Now Reading
KB3081455 Cumulative Windows Update rolls out, with a change log in tow

KB3081455 Cumulative Windows Update rolls out, with a change log in tow

by AshwinSeptember 9, 2015

Microsoft has begun rolling out a new Windows Update for Windows 10. And yes, it is a cumulative one.

KB3081455 Cumulative Windows Update

The latest Patch Tuesday saw KB3081455 Windows Update released to the new operating system from Redmond.

But that isn’t the important news here. The spotlight is on the star of the show, which is none other than a change log. Well, technically it isn’t exactly a log in itself, rather it is a list of links to various Security Bulletins, which detail upon the fixes. Still it is much better than a bland page without any useful information.

A few weeks ago, Microsoft infamously told a news website, that it will only provide details for major Windows 10 Updates. Users didn’t take this news lightly, they began to protest at the Redmond Company’s Uservoice forums and demanded to know the changes that the updates bring.

I’m not sure if that was what made Microsoft change its mind, or perhaps it maybe the flak it has been drawing from blogs, who have criticized the lack of a release note.

KB3081455 Cumulative Windows Update change log:

The KB3081455 update contains some unknown functionality improvements, and a whopping seven security patches. You can find the links for the security bulletins, at the knowledgebase article.

1. A remote code execution issue in Internet Explorer 7 and above, which could be triggered when the browser is used to visit a malicious website. This could grant an attacker the same rights as those of the current user.

2. Same as the above vulnerability, but it affected Microsoft Edge too.

3. Vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync which could allow remote code execution if a user opens a malicious document or website which has Adobe OpenType fonts.

4. Similar to the 1st issue, but is triggered when the user opens a malicious Journal.

5.Some vulnerabilities in Microsoft .NET Framework, the worst of which could grant an attacker admin rights when a malicious .NET application is executed. The good news is the app cannot be run automatically.

6.Similar to the 5th issue, an attacker could be granted elevation of privilege, if the attacker logs on and executes a malicious application.

7. An issue in the Hyper-V Windows Server Virtualization, which can grant the attacker access past the security, when a malicious app has been run. This in turn, causes Hyper-V to incorrectly apply access settings (ACL).

Well that was quite a few vulnerabilities, and it’s good on Microsoft’s part to have shared the change-log, it shows its transparency.