Endpoint Protection

Microsoft Patch Tuesday – March 2015 

03-10-2015 03:26 PM

ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing fourteen bulletins covering a total of 45 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-mar

The following is a breakdown of the issues being addressed this month:

  1. MS15-018 Cumulative Security Update for Internet Explorer (3032359)

    VBScript Memory Corruption Vulnerability (CVE-2015-0032) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0056) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0099) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0100) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1622) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1623) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1624) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1625) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1626) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1634) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-0072) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.

    Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1627 ) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

  2. MS15-019 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)

    VBScript Memory Corruption Vulnerability (CVE-2015-0032) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  3. MS15-020 Vulnerability in Windows Shell Could Allow Remote Code Execution (3041836)

    WTS Remote Code Execution Vulnerability (CVE-2015-0081) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Text Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the logged-on user.

    DLL Planting Remote Code Exectution Vulnerability (CVE-2015-0096) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Windows improperly handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  4. MS15-021 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)

    Adobe Font Driver Denial of Service Vulnerability (CVE-2015-0074) MS Rating: Moderate

    A denial of service vulnerability exists in how the Adobe Font Driver manages memory when parsing fonts. A user who visited a specially crafted website or opened a specially crafted file could be affected by this vulnerability.

    Adobe Font Driver Information Disclosure Vulnerability (CVE-2015-0087) MS Rating: Important

    An information-disclosure vulnerability exists in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. This issue occurs when the Adobe Font Driver tries to read or display certain fonts.

    Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0088) MS Rating: Critical

    A remote code-execution vulnerability exists in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. This issue occurs when the Adobe Font Driver improperly overwrites objects in memory.

    Adobe Font Driver Information Disclosure Vulnerability (CVE-2015-0089) MS Rating: Important

    An information-disclosure vulnerability exists in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. This issue occurs when the Adobe Font Driver tries to read or display certain fonts.

    Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0090) MS Rating: Critical

    A remote code-execution vulnerability exists in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. This issue occurs when the Adobe Font Driver improperly overwrites objects in memory.

    Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0091) MS Rating: Critical

    A remote code-execution vulnerability exists in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. This issue occurs when the Adobe Font Driver improperly overwrites objects in memory.

    Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0092) MS Rating: Critical

    A remote code-execution vulnerability exists in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. This issue occurs when the Adobe Font Driver improperly overwrites objects in memory.

    Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0093) MS Rating: Critical

    A remote code-execution vulnerability exists in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. This issue occurs when the Adobe Font Driver improperly overwrites objects in memory.

  5. MS15-022 Vulnerabilities in Microsoft Office could allow Elevation of Privilege (3038999)

    Microsoft Office Component Use After Free Vulnerability (CVE-2015-0085) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-0086) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle rich text format files in memory.

    Microsoft Word Local Zone Remote Code Execution Vulnerability (CVE-2015-0097) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

    SharePoint User Name XSS Vulnerability (CVE-2015-1633) MS Rating: Important

    An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.

    SharePoint XSS Vulnerability (CVE-2015-1636) MS Rating: Important

    An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.

  6. MS15-023 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)

    Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-0077) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver fails to initialize function buffers in a manner that removes the results of previous function calls.

    Win32k Elevation of Privilege Vulnerability (CVE-2015-0078) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel-mode driver that is caused when the kernel-mode driver fails to properly validate the calling thread's token.

    Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-0094) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call.

    Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-0095) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver dereferences a NULL pointer.

  7. MS15-024 Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)

    Malformed PNG Parsing Information Disclosure Vulnerability (CVE-2015-0080) MS Rating: Important

    An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted PNG image format files. The vulnerability could allow an information disclosure if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

  8. MS15-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)

    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (CVE-2015-0073) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Windows Registry Virtualization improperly allows a user to modify the virtual store of another user. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system.

    Impersonation Level Check Elevation of Privilege Vulnerability (CVE-2015-0075) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass user account checks to gain elevated privileges.

  9. MS15-026 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)

    OWA Modified Canary Parameter Cross Site Scripting Vulnerability (CVE-2015-1628) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue affects the OWA Modified Canary Parameter.

    ExchangeDLP Cross Site Scripting Vulnerability (CVE-2015-1629) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue exists in ExchangeDLP.

    Audit Report Cross Site Scripting Vulnerability (CVE-2015-1630) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue exists in Audit Report.

    Exchange Forged Meeting Request Spoofing Vulnerability (CVE-2015-1631) MS Rating: Important

    A spoofing vulnerability exists in Exchange Server when Exchange fails to properly validate the meeting organizer identity when accepting or modifying meeting requests. An attacker who successfully exploited this vulnerability could then use the vulnerability to schedule or modify meetings while appearing to originate from a legitimate meeting organizer.

    Exchange Error Message Cross Site Scripting Vulnerability (CVE-2015-1632) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue exists in Exchange Error Message.

  10. MS15-027 Vulnerability in NETLOGON Could Allow Spoofing (3002657)

    NETLOGON Spoofing Vulnerability (CVE-2015-0005) MS Rating: Important

    A spoofing vulnerability exists in NETLOGON. The vulnerability is caused when the Netlogon service improperly establishes a secure communications channel, when given a computer name, without challenging for credentials.

  11. MS15-028 Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)

    Task Scheduler Security Feature Bypass Vulnerability (CVE-2015-0084) MS Rating: Important

    A security feature bypass vulnerability exists when Windows Task Scheduler fails to properly validate and enforce impersonation levels. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run.

  12. MS15-029 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3035126)

    JPEG XR Parser Information Disclosure Vulnerability (CVE-2015-0076) MS Rating: Important

    An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted JPEG XR (.JXR) image format files. The vulnerability could allow an information disclosure if an attacker runs a specially crafted application on an affected system.

  13. MS15-030 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

    Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2015-0079) MS Rating: Important

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker creates multiple RDP sessions which fail to properly fails to properly free objects in memory. An unauthenticated attacker could use this vulnerability to exhaust the system memory by creating multiple RDP sessions.

  14. MS15-031 Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

    Schannel Security Feature Bypass Vulnerability (CVE-2015-1637) MS Rating: Important

    A security feature bypass vulnerability exists in Secure Channel (Schannel) that is caused by an issue in the TLS state machine whereby a client system accepts an RSA key with a shorter key length than the originally negotiated key length. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.