Endpoint Protection

Microsoft Patch Tuesday – August 2015 

08-11-2015 04:19 PM

ms-tuesday-patch-key-concept-white-light 2_5.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 14 bulletins covering a total of 52 vulnerabilities. Twenty-two of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the August releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-aug

The following is a breakdown of the issues being addressed this month:

  1. MS15-079 Security Update for Internet Explorer (3082442)

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2441) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2447) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2445) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2449) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    Unsafe Command Line Parameter Passing Vulnerability (CVE-2015-2423) MS Rating: Important

    An information disclosure vulnerability exists in Internet Explorer when files at a medium integrity level become accessible when executed from a low integrity level in Internet Explorer Enhanced Protection Mode (EPM). An attacker can exploit this issue to read files on disk that should not be accessible from a low integrity level.

  2. MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)

    Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431) MS Rating: Important

    A remote code execution vulnerability exists when Office fails to properly handle Open Graphic (OGL) fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    OpenType Font Parsing Vulnerability (CVE-2015-2432) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    OpenType Font Parsing Vulnerability (CVE-2015-2458) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    OpenType Font Parsing Vulnerability (CVE-2015-2459) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    OpenType Font Parsing Vulnerability (CVE-2015-2460) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    OpenType Font Parsing Vulnerability (CVE-2015-2461) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    OpenType Font Parsing Vulnerability (CVE-2015-2462) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    TrueType Font Parsing Vulnerability (CVE-2015-2435) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when components of Windows, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    TrueType Font Parsing Vulnerability (CVE-2015-2455) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    TrueType Font Parsing Vulnerability (CVE-2015-2456) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    TrueType Font Parsing Vulnerability (CVE-2015-2463) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    TrueType Font Parsing Vulnerability (CVE-2015-2464) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Windows when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

    Kernel ASLR Bypass Vulnerability (CVE-2015-2433) MS Rating: Important

    A security feature bypass vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.

    Windows CSRSS Elevation of Privilege Vulnerability (CVE-2015-2453) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Client/Server Run-time Subsystem (CSRSS) terminates a process when a user logs off. An attacker who successfully exploited this vulnerability could run code that is designed to monitor the actions of a user who subsequently logs on to the system. This could allow the disclosure of sensitive information or access to data on the affected systems that was accessible to the logged-on user. This sensitive data could include the logon credentials of subsequent users, which an attacker might later use for elevation of privilege or to execute code as a different user on the system.

    Windows KMD Security Feature Bypass Vulnerability (CVE-2015-2454) MS Rating: Important

    A security feature bypass vulnerability exists when the Windows kernel-mode driver fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system. An attacker can exploit this vulnerability in conjunction with another vulnerability.

    Windows Shell Security Feature Bypass Vulnerability (CVE-2015-2465) MS Rating: Important

    A security feature bypass vulnerability exists when the Windows shell fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system. An attacker can exploit this vulnerability in conjunction with another vulnerability.

  3. MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-1642) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

    Unsafe Command Line Parameter Passing Vulnerability (CVE-2015-2423) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft Office when files at a medium integrity level become accessible when executed from a low integrity level in Internet Explorer Enhanced Protection Mode (EPM). An attacker can exploit this issue to read files on disk that should not be accessible from a low integrity level.

    Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2466) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly validate templates. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. An attacker can exploit this issue by tricking a user into opening a specially crafted template file with an affected version of Microsoft Office software.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

    Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470) MS Rating: Important

    A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. An attacker can exploit this issue by tricking a user into opening a specially crafted Office file with an affected version of Microsoft Office software.

  4. MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)

    Remote Desktop Session Host Spoofing Vulnerability (CVE-2015-2472) MS Rating: Important

    A spoofing vulnerability exists when the Remote Desktop Session Host (RDSH) improperly validates cerficates during authentication. An attacker who successfully exploited this vulnerability impersonate the client session.

    Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability (CVE-2015-2473) MS Rating: Important

    A remote code execution vulnerability exists when the Remote Desktop Protocol (RDP) improperly loads binaries. An attacker who successfully exploited this vulnerability could execute arbitrary code within the context of the RDP (terminal) NetworkService account.

  5. MS15-083 Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)

    Server Message Block Memory Corruption Vulnerability (CVE-2015-2474) MS Rating: Important

    An authenticated remote code execution vulnerability exists in Windows that is caused when Server Message Block (SMB) improperly handles certain logging activities, resulting in memory corruption. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  6. MS15-084 Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)

    MSXML Information Disclosure Vulnerability (CVE-2015-2434) MS Rating: Important

    An information disclosure vulnerability exists when MSXML explicitly allows the use of Secure Sockets Layer (SSL) 2.0. An attacker who successfully exploited the vulnerability could decrypt portions of encrypted network information traffic.

    MSXML Information Disclosure Vulnerability (CVE-2015-2440) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft XML Core Services (MSXML) exposes memory addresses not intended for public disclosure. An attacker could combine this information disclosure vulnerability to bypass the Address Space Layout Randomization (ASLR) security feature with another vulnerability. An attacker who successfully exploited this vulnerability could potentially read private data.

