Revision Note: V1.0 (November 30, 2015): Advisory published.
Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate other domains, or sign code. In addition, these certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Dell customers. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.

Severity Rating: Critical
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.

Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.

Revision Note: V1.0 (November 10, 2015): Advisory published.
Summary: Microsoft is announcing the availability of a security update for Windows Hyper-V to protect against a denial of service condition that can be triggered with certain central processing unit (CPU) chipsets. Although the weakness resides in the chipset, Microsoft is issuing this security update to protect customers. The update prevents guests on a Hyper-V system from triggering a weakness in the CPU that could allow instructions from a Hyper-V guest to place its Hyper-V host’s CPU into an unresponsive state, leading to a denial of service condition for the guest operating systems running on the affected host. Successful exploitation of the CPU weakness would require kernel-mode code execution privileges on the guest operating system.

Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key.

Revision Note: V1.0 (November 10, 2015): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for November 2015.

Severity Rating: Important
Revision Note: V1.0 (November 10, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.