Endpoint Protection

 View Only

Microsoft Patch Tuesday – April 2015 

Apr 14, 2015 03:11 PM

ms-tuesday-patch-key-concept-white-light 2_2.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 11 bulletins covering a total of 26 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-apr

The following is a breakdown of the issues being addressed this month:

  1. MS15-032 Cumulative Security Update for Internet Explorer (3038314)

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1652) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1657) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1659) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1660) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1662) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1665) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1666) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1667) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-1668) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-1661) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this issue to bypass the Address Space Layout Randomization (ASLR) security feature by predicting the memory offsets of specific instructions in a given call stack.

  2. MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)

    Microsoft Outlook App for Mac XSS Vulnerability (CVE-2015-1639) MS Rating: Important

    An elevation of privilege vulnerability exists in the Microsoft Outlook for Mac app that is caused when the software improperly sanitizes HTML strings. An attacker who successfully exploited this vulnerability could read content that the attacker is not authorized to read or use the victim's identity to take actions on the targeted site or application.

    Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle rich text format files in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

    Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code. An attacker who successfully exploited this issue could run arbitrary code in the context of the current user.

    Microsoft Office Component Use After Free Vulnerability (CVE-2015-1650) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code. An attacker who successfully exploited this issue could run arbitrary code in the context of the current user.

    Microsoft Office Component Use After Free Vulnerability (CVE-2015-1651) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code. An attacker who successfully exploited this issue could run arbitrary code in the context of the current user.

  3. MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

    HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635) MS Rating: Critical

    A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account. An attacker can exploit this issue by sending a specially crafted HTTP request to the affected system.

  4. MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)

    EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Windows improperly processes certain, specially crafted Enhanced Metafile (EMF) image format files. An attacker can exploit this issue to run arbitrary code as the logged-on user.

  5. MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)

    Microsoft SharePoint XSS Vulnerability (CVE-2015-1640) MS Rating: Important

    An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this issue by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this issue could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

    Microsoft SharePoint XSS Vulnerability (CVE-2015-1653) MS Rating: Important

    An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this issue by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this issue could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

  6. MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)

    Task Scheduler Elevation of Privilege Vulnerability (CVE-2015-0098) MS Rating: Important

    An elevation of privilege vulnerability exists in Task Scheduler due to a known invalid task being present on certain systems. An attacker can exploit this issue to cause Task Scheduler to run a specially crafted application in the context of the System account.

  7. MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)

    NtCreateTransactionManager Type Confusion Vulnerability (CVE-2015-1643) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker can exploit this issue to bypass impersonation-level security checks and gain elevated privileges on a targeted system. An authenticated attacker can exploit this issue to acquire administrator credentials.

    Windows MS-DOS device name Vulnerability (CVE-2015-1644) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker can exploit this issue to bypass impersonation-level security checks and gain elevated privileges on a targeted system. An authenticated attacker can exploit this issue to acquire administrator credentials.

  8. MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)

    MSXML3 Same Origin Policy SFB vulnerability (CVE-2015-1646) MS Rating: Important

    A same-origin policy security feature bypass vulnerability exists in Microsoft XML Core Services (MSXML) where cross-domain data access could be possible in a document type declaration (DTD) scenario. An attacker can exploit this issue to gain access to sensitive user information, such as usernames and passwords.

  9. MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)

    Active Directory Federation Services Information Disclosure Vulnerability (CVE-2015-1638) MS Rating: Important

    An information disclosure vulnerability exists when Active Directory Federation Services (AD FS) fails to properly log off a user. The vulnerability could allow an unintentional information disclosure. An attacker can exploit this issue to gain access to a user's information by reopening an application from which the user logged off.

  10. MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

    ASP.NET Information Disclosure Vulnerability (CVE-2015-1648) MS Rating: Important

    An information disclosure vulnerability exists in ASP.NET that is caused when ASP.NET improperly handles certain requests on systems that have custom error messages disabled. An attacker can exploit this issue to view parts of a web configuration file, which could expose sensitive information.

  11. MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)

    Windows Hyper-V DoS Vulnerability (CVE-2015-1647) MS Rating: Important

    A denial of service vulnerability exists in Hyper-V when an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. This issue does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host, but it may cause other VMs on the host to be unmanageable in Virtual Machine Manager.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.