MS15-115: Description of the security update for Windows: November 10, 2015

Summary
This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to go to an untrusted webpage that contains embedded fonts.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-115.
More information
Important
  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
This security update was rereleased on November 11, 2015, for Windows 7 and Windows Server 2008 R2 to resolve the following issues:
  • Resolves crashing that occurred in all supported versions of Microsoft Outlook when users were reading certain emails.
  • Resolves crashing that occurred in supported versions of Microsoft PowerPoint when opening PowerPoint Presentations.
  • Resolves crashing that occurred in supported versions of Internet Explorer when browsing certain web pages such as groupware web pages in Internet Explorer.
  • Resolves problems that occurred while users were logging on to the system. For example, after a user restarted the computer and then pressed Ctrl+Alt+Delete at the logon screen, the screen flashed and then went black. The user was then unable to continue. There may be other, similar logon issues that are related to this issue.

Resolution for customers who are unable to log on to their Windows 7 computers:

If you cannot log on to your Windows 7-based computer because of the known issue mentioned earlier, we recommend that you uninstall security update 3097877 and then install all the latest updates from Windows Update.

The following section provides ways to uninstall the update:

Option 1: Disconnect any digitizer devices

If you have a digitizer device connected to your Windows 7 computer (such as a Wacom device), unplug that device and then continue with logon. After you are logged on, install all the latest updates from Windows Update.

Option 2: Recover the last Restore Point by using System Restore

  1. Access the System Recovery Options. To do this, restart the computer and repeatedly tap the F8 key before the Windows logo appears. If the Windows logo appears, try again. Wait until the Windows logon prompt appears, and then shut down and then restart your computer. You must remove any floppy disks, CDs, and DVDs from your computer before you restart.
  2. Select Repair your Computer.repair your computer
  3. Select the language, and then log on to the computer.Select language

    Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options. For more information about how to obtain Windows 7 DVD or USB bootable media, visit the following Microsoft webpage:
  4. Select System Restore from the menu:
    Select System Restore from the menu
  5. Restore the last restore point. This uninstalls security update 3097877.
  6. Restart the computer into normal mode.

Option 3: Uninstall security update 3097877 at a command prompt

  1. Access the System Recovery Options. To do this, restart the computer and repeatedly tap the F8 key before the Windows logo appears. If the Windows logo appears, try again. Wait until the Windows logon prompt appears, and then shut down and then restart your computer. You must remove any floppy disks, CDs, and DVDs from your computer before you restart.
  2. Select Repair your Computer. System Recovery
  3. Select the language, and then log on to the computer.

    Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options. For more information about how to obtain Windows 7 DVD or USB bootable media, visit the following Microsoft webpage:
  4. Select Command Prompt from the menu:
    Select Command Prompt from the menu
  5. At the command prompt, run the following command:
    dism /image:C:\ /get-packages
  6. Search the results for security update 3097877.


    Note The package name in your computer might differ from above because it depends on your computer’s architecture. For example, instead of "x86", you may see "amd64".

    For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:
    827218How to determine whether a computer is running a 32-bit version or a 64-bit version of the Windows operating system
  7. Copy the package name, and paste it as shown:
    dism /image:C:\ /remove-package /PackageName:Package_for_KB3097877~31bf3856ad364e35~x86~~6.1.1.1
  8. You receive a message that states that the uninstallation was successful.
  9. Restart the computer into normal mode.
How to get and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, seeGet security updates automatically.

Note For Windows RT and Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS15-115 that corresponds to the version of Windows that you are running.
More information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6002.19xxxWindows Vista SP2 or Windows Server 2008 SP2SP2GDR
    6.0.6002.23xxxWindows Vista SP2 or Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Win32k.sys6.0.6002.195252,068,48017-Oct-201514:24x86
Win32k.sys6.0.6002.238352,076,16017-Oct-201514:18x86
Gdiplus.dll5.2.6002.195251,748,99217-Oct-201516:00x86
Gdiplus.dll5.2.6002.238351,748,99217-Oct-201515:29x86
Gdiplus.dll6.0.6002.195251,839,61617-Oct-201516:00x86
Gdiplus.dll6.0.6002.238351,839,61617-Oct-201515:29x86

For all supported x64-based versions of Windows Vista and Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Win32k.sys6.0.6002.195252,798,59217-Oct-201514:35x64
Win32k.sys6.0.6002.238352,801,15217-Oct-201514:47x64
Gdiplus.dll5.2.6002.195252,193,92017-Oct-201515:41x64
Gdiplus.dll5.2.6002.238352,194,43217-Oct-201515:34x64
Gdiplus.dll6.0.6002.195252,425,34417-Oct-201515:41x64
Gdiplus.dll6.0.6002.238352,425,85617-Oct-201515:34x64
Gdiplus.dll5.2.6002.195251,748,99217-Oct-201516:00x86
Gdiplus.dll5.2.6002.238351,748,99217-Oct-201515:29x86
Gdiplus.dll6.0.6002.195251,839,61617-Oct-201516:00x86
Gdiplus.dll6.0.6002.238351,839,61617-Oct-201515:29x86

