Patch Tuesday Analysis - November 2015
Download as PPTX, PDF1 like313 views
The document outlines the key details of patches released during the November 2015 Patch Tuesday, including 12 Microsoft security bulletins addressing 53 vulnerabilities, an Adobe Flash Player bulletin addressing 17 vulnerabilities, and a Google Chrome release addressing 1 vulnerability and the 17 Flash Player issues. Major products affected include Windows, Internet Explorer, Edge, Office, Flash Player and Google Chrome. The document provides information on the security impacts of each patch and any known issues.
Patch Tuesday Analysis - November 2015
- 1. Chris Goettl Sr. Product Manager Minimizing the Impact of Patch Tuesday Wednesday, November 11th, 2015 Dial In: 1-855-749-4750 (US) Attendees: 923 487 274
- 2. Shavlik Confidential Feel free to ask questions via the online Q&A link in the WebEx interface. Questions may be answered during the presentation. Unanswered questions will be resolved via email after the presentation is over. A copy of this presentation will be available at http://www.shavlik.com/webinars/ after the webinar. 2 Logistics
- 3. Shavlik Confidential November 2015 Patch Tuesday Overview Review November 2015 Security Bulletins Patch Recommendations Other patches released since last Patch Tuesday 3 Agenda
- 5. Shavlik Confidential 12 Microsoft Security Bulletins / 53 Vulnerabilities Addressed Adobe Flash Player Bulletin / 17 Vulnerabilities Addressed Google Chrome Release / 1 Vulnerability Addressed + 17 from Flash Player Plug-In Affected Products: All supported Windows operating systems (Including Windows 10) Internet Explorer, Edge Microsoft Office 2010, 2013 .Net Framework Microsoft Lync Sharepoint Skype for Business Lync Server Adobe Flash Player Google Chrome 5 Patch Tuesday Overview for November 2015
- 6. Shavlik Confidential Security Bulletins: 4 bulletin is rated as Critical. 8 bulletins are rated as Important. Vulnerability Impact: 5 bulletins address vulnerabilities that could allow Remote Code Execution. 3 bulletins address vulnerabilities that could allow Elevation of Privileges. 1 bulletin addresses a vulnerability that could allow Information Disclosure. 1 bulletin addresses a vulnerability that could allow a Denial of Service attack. 1 bulletin addresses a vulnerability that could allow Security Feature Bypass. 1 bulletin addresses a vulnerability that could allow Spoofing. 6 Overview for Microsoft November 2015
- 7. Shavlik Confidential Security Bulletins: Adobe Flash Player (Priority 1) Google Chrome (High) Vulnerability Impact: Adobe Flash Player addresses vulnerabilities that could allow Code Execution and Security Feature Bypass. Google Chrome addresses a vulnerability that could allow Information Disclosure and allows the Flash Player Plug-In update resolving the additional Flash vulnerabilities. 7 Overview for 3rd Party Vendors November 2015
- 8. Shavlik Confidential • MS15-115, MS15-121, and MS15-122 have some specific ordering to install if you manually install. • Threshold 2 (Fall Update) for Windows 10 will likely release tomorrow. • We will be supporting TH-2 as a Service Pack. • There will be a update for November after TH-2 upgrade. The Edge bulletin (MS15-113) needs to be applied. • MS15-123 is a cumulative update and has some known issues post install. 3108096 8 Known Issues Things to watch out for
- 9. Shavlik Confidential Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer, .Net Framework Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: 3105256 MS15-122, 3104521 MS15-119, 3104507 MS15-118, 3105864 MS15-115, 3104519 MS15-113, 3104517 MS15-112, 3108638 Microsoft security advisory, 3108604 Microsoft security advisory. Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Fixes 41 vulnerabilities: CVE-2015-2427, CVE-2015-6064, CVE-2015-6065, CVE-2015-6066, CVE-2015-6068, CVE-2015-6069, CVE-2015-6070, CVE-2015- 6071, CVE-2015-6072, CVE-2015-6073, CVE-2015-6074, CVE-2015-6075, CVE-2015-6076, CVE-2015-6077, CVE-2015-6078, CVE- 2015-6079, CVE-2015-6080, CVE-2015-6081, CVE-2015-6082, CVE-2015-6084, CVE-2015-6085, CVE-2015-6086, CVE-2015-6087, CVE-2015-6088, CVE-2015-6089, CVE-2015-6064, CVE-2015-6073, CVE-2015-6078, CVE-2015-6088, CVE-2015-6100, CVE-2015- 6101, CVE-2015-6102, CVE-2015-6103, CVE-2015-6104, (Publicly Disclosed) CVE-2015-6109, CVE-2015-6113, CVE-2015-6096, CVE-2015-6099, CVE-2015-6115, CVE-2015-2478, CVE-2015-6095 Replaces: CSWU-011 Restart Required: Requires Restart 9 CSWU-012: Cumulative update for Windows 10: November 10, 2015
