Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Click here to enter text.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
Monthly Archives: November 2015
MS15-123 – Important: Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.
MS15-116 – Important: Security Update for Microsoft Office to Address Remote Code Execution (3104540) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-122 – Important: Security Update for Kerberos to Address Security Feature Bypass (3105256) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key.
MS15-120 – Important: Security Update for IPSec to Address Denial of Service (3102939) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
MS15-121 – Important: Security Update for Schannel to Address Spoofing (3081320) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
A simple solution to IT security sprawl?
According to recent research conducted by Forrester Consulting, the vast majority of enterprise security professionals believe that security should be delivered as an integrated platform via the cloud.
Indeed, 98 percent of those questioned said that integrated security platforms would be effective to both improve their security posture and to reduce overall cost in comparison to traditional on-premise security appliances and point solutions.
As our channel partners have experienced firsthand from their small and medium business clients, the ultimate problem addressed in the research is one that has been gaining increased airtime over the past year – security sprawl. With more data sharing, more device connections, and more security solutions to manage everything than ever before, companies are struggling to keep themselves secure.
Though targeted at an enterprise level, I believe you’ll agree that these research findings are just as applicable to smaller businesses – with the fragmented security landscape posing a management headache no matter your company size.
Our AVG Business product line includes a managed services and security platform that offers a range of features. We have designed the products with absolute simplicity in mind to help relieve security sprawl headaches. AVG CloudCare is one example, enabling direct, real-time management of a full suite of cloud-delivered security services – antivirus, online backup, content filtering, email security, premium remote control, secure sign-on and more, all from one dashboard. Instead of having to deal with the complexity of multiple, different security solutions, we provide a ‘single pane of glass’ view for easier IT management.
AVG CloudCare supports our partners, so that MSPs can give their customers the reassurance that their applications and data are protected on any device, anytime, anywhere.
As John Quatto, Channel Partner Manager at Zobrio Inc. recently put it, “the only problem you might face now is that your clients will never witness and appreciate the work you’re doing – As an MSP you have to be able to prove your worth – ironically, that’s difficult if you’re fixing issues before the customer even knows they exist!”
If AVG CloudCare sounds like it could be an asset for your business, visit our AVG Business website today to find out more.
CVE-2015-5655
The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-6362
The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.
CVE-2015-8100
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.