Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-628 on Wednesday, August 12th.

MS15-079

Multiple Memory Corruption Vulnerabilities MULTIPLE
Multiple ASLR Bypass Vulnerabilities MULTIPLE
Unsafe Command Line Parameter Passing Vulnerability CVE-2015-2423

MS15-080

Multiple TrueType Font Parsing Vulnerabilities MULTIPLE
Microsoft Office Graphics Component Remote Code Execution Vulnerability CVE-2015-2431
Kernel ASLR Bypass Vulnerability CVE-2015-2433
Windows CSRSS Elevation of Privilege Vulnerability CVE-2015-2453
Windows KMD Security Feature Bypass Vulnerability CVE-2015-2454
Windows Shell Security Feature Bypass Vulnerability CVE-2015-2465

MS15-081

Multiple Microsoft Office Memory Corruption Vulnerabilities MULTIPLE
Unsafe Command Line Parameter Passing Vulnerability CVE-2015-2423
Microsoft Office Remote Code Execution Vulnerability CVE-2015-2466
Microsoft Office Integer Underflow Vulnerability CVE-2015-2470

MS15-082

Remote Desktop Session Host Spoofing Vulnerability CVE-2015-2472
Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability CVE-2015-2473

MS15-083

Server Message Block Memory Corruption Vulnerability CVE-2015-2474

MS15-084

Multiple MSXML Information Disclosure Vulnerabilities MULTIPLE
MSXML Information Disclosure Vulnerability CVE-2015-2440

MS15-085

Mount Manager Elevation of Privilege Vulnerability CVE-2015-1769

MS15-086

System Center Operations Manager Web Console XSS Vulnerability CVE-2015-2420

MS15-087

UDDI Services Elevation of Privilege Vulnerability CVE-2015-2475

MS15-088

Unsafe Command Line Parameter Passing Vulnerability CVE-2015-2423

MS15-089

WebDAV Client Information Disclosure Vulnerability CVE-2015-2476

MS15-090

Windows Object Manager Elevation of Privilege Vulnerability CVE-2015-2428
Windows Registry Elevation of Privilege Vulnerability CVE-2015-2429
Windows Filesystem Elevation of Privilege Vulnerability CVE-2015-2430

MS15-091

Multiple Memory Corruption Vulnerabilities MULTIPLE
ASLR Bypass CVE-2015-2449

MS15-092

Multiple RyuJIT Optimization Elevation of Privilege Vulnerabilities MULTIPLE

MS15-079

Up first this month, like most months, we have the Internet Explorer update. It’s worth noting that even though most Windows 10 users will be Familiar with Microsoft Edge, the operating system does still ship with Internet Explorer, so this bulletin includes updates for Windows 10.

MS15-080

This bulletin feels like a bit of a potluck, you show up and you never quite know what you’ll see on the menu. We have font driver vulnerabilities, security feature bypasses, elevation of privilege issues and all of these exist in assorted software packages. We have updates for Windows, .NET, Office, Lync, and Silverlight. This is important to note as you may require multiple updates to fully resolve these vulnerabilities on your system.

MS15-081

Up next, we have another omnibus update, this one covering Office products. The update includes Office, the individual components, the free viewers, SharePoint, and Office Web Apps Server.

MS15-082

RDP is patched again this month, seeing frequent updates over the past year. This time, the vulnerabilities differ from past issues. The first allows a man-in-the-middle attacker to generate an untrusted certificate that would be trusted due to improper certificate validation. The second involves placing a DLL on the system, an unexpected vulnerability since you generally expect network interaction when you see RDP vulnerabilities.

MS15-083

Another vulnerability that feels misleading when you read the title, MS15-083 is a remote code execution in Server Message Block (SMB). Upon further reading, you discover that the vulnerability requires authentication in order to be exploited. Specifically, the vulnerability is exploited by passing a malicious string to the server’s error logging.

MS15-084

This update disables SSL 2.0 in MSXML, one of two vulnerabilities this month related to client services that explicitly allow SSLv2 connections. In addition to resolving those issues, an ASLR bypass is also resolved in this bulletin.

MS15-085

Up next, we have an update that had been used to target organizations running Windows. It is a mount manager vulnerability that allows attackers to execute malicious code by plugging a USB Device into a target system.

MS15-086

The first System Center Operations Manager 2012 update resolves a cross-site scripting vulnerability in the Web Console.

MS15-087

A second XSS issue is resolved in MS15-087; this one fixes a vulnerability in the Universal Description, Discovery, and Integration (UDDI) Services on Windows Server 2008 and Microsoft BizTalk Server.

MS15-088

This is an interesting bulletin; those paying attention to the table at the beginning will note that the MS15-088 CVE is also patched in MS15-079 and MS15-081, that’s because the same issues affects Windows, Internet Explorer, and Microsoft Office. The issue, which requires an initial Internet Explorer vulnerability, allows attackers to execute Excel, Notepad, PowerPoint, Visio, or Word, which ultimately leads to an information disclosure.

MS15-089

The update fixes the second vulnerability that allows SSLv2 connections, this one in the WebDAV Client. This update restricts the WebDAV client to more secure connection methods.

MS15-090

This month’s generic “Windows” bulletin includes three elevation of privilege vulnerabilities affecting the Object Manager, Registry, and Filesystem.

MS15-091

It should be noted that MS15-091 is our first Microsoft Edge security bulletin, resolving 4 vulnerabilities – 3 Memory Corruption issues and an ASLR Bypass.

MS15-092

The final bulletin this month applies to .NET, including the recently released .NET Framework 4.6. This update resolves three vulnerabilities in the RyuJIT compiler.

Additional Details

Additionally, Adobe has released APSB15-19 for Adobe Flash Player.

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

 

Ease of Use (published exploits) to Risk Table:

Automated Exploit
Easy
Moderate
Difficult
Extremely Difficult
MS15-085
No Known Exploit
MS15-084
MS15-088

MS15-089
MS15-079
MS15-081

MS15-082
MS15-083
MS15-091
MS15-086
MS15-087
MS15-080
MS15-090

MS15-092
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged