Zero-Day 2015- Úvod Graf Katal

Zero-Day 2015- Úvod Graf Katalog Zranitelností OWASP Webové útoky (103) Vulnerebility Web Vul. Top 50 in years CVE Defination ATT&CK Matrix for Enterprise

2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009

Microsoft Patch Tuesday – December 2015
ms-tuesday-patch-key-concept-white-light 2_7.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins, eight of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-dec

The following is a breakdown of the issues being addressed this month:

MS15-124 Cumulative Security Update for Internet Explorer (3116180)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6134) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6140) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6141) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6142) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6143) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6145) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6146) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6147) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6148) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6149) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6150) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6151) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6152) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6153) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6154) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6155) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6156) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6158) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6159) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6160) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6162) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer XSS Filter Bypass Vulnerability (CVE-2015-6138) MS Rating: Moderate

An XSS filter bypass vulnerability exists in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to an information disclosure.

Microsoft Browser XSS Filter Bypass Vulnerability (CVE-2015-6144) MS Rating: Moderate

Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135) MS Rating: Important

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2015-6139) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce content types. An attacker who successfully exploited the vulnerability could run arbitrary script with elevated privileges.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-6157) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could provide the attacker with information to further compromise the user's system.

Microsoft Browser ASLR Bypass (CVE-2015-6161) MS Rating: Important

A security feature bypass exists when Internet Explorer fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited it could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.

Internet Explorer XSS Filter Bypass Vulnerability (CVE-2015-6164) MS Rating: Important

A security feature bypass vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. The vulnerability could allow an attacker to access information from one domain and inject it into another domain.

MS15-125 Cumulative Security Update for Microsoft Edge (3116184)

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6140) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6142) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6148) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6151) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6153) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6154) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6155) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6158) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6159) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168) MS Rating: Critical

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2015-6139) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate file types under specific conditions, potentially allowing script to be run with elevated privileges.

Microsoft Browser ASLR Bypass y (CVE-2015-6161) MS Rating: Important

A security feature bypass exists when Microsoft Edge fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited it could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.

Microsoft Edge Spoofing Vulnerability (CVE-2015-6169) MS Rating: Important

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Microsoft Browser Elevation of Privilege Vulnerability (CVE-2015-6170) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Microsoft Browser XSS Filter Bypass Vulnerability (CVE-2015-6176) MS Rating: Moderate

An XSS filter bypass vulnerability exists in the way that Microsoft Edge disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to an information disclosure.

MS15-126 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)

Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135) MS Rating: Important

MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)

Windows DNS Use After Free Vulnerability (CVE-2015-6125) MS Rating: Critical

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly parse requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)

Graphics Memory Corruption Vulnerability (CVE-2015-6106) MS Rating: Important

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Graphics Memory Corruption Vulnerability (CVE-2015-6107) MS Rating: Critical

Graphics Memory Corruption Vulnerability (CVE-2015-6108) MS Rating: Critical

MS15-129 Security Update for Silverlight to Address Remote Code Execution (3106614)

Microsoft Silverlight RCE Vulnerability (CVE-2015-6166) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Silverlight incorrectly handles certain open and close requests that can result in read and write access violations.

Microsoft Silverlight Information Disclosure Vulnerability (CVE-2015-6114) MS Rating: Important

An information disclosure vulnerability exists when Silverlight fails to properly handle objects in memory, which could allow an attacker to more reliably predict pointer values and degrade the efficacy of the Address Space Layout Randomization (ASLR) security feature.