- 10. Shavlik Confidential Maximum Severity: Critical Affected Products: Internet Explorer Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 25 vulnerabilities: CVE-2015-2427, CVE-2015-6064, CVE-2015-6065, CVE-2015-6066, CVE-2015-6068, CVE-2015-6069, CVE- 2015-6070, CVE-2015-6071, CVE-2015-6072, CVE-2015-6073, CVE-2015-6074, CVE-2015-6075, CVE-2015- 6076, CVE-2015-6077, CVE-2015-6078, CVE-2015-6079, CVE-2015-6080, CVE-2015-6081, CVE-2015-6082, CVE-2015-6084, CVE-2015-6085, CVE-2015-6086, CVE-2015-6087, CVE-2015-6088, CVE-2015-6089 Replaces: 3093983 in MS15-106, 3097617 in MS15-106 Restart Required: Requires Restart 10 MS15-112: Cumulative Security Update for Internet Explorer (3104517)
- 11. Shavlik Confidential Maximum Severity: Critical Affected Products: Windows, Edge Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 4 vulnerabilities: CVE-2015-6064, CVE-2015-6073, CVE-2015-6078, CVE-2015-6088 Replaces: 3096448 in MS15-107, Restart Required: Requires Restart 11 MS15-113: Cumulative Security Update for Microsoft Edge (3104519)
- 12. Shavlik Confidential Maximum Severity: Critical Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Impact: Remote Code Execution Fixes 1 vulnerabilities: CVE-2015-6097 Replaces: 3069114 in MS15-098, Restart Required: May Require Restart 12 MS15-114: Security Update for Windows Journal to Address Remote Code Execution (3100213)
- 13. Shavlik Confidential Maximum Severity: Critical Affected Products: Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts. Impact: Remote Code Execution Fixes 7 vulnerabilities: CVE-2015-6100, CVE-2015-6101, CVE-2015-6102, CVE-2015-6103, CVE-2015-6104, (Publicly Disclosed) CVE-2015-6109, CVE-2015-6113 Replaces: 3087135 in MS15-097, 3088195 in MS15-111, 3070102 in MS15-073, 3057154 in SA3057154, Restart Required: Requires Restart 13 MS15-115: Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
- 14. Shavlik Confidential Maximum Severity: Important Affected Products: Office, Sharepoint, Lync, Skype, Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 7 vulnerabilities: (Publicly Disclosed) CVE-2015-2503, CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094, CVE-2015-6123 Replaces: 2910994 in MS15-097 Restart Required: May Require Restart 14 MS15-116: Security Update for Microsoft Office to Address Remote Code Execution (3104540)
- 15. Shavlik Confidential Maximum Severity: Important Affected Products: Windows Description: This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials. Impact: Denial of Service Fixes 1 vulnerabilities: (Publicly Disclosed) CVE-2015-6111 Replaces: none Restart Required: May Require Restart 15 MS15-120: Security Update for IPSec to Address Denial of Service (3102939)
- 16. Shavlik Confidential Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server. Impact: Denial of Service Fixes 1 vulnerabilities: (Publicly Disclosed) CVE-2015-6112 Replaces: 3061518 in MS15-055 Restart Required: Requires Restart 16 MS15-121: Security Update for Schannel to Address Spoofing (3081320)
- 17. Shavlik Confidential Maximum Severity: Priority 1 Affected Products: Flash Player Description: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.. Impact: Security Feature Bypass, Code Execution Fixes 17 vulnerabilities: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE- 2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015- 7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046 Replaces: All previous versions Restart Required: May Require Restart 17 APSB15-28: Security updates available for Adobe Flash Player
