Microsoft released September security bulletin: Wide coverage Win7/8.1/10 and Vista are affected

September 9th news, Microsoft released a routine security update this morning and announced the security bulletin this month. The September 2015 update includes a total of 12 patches, 5 of which are critical and 7 are important.
Affected operating systems and components include: Windows Vista, Win7, Win8, Win8.1, Win10, Windows Server 2008/2012 (R2), and Windows RT and Windows RT 8.1 for tablet devices, including Microsoft Office Software and services such as RT/2007/2010/2013/2013.

It is recommended that users download and install updates from Windows Update in a timely manner.

September 2015 security updates include:
Vulnerability in Microsoft Office could allow remote code execution (3089664)
This security update resolves vulnerabilities in Microsoft Office. The most serious of the vulnerabilities could allow remote code execution when a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. Customers with accounts configured to have fewer system user rights are less affected than customers with administrative user rights.

Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

This security update resolves vulnerabilities in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple computer accounts. To exploit this vulnerability, an attacker must have an account that has the authority to join a computer to a domain.

Vulnerability in Windows Media Center could allow remote code execution (3087918)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially designed Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers with accounts configured to have fewer system user rights are less affected than customers with administrative user rights.

Vulnerability in Microsoft Exchange Server Could Allow Information Disclosure (3089250)

This security update resolves multiple vulnerabilities in Microsoft Exchange Server. The most serious of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) does not properly handle web requests and clean up user input and email content.

Vulnerabilities in Skype for Business Server and Microsoft Lync Server Could Allow Elevation of Privilege (3089952)

This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of the vulnerabilities could allow elevation of privilege if the user clicks on a specially crafted URL. An attacker would have to convince a user to click or link in an Instant Messenger or email message to allow a user to link to an affected website through a specially crafted URL.

The other seven security update instructions can be found in: Win10 10240 official version KB3081455 cumulative update patch update summary.