Microsoft Silverlight Information Disclosure Vulnerability (CVE-2015-6165) MS Rating: Important

MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)

Windows Integer Underflow Vulnerability (CVE-2015-6130) MS Rating: Critical

A remote code execution vulnerability exists when Windows Uniscribe improperly parses specially crafted fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111)

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6040) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6118) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6122) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6124) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6172) MS Rating: Critical

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6177) MS Rating: Important

MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162)

Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6128) MS Rating: Important

A remote code execution vulnerability exists when Windows improperly validates input before loading libraries. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132) MS Rating: Important

Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6133) MS Rating: Important

MS15-133 Security Update for Windows PGM to Address Elevation of Privilege (3116130)

Windows PGM UAF Elevation of Privilege Vulnerability (CVE-2015-6126) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows Pragmatic General Multicast (PGM) protocol that is caused when an attacker-induced race condition results in references to memory contents that have already been freed. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-134 Security Update for Windows Media Center to Address Remote Code Execution (3108669)

Media Center Library Parsing RCE Vulnerability (CVE-2015-6131) MS Rating: Important

A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system remotely. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Workstations are primarily at risk of this vulnerability.

Windows Media Center Information Disclosure Vulnerability (CVE-2015-6127) MS Rating: Important

A vulnerability exists in Windows Media Center that could allow an information disclosure if Windows Media Center improperly handles a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited the vulnerability could disclose local file system information. Workstations are primarily at risk of this vulnerability.

MS15-135 Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075)

Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6171) MS Rating: Important

An elevation of privilege vulnerability exists due to the way the Windows kernel handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6173) MS Rating: Important

Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6174) MS Rating: Important

Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6175) MS Rating: Important

Microsoft Patch Tuesday – November 2015
Ms-patch-tuesday-header.gif

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins covering a total of 53 vulnerabilities. Twenty-nine of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-nov

The following is a breakdown of the issues being addressed this month:

MS15-112 Cumulative Security Update for Internet Explorer (3104517)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2427) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6064) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6069) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6073) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6074) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6078) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086) MS Rating: Important

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087) MS Rating: Critical

Microsoft Browser ASLR Bypass Vulnerability (CVE-2015-6088) MS Rating: Important

VBScript and JScript Engine Memory Corruption Vulnerability (CVE-2015-6089) MS Rating: Critical

Remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.

MS15-113 Cumulative Security Update for Microsoft Edge (3104519)

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6064) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6073) MS Rating: Critical

Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6078) MS Rating: Critical

Microsoft Browser ASLR Bypass Vulnerability (CVE-2015-6088) MS Rating: Important

MS15-114 Security Update for Windows Journal to Address Remote Code Execution (3100213)

Windows Journal Heap Overflow Vulnerability (CVE-2015-6097) MS Rating: Critical

MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution (3105864)

Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6100) MS Rating: Important

An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6101) MS Rating: Important

Windows Kernel Memory Information Disclosure Vulnerability (CVE-2015-6102) MS Rating: Important

An information disclosure vulnerability exists when Windows fails to properly initialize memory addresses, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the Kernel driver from a compromised process.

Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103) MS Rating: Critical

A remote code execution vulnerability exists when the Adobe Type Manager Library in Windows improperly handles specially crafted OpenType fonts.

Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104) MS Rating: Critical

A remote code execution vulnerability exists when the Adobe Type Manager Library in Windows improperly handles specially crafted OpenType fonts.

Windows Kernel Memory Information Disclosure Vulnerability (CVE-2015-6109) MS Rating: Important

Windows Kernel Security Feature Bypass Vulnerability (CVE-2015-6113) MS Rating: Important

A security feature bypass vulnerability exists when the Windows kernel fails to properly validate permissions, allowing an attacker to inappropriately interact with the filesystem from low integrity level user-mode applications.

MS15-116 Microsoft Security Bulletin MS15-116 – Security Updates for Microsoft Office to Address Remote Code Execution - Important (3104540)

Microsoft Office Elevation of Privilege Vulnerability (CVE-2015-2503) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Office software when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploited the vulnerability could gain elevated privileges and break out of the Internet Explorer sandbox.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2015-6123) MS Rating: Important

A spoofing vulnerability exists that could lead to information disclosure when Microsoft Outlook for Mac does not sanitize HTML or treat it in a safe manner. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a malicious website.

