MS15-120: Security update for IPsec to address denial of service: November 10, 2015

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials


This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become unresponsive. To exploit the vulnerability, an attacker must have valid credentials.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-120.

More Information


  • If you manually install this security update, we recommend that you install the update on your server-based systems first and then install the update on the client-based systems. Or, install the update on the server-based and client-based systems at the same time.

    Depending on your IPsec implementation, deploying this update to client systems only may result in a loss of network connectivity.
  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

Note For Windows RT and Windows RT 8.1, this update is available through Windows Update only.