    MSXML Information Disclosure Vulnerability (CVE-2015-2471) MS Rating: Important

    An information disclosure vulnerability exists when MSXML explicitly allows the use of Secure Sockets Layer (SSL) 2.0. An attacker who successfully exploited the vulnerability could decrypt portions of encrypted network information traffic.

  7. MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)

    Elevation of Privilege in Mount Manager Vulnerability (CVE-2015-1769) MS Rating: Important

    An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and in certain situations execute it.

  8. MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)

    System Center Operations Manager Web Console XSS Vulnerability (CVE-2015-2420) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft System Center Operations Manager that is caused by the improper validation of input. An attacker who successfully exploited this vulnerability could inject a client-side script into the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected website on behalf of the targeted user.

  9. MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)

    UDDI Services Could Allow Elevation of Privilege Vulnerability (CVE-2015-2475) MS Rating: Important

    An elevation of privilege exists in Microsoft Windows when the Universal Description, Discovery, and Integration (UDDI) Services improperly validate or sanitize the search parameter in a tag. An attacker who successfully exploited this vulnerability could leak authorization cookies or unexpectedly redirect a user to a malicious webpage.

  10. MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)

    Unsafe Command Line Parameter Passing Vulnerability (CVE-2015-2423) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft Windows when files at a medium integrity level become accessible when executed from a low integrity level in Internet Explorer Enhanced Protection Mode (EPM). An attacker who successfully exploited this vulnerability could read files on disk that should not be accessible from a low integrity level.

  11. MS15-089 Vulnerability in WebDAV Could Allow Information Disclosure (3076949)

    WebDAV Client Information Disclosure Vulnerability (CVE-2015-2476) MS Rating: Important

    An information disclosure vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client that is caused when it explicitly allows the use of Secure Socket Layer (SSL) 2.0. An attacker who successfully exploited this vulnerability could decrypt portions of encrypted traffic. An attacker could force an encrypted SSL 2.0 session and use a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic to exploit this vulnerability.

  12. MS15-090 Vulnerabilities in Microsoft Windows Could Allow Security Bypass (3060716)

    Windows Object Manager Elevation of Privilege Vulnerability (CVE-2015-2428) MS Rating: Important

    An elevation of privilege vulnerability exists in Windows Object Manager when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system. An attacker would have to log on to an affected system and run a specially crafted application to exploit this vulnerability.

    Windows Registry Elevation of Privilege Vulnerability (CVE-2015-2429) MS Rating: Important

    An elevation of privilege exists in Microsoft Windows when it improperly allows certain registry interactions from within vulnerable sandboxed applications. An attacker who successfully exploited this vulnerability could improperly interact with the registry and attempt to escape the application sandbox. An attacker exploit this vulnerability by convincing a user to open a specially crafted file that would invoke a vulnerable sandboxed application, resulting in a compromise of the sandbox.

    Windows Filesystem Elevation of Privilege Vulnerability (CVE-2015-2430) MS Rating: Important

    An elevation of privilege exists in Microsoft Windows when it improperly allows certain filesystem interactions from within vulnerable sandboxed applications. An attacker who successfully exploited this vulnerability could improperly interact with the filesystem and attempt to escape the application sandbox. An attacker exploit this vulnerability by convincing a user to open a specially crafted file that would invoke a vulnerable sandboxed application, allowing an attacker to escape the sandbox.

  13. MS15-091 Cumulative Security Update for Microsoft Edge (3084525)

    Edge Memory Corruption Vulnerability (CVE-2015-2441) MS Rating: Critical

    A remote code execution vulnerability exists when Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Edge Memory Corruption Vulnerability (CVE-2015-2442) MS Rating: Critical

    A remote code execution vulnerability exists when Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Edge Corruption Vulnerability (CVE-2015-2446) MS Rating: Critical

    A remote code execution vulnerability exists when Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Edge ASLR Bypass Vulnerability (CVE-2015-2449) MS Rating: Important

    A security feature bypass vulnerability exists when Edge fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

  14. MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)

    RyuJIT Optimization Elevation of Privilege Vulnerability (CVE-2015-2479) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft .NET Framework when the RyuJIT compiler improperly optimizes certain parameters resulting in a code generation error. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker can exploit this issue by hosting a specially crafted .NET application and convince users to run the application.

    RyuJIT Optimization Elevation of Privilege Vulnerability (CVE-2015-2480) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft .NET Framework when the RyuJIT compiler improperly optimizes certain parameters resulting in a code generation error. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker can exploit this issue by hosting a specially crafted .NET application and convince users to run the application.

    RyuJIT Optimization Elevation of Privilege Vulnerability (CVE-2015-2481) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft .NET Framework when the RyuJIT compiler improperly optimizes certain parameters resulting in a code generation error. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker can exploit this issue by hosting a specially crafted .NET application and convince users to run the application.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.