected with Bulletins rated important are listed here (MS15-116, MS15-117, MS15-118, MS15-119, MS15-120, MS15-121, MS15-122, MS15-123):

  • Microsoft Office
  • Windows NDIS, IPSEC, Schannel, and winsock (network software)
  • Microsoft .NET Framework
  • Kerberos
  • Services on Sharepoint and Office Web Apps
  • Skype for Business and Microsoft Lync

Of the Bulletins rated “Important”, 16 CVE listed vulnerabilities were being fixed.


For you travelers aware of your own operational security and shunners of pgp, it’s interesting that Bulletin MS15-122 provides fixes against BitLocker-encrypted drive attacks.

According to Microsoft, “Kerberos fails to check the password change of a user signing into a workstation. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker.
An attacker who has physical access to a target machine could bypass Kerberos authentication by connecting a workstation to a malicious Kerberos Key Distribution Center (KDC).

The following mitigating factors may be helpful in your situation:

  • This bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key.
  • A domain user must be logged on to the target machine for the attack to succeed.”

Its reporter, Ian Haken, will be presenting the attack in a couple of days at BlackHat EU in Amsterdam. Perhaps this is another indication that hardware assisted drive encryption is the way to go.

Significant updates today also include Google announcing their deprecation of support for the Chrome browser on Windows XP and Windows Vista, along with Mac OS X 10.6, 10.7, and 10.8. While some organizations in the ICS or health care space may want to continue running their investment into these systems on their plant floors or facilities, this deprecation is another reason to upgrade those systems.

Leave a Reply

%d bloggers like this: