Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-632 on Wednesday, September 9th.

 

Ease of Use (published exploits) to Risk Table

Automated Exploit
Easy
Moderate
Difficult
Extremely Difficult
No Known Exploit
MS15-103 MS15-096 MS15-094
MS15-095

MS15-098
MS15-100
MS15-101
MS15-105 MS15-099
MS15-104
MS15-097
MS15-102
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged

 

MS15-094

Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE
Scripting Engine Memory Corruption Vulnerability CVE-2015-2493
Elevation of Privilege Vulnerability CVE-2015-2489
Information Disclosure Vulnerability CVE-2015-2483

MS15-095

Multiple Memory Corruption Vulnerabilities MULTIPLE

MS15-096

Active Directory Denial of Service Vulnerability CVE-2015-2535

MS15-097

OpenType Font Parsing Vulnerability CVE-2015-2506
Multiple Font Driver Elevation of Privilege Vulnerabilities MULTIPLE
Graphics Component Buffer Overflow Vulnerability CVE-2015-2510
Multiple Win32k Memory Corruption Elevation of Privilege Vulnerabilities MULTIPLE
Win32k Elevation of Privilege Vulnerability CVE-2015-2527
Kernel ASLR Bypass Vulnerability CVE-2015-2529

MS15-098

Windows Journal DoS Vulnerability CVE-2015-2516

MS15-099

Multiple Microsoft Office Memory Corruption Vulnerabilities MULTIPLE
Microsoft SharePoint XSS Spoofing Vulnerability CVE-2015-2522
Microsoft Office Malformed EPS File Vulnerability CVE-2015-2545

MS15-100

Windows Media Center RCE Vulnerability CVE-2015-2509

MS15-101

.NET Elevation of Privilege Vulnerability CVE-2015-2504
MVC Denial of Service Vulnerability CVE-2015-2526

MS15-102

Windows Task Management Elevation of Privilege Vulnerability CVE-2015-2524
Windows Task File Deletion Elevation of Privilege Vulnerability CVE-2015-2525
Windows Task Management Elevation of Privilege Vulnerability CVE-2015-2528

MS15-103

Exchange Information Disclosure Vulnerability CVE-2015-2505
Multiple Exchange Spoofing Vulnerabilities MULTIPLE

MS15-104

Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability CVE-2015-2531
Lync Server XSS Information Disclosure Vulnerability CVE-2015-2532
Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability CVE-2015-2536

MS15-105

Hyper-V Security Feature Bypass Vulnerability CVE-2015-2534

MS15-094

Up first this month, we have an Internet Explorer update that resolves a number of vulnerabilities including one publicly disclosed vulnerability. The most interesting element of this update would be CVE-2015-2493, a vulnerability in the VBScript and JScript engines.

Normally, a vulnerability in these components in the IE update would mean a second Windows update to resolve the standalone VBScript and JScript implementations. The lack of this update means one of two things: that the vulnerability exists in the code that integrates VBScript and JScript into Internet Explorer or that a bulletin resolving this issue in VBScript and JScript was withheld and may be coming at a later date.

MS15-095

Up next, we have an update for Microsoft Edge, which includes a number of CVEs from the Internet Explorer bulletin. This overlap includes CVE-2015-2542, the vulnerability that has been publicly disclosed.

MS15-096

This bulletin describes a denial of service in Active Directory that could allow an authenticated user to create multiple machine accounts. Upon creating multiple machine accounts, the AD service could become non-responsive.

MS15-097

Lately, no month is complete without an update to various system drivers, including font drivers. This month is no exception, with OpenType fonts, the Windows kernel-mode driver, and the Windows kernel affected. This bulletin provides a great opportunity to remind Windows 10 users that your updates are all or nothing, you can’t pick and choose as Microsoft provides one massive cumulative update for all Windows 10 security issues.

MS15-098

Every so often the Windows Journal makes an appearance, just as it does in MS15-098. At this point, the majority of users could simply remove the journal file associations as it’s a seldom-used application and reducing the system attack surface is always beneficial.

MS15-099

The final double-digit bulletin of the year belongs to Microsoft Office resolving issues with Office, Excel, and SharePoint Foundation 2013.

MS15-100

Much like MS15-098, MS15-100 is code execution in a file type that most users seldom use. The Media Center link file (.mcl) is the culprit this time and if you’re not making use of Media Center, you could remove this file type association as well.

MS15-101

Next, we have a pair of vulnerabilities in .NET. The denial of service applies to web servers with ASP.NET applications but the elevation of privilege could be exploited using a malicious web-based application or a desktop application.

MS15-102

Three vulnerabilities in Windows Task management are next on the list. One of these vulnerabilities exists within the Task Scheduler, while the other two have to do with Windows impersonation levels. All three vulnerabilities require that the attacker have access to the system in order to elevate their privileges.

MS15-103

Microsoft Exchange, specifically the OWA interface, fails to properly handle data leading to three vulnerabilities. The first is a failure to properly handle web requests, which can lead to stacktrace disclosure, while the other two are related to the sanitization of email, which could allow spoofing.

MS15-104

The penultimate update this month resolves a trio of XSS vulnerabilities that affect Microsoft Lync Server and Skype for Business Server. All three attacks require that the user click on a malicious URL.

MS15-105

The final bulletin this month resolves a bypass that exists within the Hyper-V ACLs that could allow an attacker to bypass network traffic restrictions.

Additional Details

Adobe has released APSB15-022 to address multiple vulnerabilities in Adobe Shockwave Player.

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

 

Ease of Use (published exploits) to Risk Table

Automated Exploit
Easy
Moderate
Difficult
Extremely Difficult
No Known Exploit
MS15-103 MS15-096 MS15-094
MS15-095

MS15-098
MS15-100
MS15-101
MS15-105 MS15-099
MS15-104
MS15-097
MS15-102
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged