Endpoint Protection

Microsoft Patch Tuesday – October 2015 

10-13-2015 02:31 PM

Ms-patch-tuesday-header.gif

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 33 vulnerabilities. Thirteen of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-oct

The following is a breakdown of the issues being addressed this month:

  1. MS15-106 Cumulative Security Update for Internet Explorer (3096441)

    Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482) MS Rating: Critical

    Remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-6044) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing a script to be run with elevated privileges.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer. The update addresses the vulnerability by changing the way certain functions handle objects in memory.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-6047) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing a script to be run with elevated privileges.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-6051) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing a script to be run with elevated privileges.

    Internet Explorer VBScript and JScript ASLR Bypass (CVE-2015-6052) MS Rating: Important

    A security feature bypass exists when the VBScript and JScript engines fail to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to more reliably run arbitrary code on a target system.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer. The update addresses the vulnerability by changing the way certain functions handle objects in memory.

    Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055) MS Rating: Critical

    Remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.

    Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6056) MS Rating: Important

    Remote code execution vulnerability exists in the way that the Scripting Engine, when rendered in Internet Explorer, handle objects in memory.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059) MS Rating: Important

    An information disclosure vulnerability exists when JScript or VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.


  2. MS15-107 Cumulative Security Update for Microsoft Edge (3096448)

    Microsoft Edge Information Disclosure Vulnerability (CVE-2015-6057) MS Rating: Moderate

    Information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer.

    Microsoft Edge XSS Filter Bypass (CVE-2015-6058) MS Rating: Important

    A cross-site scripting (XSS) filter bypass vulnerability exists in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.


  3. MS15-108 Security Updates for JScript and VBScript to Address Remote Code Execution (3089659)

    VBScript and JScript Engine Memory Corruption Vulnerability (CVE-2015-2482) MS Rating: Critical

    Remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.

    VBScript and JScript ASLR Bypass (CVE-2015-6052) MS Rating: Important

    A security feature bypass exists when the VBScript and JScript engines fail to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to more reliably run arbitrary code on a target system.

    VBScript and JScript Engine Memory Corruption Vulnerability (CVE-2015-6055) MS Rating: Critical

    Remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.

    VBScript and JScript Engine Information Disclosure Vulnerability (CVE-2015-6059) MS Rating: Important

    An information disclosure vulnerability exists when JScript or VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.


  4. MS15-109 Security Update for Windows Shell to Address Remote Code Execution (3096443)

    Windows Toolbar Use After Free Vulnerability (CVE-2015-2515) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Tablet Input Band Use After Free Vulnerability (CVE-2015-2548) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft Tablet Input Band fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


  5. MS15-110 Security Updates for Microsoft Office - Important (3096440)

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

    Microsoft SharePoint Information Disclosure Vulnerability (CVE-2015-2556) MS Rating: Important

    An information disclosure vulnerability exists when SharePoint InfoPath Forms Services improperly parses the Document Type Definition (DTD) of an XML file. An attacker who successfully exploited the vulnerability could browse the contents of arbitrary files on a SharePoint server. An attacker must have write permissions to a site and InfoPath Services must be enabled to exploit the vulnerability.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

    Microsoft Office Web Apps XSS Spoofing Vulnerability (CVE-2015-6037) MS Rating: Important

    A spoofing vulnerability exists when an Office Web Apps Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Office Web Apps Server. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the Office Web App site on behalf of the victim, such as change permissions, delete content, steal sensitive information (such as browser cookies) and inject malicious content in the browser of the victim.

    Microsoft SharePoint Security Feature Bypass Vulnerability (CVE-2015-6039) MS Rating: Important

    A security feature bypass vulnerability exists in Microsoft SharePoint. The vulnerability is caused when Office Marketplace is allowed to inject JavaScript code that persists onto a SharePoint page, because SharePoint does not enforce the appropriate permission level for an application or user. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.


  6. MS15-111 Security Update for Windows Kernel to Address Elevation of Privilege (3096447)

    Windows Kernel Memory Corruption Vulnerability (CVE-2015-2549) MS Rating: Important

    An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Windows Elevation of Privilege Vulnerability (CVE-2015-2550) MS Rating: Important

    An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Windows Kernel Trusted Boot Security Feature Bypass Vulnerability (CVE-2015-2552) MS Rating: Important

    A security feature bypass vulnerability exists when Windows fails to properly enforce the Windows Trusted Boot policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. Furthermore, an attacker could bypass Trusted Boot integrity validation for BitLocker and Device Encryption security features.

    Windows Mount Point Elevation of Privilege Vulnerability (CVE-2015-2553) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows improperly validates junctions in certain scenarios in which mount points are being created. An attacker who successfully exploited this vulnerability could potentially run arbitrary code in the security context of the user running a compromised application.

    Windows Elevation of Privilege Vulnerability (CVE-2015-2554) MS Rating: Important

    An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.