MS15-117 Security Update for NDIS to Address Elevation of Privilege (3101722)

Windows NDIS Elevation of Privilege Vulnerability (CVE-2015-6098) MS Rating: Important

An elevation of privilege vulnerability exists when NDIS fails to check the length of a buffer prior to copying memory into it. An attacker who successfully exploited this vulnerability could gain elevated privileges on a targeted system.

MS15-118 Security Updates in .NET Framework to Address Elevation of Privilege (3104507)

Microsoft .NET Information Disclosure Vulnerability (CVE-2015-6096) MS Rating: Important

An information disclosure vulnerability exists in the .NET Framework DTD parsing of certain specially crafted XML files. An attacker who successfully exploited this vulnerability could gain read access to local files on the target system.

Microsoft .NET Elevation of Privilege Vulnerability (CVE-2015-6099) MS Rating: Important

A cross-site scripting (XSS) vulnerability exists in the way that .NET Framework validates the value of a HTTP request. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser.

Microsoft .NET ASLR Bypass Vulnerability (CVE-2015-6115) MS Rating: Important

A security feature bypass exists in a .NET Framework component that does not properly implement the Address Space Layout Randomization (ASLR) security feature.

MS15-119 Security Update in Winsock to Address Elevation of Privilege (3104521)

Winsock Elevation of Privilege Vulnerability (CVE-2015-2478) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when Winsock makes a call to a memory address without verifying that the address is valid. An attacker who successfully exploited this vulnerability could execute code with higher permissions than are allowed by their privilege level.

MS15-120 Security Update for IPSec to Address Denial of Service (3102939)

Windows IPSec Denial of Service Vulnerability (CVE-2015-6111) MS Rating: Important

A denial of service vulnerability exists in Windows when the Internet Protocol Security (IPSec) service improperly handles encryption negotiation. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive.

MS15-121 Security Update for Schannel to Address Spoofing (3081320)

Windows Schannel TLS Triple Handshake Vulnerability (CVE-2015-6112) MS Rating: Important

A spoofing vulnerability exists in Microsoft Windows that is caused by a weakness in all supported versions of the TLS protocol. An attacker who successfully exploited this vulnerability could impersonate a victim on any other server that uses the same credentials as those used between the client and server where the attack is initiated.

MS15-122 Security Update for Kerberos to Address Security Feature Bypass (3105256)

Windows Kerberos Security Feature Bypass Vulnerability (CVE-2015-6095) MS Rating: Important

A security feature bypass exists in Windows when Kerberos fails to checks the password change of a user signing into a workstation. An attacker who successfully exploited the bypass could use it to unlock a workstation and decrypt drives protected by BitLocker.

MS15-123 Security Update for Skype for Business and Lync to Address Information Disclosure (3105872)

Server Input Validation Security Feature Bypass Vulnerability (CVE-2015-6061) MS Rating: Important

A security feature bypass vulnerability exists when Skype for Business and Lync Servers improperly sanitize specially crafted content. An attacker who successfully exploited the vulnerability could execute HTML and JavaScript content in the Skype for Business or Lync context.

Microsoft Patch Tuesday – October 2015
Ms-patch-tuesday-header.gif

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 33 vulnerabilities. Thirteen of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-oct

The following is a breakdown of the issues being addressed this month:

MS15-106 Cumulative Security Update for Internet Explorer (3096441)

Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042) MS Rating: Critical

Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-6044) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing a script to be run with elevated privileges.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer. The update addresses the vulnerability by changing the way certain functions handle objects in memory.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-6047) MS Rating: Important

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050) MS Rating: Critical

Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-6051) MS Rating: Important

Internet Explorer VBScript and JScript ASLR Bypass (CVE-2015-6052) MS Rating: Important

A security feature bypass exists when the VBScript and JScript engines fail to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to more reliably run arbitrary code on a target system.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053) MS Rating: Important

Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055) MS Rating: Critical

Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6056) MS Rating: Important

Remote code execution vulnerability exists in the way that the Scripting Engine, when rendered in Internet Explorer, handle objects in memory.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059) MS Rating: Important

An information disclosure vulnerability exists when JScript or VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.

