Endpoint Protection

Microsoft Patch Tuesday – July 2015 

07-14-2015 06:59 PM

ms-tuesday-patch-key-concept-white-light 2_4.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 14 bulletins covering a total of 58 vulnerabilities. Twenty-four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-jul

The following is a breakdown of the issues being addressed this month:

  1. MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)

    SQL Server Elevation of Privilege Vulnerability (CVE-2015-1761) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly casts pointers to an incorrect class. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database.

    SQL Server Remote Code Execution Vulnerability (CVE-2015-1762) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query on an affected SQL server that has special permission settings (such as VIEW SERVER STATE) turned on.

    SQL Server Remote Code Execution Vulnerability (CVE-2015-1763) MS Rating: Important

    An authenticated remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory.

  2. MS15-065 Security Update for Internet Explorer (3076321)

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1733) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1738) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1767) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2383) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2384) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2385) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2388) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2389) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2390) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2397) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2401) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2403) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2404) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2406) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2408) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2411) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2422) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-2425) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-1729) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-2402) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-2410) MS Rating: Moderate

    An information disclosure vulnerability exists when Internet Explorer does not properly handle requests from external stylesheets, which could allow an attacker to detect the existence of specific files on the user's computer.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-2412) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly validate file paths, which could allow an attacker to disclose the contents of arbitrary files on the user's computer.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-2413) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Information Disclosure Vulnerability (CVE-2015-2414) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly handle cached image information, which could allow an attacker to gain access to information about the user's browsing history.

    Internet Explorer XSS Filter Bypass Vulnerability (CVE-2015-2398) MS Rating: Important

    XSS filter bypass vulnerability exists in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2421) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    JScript9 Memory Corruption Vulnerability (CVE-2015-2419) MS Rating: Important

    A remote code execution vulnerability exists in the way that the JScript engine, when rendered in Internet Explorer, handles objects in memory.

    VBScript Memory Corruption Vulnerability (CVE-2015-2372) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory.

  3. MS15-066 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)

    VBScript Memory Corruption Vulnerability (CVE-2015-2372) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory.

  4. MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094)

    Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373) MS Rating: Critical

    A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) terminal service handles packets. An attacker can exploit this issue to execute arbitrary code or cause denial of service conditions.

  5. MS15-068 Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution (3072000)

    Hyper-V Buffer Overflow Vulnerability (CVE-2015-2361) MS Rating: Critical

    A remote code execution vulnerability exists in Windows Server Hyper-V in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

    Hyper-V System Data Structure Vulnerability (CVE-2015-2362) MS Rating: Critical

    A remote code execution vulnerability exists in Windows Server Hyper-V in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

  6. MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)

    Windows DLL Remote Code Execution Vulnerability (CVE-2015-2368) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Windows improperly handles the loading of dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker would first have to place a specially crafted DLL file in the target user's current working directory to exploit this vulnerability. The attacker would then have to convince the user to load the DLL file.

    DLL Planting Remote Code Execution Vulnerability (CVE-2015-2369) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Windows Media Device Manager improperly handles the loading of certain specially crafted DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker would first have to convince a user to open a specially crafted .RTF file to exploit this vulnerability.

  7. MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)

    Microsoft Excel ASLR Bypass Vulnerability (CVE-2015-2375) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft Excel when memory is released in an unintended manner. The vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, and potentially allow remote code execution. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability to run arbitrary code.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2376) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2377) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

    Microsoft Excel DLL Remote Code Execution Vulnerability (CVE-2015-2378) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Excel improperly handles the loading of dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker would first have to place a specially crafted DLL file in the target user's current working directory to exploit this vulnerability. The attacker would then have to convince the user to load the DLL file.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2379) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2380) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2415) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-2424) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

  8. MS15-071 Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)

    Elevation of Privilege Vulnerability in Netlogon (CVE-2015-2374) MS Rating: Important

    An elevation of privilege vulnerability exists in Netlogon that is caused when the service improperly establishes a secure communications channel to a primary domain controller (PDC). An attacker would first need to have access to a PDC on a target network to exploit this vulnerability.

  9. MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)

    Graphics Component EOP Vulnerability (CVE-2015-2364) MS Rating: Important

    An elevation of privilege vulnerability exists in Windows Graphics Component when it fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system.

  10. MS15-073 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)

    Win32k Elevation of Privilege Vulnerability (CVE-2015-2363) MS Rating: Important

    An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker would first have to log on to the system to exploit this vulnerability.

    Win32k Elevation of Privilege Vulnerability (CVE-2015-2365) MS Rating: Important

    An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker would first have to log on to the system to exploit this vulnerability.

    Win32k Elevation of Privilege Vulnerability (CVE-2015-2366) MS Rating: Important

    An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker would first have to log on to the system to exploit this vulnerability.

    Win32k Information Disclosure Vulnerability (CVE-2015-2367) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles certain non-initialized values in memory. An attacker who successfully exploited this vulnerability could leak memory addresses or other sensitive kernel information that could be used for further exploitation of the system.

    Win32k Memory Disclosure Vulnerability (CVE-2015-2381) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.

    Win32k Memory Disclosure Vulnerability (CVE-2015-2382) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.

  11. MS15-074 Vulnerability in Windows Installer Component Could Allow Elevation of Privilege (3072630)

    Windows Installer EoP Vulnerability (CVE-2015-2371) MS Rating: Important

    An elevation of privilege vulnerability exists in some cases in the Windows Installer component when it improperly runs custom action scripts. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker must first compromise a user who is logged on to the system and find a vulnerable .msi package installed on it to exploit the vulnerability. The attacker could then place malicious code designed to increase privileges that the vulnerable .msi package can execute on the target machine.

  12. MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)

    OLE Elevation of Privilege Vulnerability (CVE-2015-2416) MS Rating: Important

    An elevation of privilege vulnerability exists when OLE objects are improperly handled in memory. An attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could exploit this vulnerability by convincing a user to open a file that contains a specially crafted OLE object.

    OLE Elevation of Privilege Vulnerability (CVE-2015-2417) MS Rating: Important

    An elevation of privilege vulnerability exists when OLE objects are improperly handled in memory. An attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could exploit this vulnerability by convincing a user to open a file that contains a specially crafted OLE object.

  13. MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)

    Windows DCOM RPC Elevation of Privilege Vulnerability (CVE-2015-2370) MS Rating: Important

    An elevation of privilege vulnerability exists in the Microsoft Remote Procedure Call (RPC) that could allow an attacker to elevate privileges on a targeted system. The vulnerability is caused when Windows RPC inadvertently allows a DCE/RPC connection reflection.

  14. MS15-077 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)

    ATMFD.DLL Memory Corruption Vulnerability (CVE-2015-2387) MS Rating: Important

    An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.