- 18. Shavlik Confidential Maximum Severity: High Affected Products: Google Chrome Description: The stable channel has been updated to 46.0.2490.86 for Windows, Mac, and Linux. This release contains an update to Adobe Flash Player (19.0.0.245) and security fixes. Impact: Security Feature Bypass, Code Execution Fixes 1 vulnerabilities: CVE-2015-1302 Replaces: All previous versions Restart Required: Browser Reboot Required 18 Chrome-152: Google Chrome 46.0.2490.86
- 19. Shavlik Confidential Maximum Severity: Important Affected Products: Microsoft Windows Description: This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Impact: Elevation of Privilege Fixes 1 vulnerabilities: CVE-2015-6098 Replaces: none, Restart Required: Requires Restart 19 MS15-117: Security Update for NDIS to Address Elevation of Privilege (3101722)
- 20. Shavlik Confidential Maximum Severity: Important Affected Products: Microsoft Windows, .Net Framework Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser. Impact: Elevation of Privilege Fixes 3 vulnerabilities: CVE-2015-6096, CVE-2015-6099, CVE-2015-6115 Replaces: 3097988 replaces 2979568 in MS14-057, 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009, Restart Required: Does Not Require Restart 20 MS15-118: Security Update for .NET Framework to Address Elevation of Privilege (3104507)
- 21. Shavlik Confidential Maximum Severity: Important Affected Products: Microsoft Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability. Impact: Elevation of Privilege Fixes 1 vulnerabilities: CVE-2015-2478 Replaces: 2961072 and 2973408 in MS14-040 Restart Required: Requires Restart 21 MS15-119: Security Update for Winsock to Address Elevation of Privilege (3104521)
- 22. Shavlik Confidential Maximum Severity: Important Affected Products: Microsoft Windows Description: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer. Impact: Security Feature Bypass Fixes 1 vulnerabilities: CVE-2015-6095 Replaces: 3011780 in MS14-068, 3050514 in MS15-052 Restart Required: Restart Required 22 MS15-122: Security Update for Kerberos to Address Security Feature Bypass (3105256)
- 23. Shavlik Confidential Maximum Severity: Important Affected Products: Exchange Server Description: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content. Impact: Information Disclosure Fixes 1 vulnerabilities: CVE-2015-6061 Replaces: 2910994 in MS15-097, 3085500 in MS15-097, Restart Required: May Require Restart 23 MS15-123: Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
- 24. Shavlik Confidential24 Other lower priority updates for November
- 25. Shavlik Confidential25 Review Patch Releases Since October Patch Tuesday • Microsoft: 64 (Non-Security), 2 (Security Advisories), 1 (Security Tool), 7 (Security) • Wireshark: 1 (Security) • Picasa: 1 (Security) • Box Sync: 1 (Non-Security) • Dropbox: 3 (Non-Security) • Tomcat: 2 (Security) • Filezilla: 2 (Security) • Java: 1 (Security), 1 (Non-Security) • NotePad++: 2 (Security) • iTunes: 1 (Security) • Skype: 2 (Security) • Shockwave: 1 (Security) • Adobe Reader DC: 2 (Security) • Opera: 2 (Security) • VMware Tools: 1 (Security) • PDFCreator: 2 (Non-Security) • OpenOffice: 1 (Security) • WinZip: 1 (Non-Security) • VMware Workstation: 1 (Non-Security) • FireFox: 2 (Security) • HP Systems Management: 1 (Security) • LibreOffice: 1 (Non-Security) • Ccleaner: 1 (Non-Security) • WinSCP: 1 (Non-Security) • UltraVNC: 1 (Security) • SeaMonkey: 1 (Security) • Splunk Universal Forwarder: 1 (Non-Security)
- 26. Shavlik Confidential26 Patch Day Summary Company Bulletin Software Affected CVE Count Vulnerability Impact Vendor Severity Threat Risk Notes Microsoft MS15-112 Microsoft Windows, Internet Explorer 25Remote Code Execution Critical Medium-High Microsoft MS15-113 Microsoft Windows, Edge 4Remote Code Execution Critical Medium-High Microsoft MS15-114 Microsoft Windows 1Remote Code Execution Critical Medium-High Microsoft MS15-115 Microsoft Windows 7Remote Code Execution Critical High Publicly Disclosed CVE-2015-6109 Microsoft MS15-116 Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Lync, Skype for Business 7Remote Code Execution Important Medium-High Publicly Disclosed CVE-2015-2503 Microsoft MS15-117 Microsoft Windows 1Elevation of