MS15-107 Cumulative Security Update for Microsoft Edge (3096448)

Microsoft Edge Information Disclosure Vulnerability (CVE-2015-6057) MS Rating: Moderate

Information disclosure vulnerability exists when Internet Explorer improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer.

Microsoft Edge XSS Filter Bypass (CVE-2015-6058) MS Rating: Important

A cross-site scripting (XSS) filter bypass vulnerability exists in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

MS15-108 Security Updates for JScript and VBScript to Address Remote Code Execution (3089659)

VBScript and JScript Engine Memory Corruption Vulnerability (CVE-2015-2482) MS Rating: Critical

VBScript and JScript ASLR Bypass (CVE-2015-6052) MS Rating: Important

VBScript and JScript Engine Memory Corruption Vulnerability (CVE-2015-6055) MS Rating: Critical

VBScript and JScript Engine Information Disclosure Vulnerability (CVE-2015-6059) MS Rating: Important

MS15-109 Security Update for Windows Shell to Address Remote Code Execution (3096443)

Windows Toolbar Use After Free Vulnerability (CVE-2015-2515) MS Rating: Critical

A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Tablet Input Band Use After Free Vulnerability (CVE-2015-2548) MS Rating: Critical

A remote code execution vulnerability exists when the Microsoft Tablet Input Band fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-110 Security Updates for Microsoft Office - Important (3096440)

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft SharePoint Information Disclosure Vulnerability (CVE-2015-2556) MS Rating: Important

An information disclosure vulnerability exists when SharePoint InfoPath Forms Services improperly parses the Document Type Definition (DTD) of an XML file. An attacker who successfully exploited the vulnerability could browse the contents of arbitrary files on a SharePoint server. An attacker must have write permissions to a site and InfoPath Services must be enabled to exploit the vulnerability.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Web Apps XSS Spoofing Vulnerability (CVE-2015-6037) MS Rating: Important

A spoofing vulnerability exists when an Office Web Apps Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Office Web Apps Server. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the Office Web App site on behalf of the victim, such as change permissions, delete content, steal sensitive information (such as browser cookies) and inject malicious content in the browser of the victim.

Microsoft SharePoint Security Feature Bypass Vulnerability (CVE-2015-6039) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft SharePoint. The vulnerability is caused when Office Marketplace is allowed to inject JavaScript code that persists onto a SharePoint page, because SharePoint does not enforce the appropriate permission level for an application or user. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.

MS15-111 Security Update for Windows Kernel to Address Elevation of Privilege (3096447)

Windows Kernel Memory Corruption Vulnerability (CVE-2015-2549) MS Rating: Important

An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows Elevation of Privilege Vulnerability (CVE-2015-2550) MS Rating: Important

Windows Kernel Trusted Boot Security Feature Bypass Vulnerability (CVE-2015-2552) MS Rating: Important

A security feature bypass vulnerability exists when Windows fails to properly enforce the Windows Trusted Boot policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. Furthermore, an attacker could bypass Trusted Boot integrity validation for BitLocker and Device Encryption security features.

Windows Mount Point Elevation of Privilege Vulnerability (CVE-2015-2553) MS Rating: Important

An elevation of privilege vulnerability exists when Windows improperly validates junctions in certain scenarios in which mount points are being created. An attacker who successfully exploited this vulnerability could potentially run arbitrary code in the security context of the user running a compromised application.

Windows Elevation of Privilege Vulnerability (CVE-2015-2554) MS Rating: Important

Microsoft Patch Tuesday – September 2015
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins covering a total of 52 vulnerabilities. Twenty of this month's issues are rated 'Critical'.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the September releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-sep

The following is a breakdown of the issues being addressed this month:

MS15-094 Cumulative Security Update for Internet Explorer (3089548)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2485) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2486) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2487) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2493) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2490) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2491) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2492) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2498) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2499) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2500) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2501) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2541) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2542) MS Rating: Critical

Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-2489) MS Rating: Important

Internet Explorer Information Disclosure Vulnerability (CVE-2015-2483) MS Rating: Important

Internet Explorer Tampering Vulnerability (CVE-2015-2484) MS Rating: Important

A tampering vulnerability exists when Internet Explorer accesses a file with an improper flag that in turn permits a file operation. This could allow a low privilege process to delete arbitrary files on the local system. This update addresses the vulnerability by properly masking this flag off.

