MS15-111: Security Update for Windows Kernel to address elevation of privilege: October 13, 2015

Summary
This security update resolves vulnerabilities in Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Note Customers who are using local and remote reporting attestation solutions should review the details of CVE-2015-2552. This is discussed in the Microsoft security bulletin that is mentioned in the following paragraph.

To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-111.
More information
Important
  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3088195 MS15-111: Description of the security update for Windows Kernel: October 13, 2015

    Known issues in this security update.
    • After you install this security update, on certain Lenovo-based computers, you may receive an error message on a blue screen that resembles the following:
      Your PC ran into a problem and needs to restart. We're just collecting some error information and then you can restart.
      Lenovo has confirmed that this is a problem in Lenovo USB Blocker application version 1.0.0.37. Please contact Lenovo for help with this issue.
      The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
  • 3097617 Cumulative update for Windows 10: October 13, 2015
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Windows RT and Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS15-111 that corresponds to the version of Windows that you are running.
More information

Security update deployment information

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Vista:
Windows6.0-KB3088195-x86.msu
For all supported x64-based editions of Windows Vista:
Windows6.0-KB3088195-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying this security update.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3088195
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3088195-x86.msu
For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3088195-x64.msu
For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3088195-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying this security update.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3088195
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 7:
Windows6.1-KB3088195-x86.msu
For all supported x64-based editions of Windows 7:
Windows6.1-KB3088195-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying this security update.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3088195
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3088195-x64.msu
For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3088195-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying this security update.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3088195
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 8:
Windows8-RT-KB3088195-x86.msu
For all supported x64-based editions of Windows 8:
Windows8-RT-KB3088195-x64.msu
For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3088195-x86.msu
For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3088195-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying the security updates.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3088195
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Windows Server 2012:
Windows8-RT-KB3088195-x64.msu
For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3088195-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying the security updates.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3088195
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows RT and Windows RT 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
DeploymentThe update is available through Windows Update only.
Restart RequirementA system restart is required after applying the security updates.
Removal InformationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File InformationSee Microsoft Knowledge Base Article 3088195

Windows 10 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 10:
Windows10.0-KB3097617-x86.msu
For all supported x64-based editions of Windows 10:
Windows10.0-KB3097617-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementA system restart is required after applying this security update.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3097617
Registry key verificationNote A registry key does not exist to validate the presence of this update.

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2
Windows6.0-KB3088195-ia64.msu00CCA9923DD37FE6A1E0B239DFA5EF231EC4CBDFA91D8925445FC70A3EF5B23FCBA4AC62C5021271446509272C18D420132A0AAF
Windows6.0-KB3088195-x64.msu4ACCAC2ED413310B9ABA268BF7CFD7012E2913F554F0F83B7E86AA48BB7568DA74F7CB3A1C319AD1F1B955C0F58473C56D59520F
Windows6.0-KB3088195-x86.msuB9933B59A8EF7DC735F44199EA096267625ABF263B1C560F8ED322FCFD202EBEFEA7F1BC3A71507483AD2A61E351BDB2454D5DD4
Windows6.1-KB3088195-ia64.msu63BF9C390ADE72AC6FD92BFB13BF44F721ECF1AE8C25D650FD68268EEE811B359F39C902FF7A0B2864DBF2F53B3024B45CC88EA4
Windows6.1-KB3088195-x64.msu27926D40EBAB08A2716ADAF8F719FCE7AE446384825210AC28B6313F721BFE75F4B2FF79106A8C94A9AF38B386927C95D02B2932
Windows6.1-KB3088195-x86.msu290151376CFEAC820AA5D7E7249332BF601E55064BF255FCF02A6E5F4E2CEF58AF4ECBD8B7B6E4DA608E9924BEA745F733CEAC95
Windows8.1-KB3088195-x64.msuEBE03F9AF97A0CA82001B8BD1A2FA0EC23CA3C0023EF0041206976981192B3E32D4BFCAB540ADCB2B1788CEA1FC8062BAE4D84DE
Windows8.1-KB3088195-x86.msuECB6A928B368D264F249410FB555D7ED6E3BF158DC26014B27DEDEA4CDBD68121241BEA58E208D6AC3737CA70763820FAE374C7A
Windows8-RT-KB3088195-x64.msuEF6331FCB908E84BA6CA069583D2A45CF7BB194E43AEB28F585895436CB56E909969A7CD50E5F05C70043D92F02D0426914DFC2F
Windows8-RT-KB3088195-x86.msuE655929AD4BA54FC79C3E3CF7825B87E39FEA2DB1341AE7C66F9B461623F1C35DC428DD7F04FCA143541C7CA9BA132A30859051F

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
malicious attacker exploit
Properties

Article ID: 3096447 - Last Review: 10/29/2015 23:33:00 - Revision: 2.0

Windows 10, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows RT, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3096447
Feedback