October2015 Patch Tuesday: Including Windows Shell Vulnerability

https://technet.microsoft.com/en-us/library/security/ms15-oct.aspx

Has several patches including  MS15-106  ” One memory corruption vulnerability (CVE-2015-6056) has been publicly disclosed.”  from the following link:

https://msisac.cisecurity.org/advisories/2015/2015-121.cfm

 

As far as Microsoft patches go – the ones that patch remote code execution in the vulnerability impact column.

And 4 of the 6 have remote code execution.   As a systems person I am always most concerned of MS15-109   as it is a Windows Shell vulnerability.

https://technet.microsoft.com/en-us/security/gg309177.aspx

 

Notice the critical portion of this link:

{ A vulnerability whose exploitation could allow code execution without user interaction. These scenarios include self-propagating malware (e.g. network worms), or unavoidable common use scenarios where code execution occurs without warnings or prompts. This could mean browsing to a web page or opening email. }

Microsoft recommends that customers apply Critical updates immediately.

 

I.e. this unpatched vulnerability could create another supervirus like the named ones in the past (Melissa, Code Red and more).

And here are the systems which could be affected:

Win10,Win8,Win7, Winserver2008, Winserver2012, WinRT, WinVista  basically all windows systems

ms15-109affectedsystems

 

Needless to say patch your systems!!!

Advertisements