Memory Corruption Vulnerability (CVE-2015-2494) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2015-2542) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

MS15-095 Cumulative Security Update for Microsoft Edge (3089665)

Memory Corruption Vulnerability (CVE-2015-2485) MS Rating: Critical

Memory Corruption Vulnerability (CVE-2015-2486) MS Rating: Critical

Memory Corruption Vulnerability (CVE-2015-2494) MS Rating: Critical

Memory Corruption Vulnerability (CVE-2015-2542) MS Rating: Critical

MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)

Active Directory Denial of Service Vulnerability (CVE-2015-2535) MS Rating: Important

A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive.

MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)

OpenType Font Parsing Vulnerability (CVE-2015-2506) MS Rating: Important

A denial of service vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited the vulnerability could crash the affected system.

Font Driver Elevation of Privilege Vulnerability (CVE-2015-2507) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code and take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Font Driver Elevation of Privilege Vulnerability (CVE-2015-2508) MS Rating: Important

Font Driver Elevation of Privilege Vulnerability (CVE-2015-2512) MS Rating: Important

Font Parsing Remote Code Execution Vulnerability (CVE-2015-2510) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when components of Windows, Office, and Lync improperly handle specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Win32k Memory Corruption Elevation of Privilege Vulnerability (CVE-2015-2511) MS Rating: Important

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Win32k Memory Corruption Elevation of Privilege Vulnerability (CVE-2015-2517) MS Rating: Important

Win32k Memory Corruption Elevation of Privilege Vulnerability (CVE-2015-2518) MS Rating: Important

Win32k Memory Corruption Elevation of Privilege Vulnerability (CVE-2015-2546) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2015-2527) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel mode driver (Win32k.sys) fails to properly validate and enforce integrity levels during certain process initialization scenarios. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Kernel ASLR Bypass Vulnerability (CVE-2015-2529) MS Rating: Important

A security feature bypass vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. This issue affects all supported Windows operating systems and is considered to be an Important-class Security Feature Bypass (SFB).

MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)

Windows Journal RCE Vulnerability (CVE-2015-2513) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Windows Journal RCE Vulnerability (CVE-2015-2514) MS Rating: Moderate

Windows Journal Integer Overflow RCE Vulnerability (CVE-2015-2519) MS Rating: Critical

Windows Journal RCE Vulnerability (CVE-2015-2530) MS Rating: Critical

Windows Journal DoS Vulnerability (CVE-2015-2516) MS Rating: Low

A denial-of-service vulnerability exists in Windows Journal when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause data loss on the target system. The denial-of -service would not allow an attacker to execute code or to elevate their user rights.

MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Important (3089664)

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2520) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2521) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2523) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.

Microsoft SharePoint XSS Spoofing Vulnerability (CVE-2015-2522) MS Rating: Important

A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data.

Microsoft Office Malformed EPS File Vulnerability (CVE-2015-2545) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow a remote code execution. An attacker who successfully exploited this vulnerability could take control of the affected system.

MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)

Windows Media Center RCE Vulnerability (CVE-2015-2509) MS Rating: Critical

A vulnerability exisits in Windows Media Center that could allow a remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

.NET Elevation of Privilege Vulnerability (CVE-2015-2504) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the .NET Framework validates the number of objects in memory before copying those objects into an array. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MVC Denial of Service Vulnerability (CVE-2015-2526) MS Rating: Important

A denial of service vulnerability exists that is caused when .NET fails to properly handle certain specially crafted requests. An attacker who successfully exploited this vulnerability could send a small number of specially crafted requests to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition.