For all supported IA-64-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Win32k.sys6.0.6002.195256,699,00817-Oct-201514:25IA-64
Win32k.sys6.0.6002.238356,708,73617-Oct-201514:23IA-64
Gdiplus.dll5.2.6002.195254,913,15217-Oct-201515:23IA-64
Gdiplus.dll5.2.6002.238354,913,66417-Oct-201514:59IA-64
Gdiplus.dll6.0.6002.195255,268,99217-Oct-201515:23IA-64
Gdiplus.dll6.0.6002.238355,268,99217-Oct-201514:59IA-64
Gdiplus.dll5.2.6002.195251,748,99217-Oct-201516:00x86
Gdiplus.dll5.2.6002.238351,748,99217-Oct-201515:29x86
Gdiplus.dll6.0.6002.195251,839,61617-Oct-201516:00x86
Gdiplus.dll6.0.6002.238351,839,61617-Oct-201515:29x86

Windows 7 and Windows Server 2008 R2 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7601.18xxxWindows 7 or Windows Server 2008 R2 SP1GDR
    6.1.7601.23xxxWindows 7 or Windows Server 2008 R2 SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File nameFile versionFile sizeDateTimePlatform
Win32k.sys6.1.7601.190542,386,94403-Nov-201517:46x86
Win32k.sys6.1.7601.232592,395,64803-Nov-201517:50x86
Gdiplus.dll5.2.7601.190541,723,90403-Nov-201518:45x86
Gdiplus.dll5.2.7601.232591,723,90403-Nov-201518:44x86
Gdiplus.dll6.1.7601.190541,625,60003-Nov-201518:45x86
Gdiplus.dll6.1.7601.232591,627,13603-Nov-201518:44x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Win32k.sys6.1.7601.190543,211,26403-Nov-201517:55x64
Win32k.sys6.1.7601.232593,214,84803-Nov-201518:01x64
Gdiplus.dll5.2.7601.190542,294,27203-Nov-201518:56x64
Gdiplus.dll5.2.7601.232592,294,27203-Nov-201519:03x64
Gdiplus.dll6.1.7601.190542,166,78403-Nov-201518:56x64
Gdiplus.dll6.1.7601.232592,167,29603-Nov-201519:03x64
Gdiplus.dll5.2.7601.190541,723,90403-Nov-201518:45x86
Gdiplus.dll5.2.7601.232591,723,90403-Nov-201518:44x86
Gdiplus.dll6.1.7601.190541,625,60003-Nov-201518:45x86
Gdiplus.dll6.1.7601.232591,627,13603-Nov-201518:44x86

For all supported IA-64-based versions of Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Win32k.sys6.1.7601.190547,505,40803-Nov-201517:18IA-64
Win32k.sys6.1.7601.232597,513,60003-Nov-201517:21IA-64
Gdiplus.dll5.2.7601.190544,924,92803-Nov-201518:02IA-64
Gdiplus.dll5.2.7601.232594,924,92803-Nov-201519:12IA-64
Gdiplus.dll6.1.7601.190544,603,90403-Nov-201518:02IA-64
Gdiplus.dll6.1.7601.232594,605,44003-Nov-201519:12IA-64
Gdiplus.dll5.2.7601.190541,723,90403-Nov-201518:45x86
Gdiplus.dll5.2.7601.232591,723,90403-Nov-201518:44x86
Gdiplus.dll6.1.7601.190541,625,60003-Nov-201518:45x86
Gdiplus.dll6.1.7601.232591,627,13603-Nov-201518:44x86

Windows 8 and Windows Server 2012 file information

  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.2.920 0.17xxxWindows 8, Windows RT, or Windows Server 2012RTMGDR
    6.2.920 0.21xxxWindows 8, Windows RT, or Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File nameFile versionFile sizeDateTimePlatform
Win32k.ptxmlNot applicable4,17211-Oct-201200:38Not applicable
Win32k.sys6.2.9200.175543,387,90417-Oct-201513:29x86
Win32k.ptxmlNot applicable4,17225-Jul-201220:33Not applicable
Win32k.sys6.2.9200.216713,375,10417-Oct-201513:22x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

File nameFile versionFile sizeDateTimePlatform
Win32k.ptxmlNot applicable4,17211-Oct-201200:37Not applicable
Win32k.sys6.2.9200.175544,063,74417-Oct-201513:28x64
Win32k.ptxmlNot applicable4,17225-Jul-201220:29Not applicable
Win32k.sys6.2.9200.216714,061,69617-Oct-201513:20x64
Wow64_win32k.ptxmlNot applicable4,17212-Feb-201300:14Not applicable
Wow64_win32k.ptxmlNot applicable4,17212-Feb-201300:09Not applicable

Windows 8.1 and Windows Server 2012 R2 file information

  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.3.920 0.17xxxWindows RT 8.1, Windows 8.1, and Windows Server 2012 R2RTMGDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8.1

File nameFile versionFile sizeDateTimePlatform
Win32k.ptxmlNot applicable4,21321-Aug-201323:39Not applicable
Win32k.sys6.3.9600.180933,521,53617-Oct-201514:00x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatform
Win32k.ptxmlNot applicable4,21322-Aug-201306:44Not applicable
Win32k.sys6.3.9600.180934,176,38417-Oct-201514:19x64
Wow64_win32k.ptxmlNot applicable4,21321-Aug-201323:39Not applicable

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
malicious attacker exploit
Properties

Article ID: 3097877 - Last Review: 11/18/2015 18:50:00 - Revision: 9.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows RT, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3097877
Feedback