Skip to content ↓ | Skip to navigation ↓

Today’s VERT Threat Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-614 on Wednesday, May 13th.

MS15-043 VBScript ASLR Bypass CVE-2015-1684
VBScript and JScript ASLR Bypass CVE-2015-1686
Internet Explorer ASLR Bypass CVE-2015-1685
Multiple Elevation of Privilege Vulnerabilities MULTIPLE
Internet Explorer Clipboard Information Disclosure Vulnerability CVE-2015-1692
Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE
MS15-044 OpenType Font Parsing Vulnerability CVE-2015-1670
TrueType Font Parsing Vulnerability CVE-2015-1671
MS15-045 Multiple Windows Journal Remote Code Execution Vulnerabilities MULTIPLE
MS15-046 Multiple Microsoft Office Memory Corruption Vulnerabilities MULTIPLE
MS15-047 Microsoft SharePoint Page Content Vulnerabilities CVE-2015-1700
MS15-048 .NET XML Decryption Denial of Service Vulnerability CVE-2015-1672
Windows Forms Elevation of Privilege Vulnerability CVE-2015-1673
MS15-049 Microsoft Silverlight Out of Browser Application Vulnerability CVE-2015-1715
MS15-050 Service Control Manager Elevation of Privilege Vulnerability CVE-2015-1702
MS15-051 Multiple Microsoft Windows Kernel Memory Disclosure Vulnerabilities MULTIPLE
Win32k Elevation of Privilege Vulnerability CVE-2015-1701
MS15-052 Windows Kernel Security Feature Bypass Vulnerability CVE-2015-1674
MS15-053 VBScript ASLR Bypass CVE-2015-1684
VBScript and JScript ASLR Bypass CVE-2015-1686
MS15-054 Microsoft Management Console File Format Denial of Service Vulnerability CVE-2015-1681
MS15-055 Schannel Information Disclosure Vulnerability CVE-2015-1716

 

MS15-043

This month starts, as expected, with the latest cumulative update for Internet Explorer. Back in March we saw CVE crossover between Internet Explorer and the VBScript/Jscript patch and we see that again now with MS15-043 and MS15-053. Microsoft has laid out the details in a table available in both bulletins, so if you find yourself confused over patch selection, you can refer to the table. Beyond this, the patched vulnerabilities are rather typical Internet Explorer issues, nothing here should be overly surprising.

MS15-044

The next bulletin seems fairly straightforward; it’s simply two font-parsing vulnerabilities but when you dig a little deeper, you realize that this bulletin has the potential to be confusing for some users. One of the vulnerabilities, CVE-2015-1671, affects a large number of Microsoft products and there are 5 separate updates available. Users that have Office, .NET, Silverlight, and Lync installed on Windows will need to apply all 5 updates in order to fully address this vulnerability.

MS15-045

Up next, we have 6 vulnerabilities in Windows Journal. We usually only see one Windows Journal bulletin a year but it’s a great example of software that the majority of Windows users will never use. If you fall into that group of users that don’t use Windows Journal, consider uninstalling it from your system and, in enterprises, removing it from your images. One of the vulnerabilities resolved in this bulletin had been publicly disclosed and, while it wasn’t exploited prior to patch release, this is a great reason to reduce your attack surface.

MS15-046

MS15-046 resolves a pair of Microsoft Office vulnerabilities. The bulletin includes a list of affected software, which is rather extensive but, at this point, also expected. The list includes: Office 2007 through 2013. PowerPoint Viewer, Word Automation Services for SharePoint Server 2010 and 2013, Office Web Apps 2010, Office Web Apps Server 2013, SharePoint Foundation 2010, and SharePoint Server 2013.

MS15-047

While MS15-047 is the only bulletin identified as a SharePoint bulletin, those keeping score will have noted that the bulletin above, MS15-046, also contains SharePoint related patches. Ensure that you install all required patches for your platform.

MS15-048

Next up is the typical .NET bulletin. While there’s nothing overly unique about this bulletin, it’s worth pointing out that this is one of two .NET updates you may need to install alongside MS15-044. VERT will also be publishing additional information about .NET and Server 2003 via the Tripwire State of Security blog in the near future as people rush to get their systems squared aware before the Server 2003 EOL date.

MS15-049

The situation presented by MS15-049, is similar to MS15-048 (since Silverlight is also referenced in MS15-044), however Microsoft has bundled the updates for MS15-049 and MS15-044 (as they apply to Silverlight) into a single update. This should help to ease the patching processing and limit the moving parts involved in ensuring systems are fully up-to-date.

MS15-050

This bulletin resolves a single vulnerability in the Windows Service Control Manager that could lead to elevation of privilege due to improper verification of impersonation levels. It is important to note that while Windows Server 2003 is vulnerable, Microsoft has stated that they will not be making an update available due to the ‘comprehensive architectural changes’ it would require.

MS15-051

A number of information disclosure vulnerabilities are resolved by MS15-051 but the more interesting vulnerability is a privilege escalation attack (CVE-2015-1701). Microsoft has stated that this vulnerability was disclosed publicly and has been used in limited, targeted attacks. This should elevate the priority of this patch in your monthly update process.

MS15-052

This bulletin resolves another ASLR bypass resolved this month, this one existing within the Windows Kernel.

MS15-053

This bulletin co-exists with MS15-043; this is the VBScript and JScript specific patch that goes along with the Internet Explorer patch (based on VBScript/JScript version and IE Version). If you are confused about the patches you need to apply and can’t use an automated update mechanism, refer to the table in the Microsoft bulletin to determine which updates your system requires.

MS15-054

The penultimate bulletin this month addresses an issue similar to those that we’ve seen in the past. A file format vulnerability related to icon information embedded in the file. In this case we’re talking about .msc files that are opened by the Microsoft Management Console. Successful exploitation of this vulnerability will lead to a denial of service.

MS15-055

The final update this month is for Schannel and it disables 512-bit Diffie-Hellman ephemeral keys, the use of which could lead to information disclosure. This update sets the ClientMinKeyBitLength registry key default to 1024-bit, however the value can be set lower (allowing 512-bit keys). This is also true after the update is applied. Also note that Microsoft states that this update replaces MS15-052 and must be installed after MS15-052, if you are manually installing updates.

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

Ease of Use (published exploits) to Risk Table

Automated Exploit
 MS15-051
Easy
Moderate
Difficult
Extremely Difficult
  MS15-045
No Known Exploit
MS15-052
MS15-053
MS15-055
MS15-054 MS15-043
MS15-044
MS15-046
MS15-047

MS15-048
MS15-049
MS15-050
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged
Hacking Point of Sale
  • BIll C

    Anyone not have MS15-051 not available in WSUS? All MS15 came down except 051!?!

  • Richard

    Same case with me MS15-051 missing in WSUS.. Also MS15-049 is also not available. in WSUS.

  • Doug Fuchs

    Windows 7 Pro: This update screwed up my fonts somehow – All my notification windows for all programs look screwy, huge, with a strange fuzzy font. Some windows won't even fit in my huge screen and there is no way to scale them. Some web pages look strange – all today – never before. I went into Control Panel and set the fonts to default. Then, I downloaded a list of all Windows 7 fonts and made sure all were installed. No fix. Problem remains.