Privilege Important Medium Microsoft MS15-118 Microsoft Windows, .Net Framework 3Elevation of Privilege Important Medium Microsoft MS15-119 Microsoft Windows 1Elevation of Privilege Important Medium Microsoft MS15-120 Microsoft Windows 1Denial of Service Important Medium-High Publicly Disclosed CVE-2015-6111 Microsoft MS15-121 Microsoft Windows 1Spoofing Important Medium-High Publicly Disclosed CVE-2015-6112 Microsoft MS15-122 Microsoft Windows 1Security feature bypass Important Medium Microsoft MS15-123 Microsoft Lync, Skype for Business 1Information Disclosure Important Medium Adobe APSB15-028 Flash 17 Security Feature Bypass, Code Execution Priority 1 High Google Chrome-152 Chrome 1 Security Feature Bypass, Code Execution High High This release includes the Flash Player Plug-In update.
- 27. Q&A
- 28. Shavlik Confidential • Shavlik Protect 9.2 Update 1 is available. Includes 7 fixes for known issues since release on October 19th. • Slide deck and video playback available here: www.shavlik.com/Webinars • Sign up for next months Patch Tuesday Webinar and view webinar playbacks: http://www.shavlik.com/webinars/ • Sign up for Content Announcements: • Email http://www.shavlik.com/support/xmlsubscribe/ • RSS http://protect7.shavlik.com/feed/ • Twitter @ShavlikXML • Follow us on: • Shavlik on LinkedIn • Twitter @ShavlikProtect • Shavlik blog -> www.shavlik.com/blog • Chris Goettl on LinkedIn • Twitter @ChrisGoettl 28 Resources and Webinars
Editor's Notes
- #6: 4 public disclosures Microsoft release
- #10: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: CVE-2015-6109 Exploited in Wild: none
- #11: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: None Least privilege would mitigate the impact of most of the vulnerabilities being resolved.
- #12: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: None This update will apply to TH-2. If you update systems immediately upon release of TH-2, you should plan to push this update as well.
- #13: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: none Least privilege will mitigate the impact. Attacker could convince a user to click on specially crafter Journal files to exploit.
- #14: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: CVE-2015-6109 Multiple information disclosure vulnerabilities exist when Windows fails to properly initialize memory addresses, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited the vulnerabilities could retrieve the base address of the Kernel driver from a compromised process. To exploit the vulnerabilities, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerabilities by correcting how Windows handles memory addresses. Known issue: when installing MS15-115 with other patches this month. Updates need to be applied in correct order if installing manually. 3 bulletins have to install patches in a specific order to work. Install order below: Windows 7/2008R2 MS15-122, MS15-121, MS15-115 Windows 8/2012 MS15-122, MS15-115, MS15-121 https://support.microsoft.com/en-us/kb/3101746
- #15: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Publicly Disclosed: CVE-2015-2503 An elevation of privilege vulnerability exists in Microsoft Office software when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploited the vulnerability could gain elevated privileges and break out of the Internet Explorer sandbox. To successfully exploit this vulnerability, an attacker would have to take advantage of an existing vulnerability in Internet Explorer by tricking a user into downloading a specially crafted application. Most likely, this vulnerability would be used in conjunction with another vulnerability that allowed remote code execution. For example, an attacker could exploit another vulnerability to run arbitrary code through Internet Explorer, but due to the context in which processes are launched by Internet Explorer, the code might be restricted to run at a low integrity level (very limited permissions). However, an attacker could, in turn, exploit this vulnerability to cause the arbitrary code to run at a medium integrity level (permissions of the current user).
