SECURITY

Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability of an update to improve interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the abbreviated TLS handshake. The update addresses an issue in schannel.dll that could cause RFC5077 session ticket-based resumption to fail and subsequently cause WinInet-based clients (for example, Internet Explorer and Microsoft Edge) to perform a fallback to a lower TLS protocol version than the one that would have been negotiated otherwise. This improvement is part of ongoing efforts to bolster the effectiveness of encryption in Windows. Source: ms-security

Severity Rating: CriticalRevision Note: V1.0 (January 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Source: ms-security

Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Source: ms-security