October Patch Tuesday 2015

Microsoft is taking it easy on us this month. But don’t worry, Adobe, Google and Oracle are adding to the Patch Tuesday queue this month.

Microsoft has released just six bulletins this Patch Tuesday. This is a welcome reprieve given the 2015 bulletin count has already exceeded the total bulletin count for 2014 (85). With this month’s bulletins, the count is now up to 111 so far in 2015.

The bulletin breakdown looks like this: There are six bulletins (three critical, three important) and four public disclosures, with 33 total vulnerabilities being resolved. MS15-110 affects Office, Office Services and Web Apps and Sharepoint. The remaining five bulletins affect the Windows Operating System and the Internet Explorer and Edge browsers.

MS15-106 is a critical update for Internet Explorer that plugs 14 vulnerabilities, one of which is publicly disclosed (CVE-2015-6056). Public disclosure greatly increases the chances of a vulnerability being exploited, which makes this one a priority.

MS15-110 is an important update for Office and Sharepoint. This is only rated as important, but it contains a fix for a vulnerability that has been publicly disclosed (CVE-2015-6039) so make sure you do not ignore it. Sharepoint admins, if you have not done so already, you should virtualize your Sharepoint server to take advantage of snapshots for rollback. It is a lifesaver. This update also affects Office 2016, which just recently released.

MS15-111 is also rated as important. This is a kernel update that resolves five vulnerabilities, two of which have been publicly disclosed (CVE-2015-2552, CVE-2015-2553). Ensure that this is on your priority list. It is a kernel update, so make sure to do adequate testing before rollout to flush out serious problems if they exist.

On the non-Microsoft front we also have the quarterly release from Adobe. This update includes bulletins for Adobe Acrobat, Reader and Flash Player.

APSB15-24 is an update for Adobe Acrobat and Reader and resolves 55 vulnerabilities. The update is only rated as a Priority 2, but with the volume of issues being resolved this should probably get some attention.

APSB15-25 is an update for Adobe Flash that resolves 13 vulnerabilities. This update is rated as a Priority 1 and should get more immediate attention. With a Flash Player update there will be four total update you need to ensure are delivered across your environment. Flash Player and plug-ins for Internet Explorer, Google Chrome and Mozilla Firefox.

Google is releasing an updated version to fix 24 vulnerabilities and to support the Flash plug-in. The update is rated as a high priority by Google and, along with the Flash update included, should be towards the top of your priority list this month.

Oracle is having its quarterly CPU this month but it will be coming out next Tuesday. Don’t lose track of this, as Java will have an update.

Join us tomorrow for the October Patch Tuesday webinar where we will discuss the bulletins in more detail.