- #16: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Publicly Disclosed: CVE-2015-6111 A denial of service vulnerability exists in Windows when the Internet Protocol Security (IPSec) service improperly handles encryption negotiation. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive. To exploit this vulnerability an attacker must have valid credentials. An attacker could exploit this vulnerability by using a malicious application to connect to a target machine and cause the server to become nonresponsive. The update addresses the vulnerability by adding an additional check to verify encryption negotiation. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2015-6111. At the time this security bulletin was originally issued, Microsoft was unaware of any attack attempting to exploit this vulnerability.
- #17: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Publicly Disclosed: CVE-2015-6112 A spoofing vulnerability exists in Microsoft Windows that is caused by a weakness in all supported versions of the TLS protocol. An attacker who successfully exploited this vulnerability could impersonate a victim on any other server that uses the same credentials as those used between the client and server where the attack is initiated. To exploit the vulnerability an attacker would first have to perform a man-in-the-middle (MiTM) attack between the client and a legitimate server. The update addresses the vulnerability by adding extended master secret binding support to all supported version of TLS. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2015-6112. At the time this security bulletin was originally issued, Microsoft was unaware of any attack attempting to exploit this vulnerability. Known issue: when installing MS15-121 with other patches this month. Updates need to be applied in correct order if installing manually. 3 bulletins have to install patches in a specific order to work. Install order below: Windows 7/2008R2 MS15-122, MS15-121, MS15-115 Windows 8/2012 MS15-122, MS15-115, MS15-121 https://support.microsoft.com/kb/3081320
- #18: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Flash Player and all related plug ins must be updated to fully resolve these vulnerabilities. IE, Chrome each have an update to apply, and Firefox will auto update the plug-in typically.
- #19: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Includes update for Flash Plug-In resolving 17 vulnerabilities: Flash Player and all related plug ins must be updated to fully resolve these vulnerabilities. IE, Chrome each have an update to apply, and Firefox will auto update the plug-in typically.
- #20: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
- #21: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. .Net can show multiple times per system if you many versions installed. Often .Net updates will add onto your maintenance time for the patch cycle.
- #22: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
- #23: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Known issue: when installing MS15-122 with other patches this month. Updates need to be applied in correct order if installing manually. 3 bulletins have to install patches in a specific order to work. Install order below: Windows 7/2008R2 MS15-122, MS15-121, MS15-115 Windows 8/2012 MS15-122, MS15-115, MS15-121 https://support.microsoft.com/kb/3101246
- #24: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. This is a cumulative update. Known issues with this update: Issue: Loss of video and of console Display tab touch responsiveness on single display devices (issue does not occur for dual display devices) when you toggle between "Content only" and "Gallery" on the Console. Workaround: Exit the meeting by pressing the Leave Meeting button on the Console, and then re-join the meeting. Issue: Only the first message will be displayed if a series of instant messages is sent by the same participant to the room within about one minute. Workaround: Participant should wait for about one minute to send the next message.
- #25: Shavlik Priority: Shavlik rates this bulletin as a Priority 3. Consider this update for testing and rollout when convenient. Note: Some 3rd party updates may be non-security, but are still classified in Protect as Security. This is due to the fact that the step from current to this version November include security fixes based on the version currently on a machine. It would only be considered non-security if you were up to the latest version before the non-security release was made available.
- #26: Windows 10 Cumulatives: CSWU-011 – Includes additional security updates Added support for products: Office 2016, Citrix XenApp 6.5 HR6, Microsoft Visual Studio 2013 Test Professional