MS15-102 Vulnerability in Windows Task Management Could Allow Elevation of Privilege (3089657)

Windows Task Management Elevation of Privilege Vulnerability (CVE-2015-2524) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Windows fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security checks and gain elevated privileges on a targeted system.

Windows Task File Deletion Elevation of Privilege Vulnerability (CVE-2015-2525) MS Rating: Important

An elevation of privilege vulnerability exists in Windows Task Scheduler when it improperly verifies certain file system interactions. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Windows Task Management Elevation of Privilege Vulnerability (CVE-2015-2528) MS Rating: Important

MS15-103 Vulnerability in Microsoft Exchange Server Could Allow Information Disclosure (3089250)

Exchange Information Disclosure Vulnerability (CVE-2015-2505) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web server requests. An attacker who successfully exploited the vulnerability could discover stacktrace details.

Exchange Spoofing Vulnerability (CVE-2015-2543) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when OWA does not properly sanitize specially crafted email. An authenticated attacker could exploit the vulnerability by sending a specially crafted email to a user. An attacker could then perform HTML injection attacks on affected systems, and attempt to trick the user into disclosing sensitive information.

Exchange Spoofing Vulnerability (CVE-2015-2544) MS Rating: Important

MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)

Skype for Business and Lync Server XSS Information Disclosure Vulnerability (CVE-2015-2531) MS Rating: Important

A cross-site scripting (XSS) vulnerability, which could result in information disclosure, exists when the jQuery engine in Skype for Business or in Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user's browser to obtain information from web sessions.

Lync Server XSS Information Disclosure Vulnerability (CVE-2015-2532) MS Rating: Important

A cross-site scripting (XSS) vulnerability, which could result in information disclosure, exists when Lync Server fail to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user's browser to obtain information from web sessions.

Skype for Business and Lync Server XSS Elevation of Privilege Vulnerability (CVE-2015-2536) MS Rating: Important

A cross-site scripting (XSS) vulnerability, which could result in elevation of privileges, exists when Skype for Business or Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)

Hyper-V Security Feature Bypass Vulnerability (CVE-2015-2534) MS Rating: Important

A security feature bypass vulnerability exists in Windows Hyper-V when access control list (ACL) configuration settings are not applied correctly. To exploit the vulnerability, an attacker could run a specially crafted application that could cause Hyper-V to allow unintended network traffic. Customers who have not enabled the Hyper-V role are not affected. The security update addresses the vulnerability by correcting how Hyper-V applies ACL configuration settings.

Microsoft Patch Tuesday – August 2015
ms-tuesday-patch-key-concept-white-light 2_5.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 14 bulletins covering a total of 52 vulnerabilities. Twenty-two of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the August releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-aug

The following is a breakdown of the issues being addressed this month:

MS15-079 Security Update for Internet Explorer (3082442)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2441) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2447) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452) MS Rating: Critical

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2445) MS Rating: Important

A security feature bypass vulnerability exists when Internet Explorer fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2449) MS Rating: Important

Unsafe Command Line Parameter Passing Vulnerability (CVE-2015-2423) MS Rating: Important

An information disclosure vulnerability exists in Internet Explorer when files at a medium integrity level become accessible when executed from a low integrity level in Internet Explorer Enhanced Protection Mode (EPM). An attacker can exploit this issue to read files on disk that should not be accessible from a low integrity level.

MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)

Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431) MS Rating: Important

A remote code execution vulnerability exists when Office fails to properly handle Open Graphic (OGL) fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

OpenType Font Parsing Vulnerability (CVE-2015-2432) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

OpenType Font Parsing Vulnerability (CVE-2015-2458) MS Rating: Critical

OpenType Font Parsing Vulnerability (CVE-2015-2459) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.An attacker who successfully exploited this vulnerability could take complete control of the affected system.

OpenType Font Parsing Vulnerability (CVE-2015-2460) MS Rating: Critical

OpenType Font Parsing Vulnerability (CVE-2015-2461) MS Rating: Critical

OpenType Font Parsing Vulnerability (CVE-2015-2462) MS Rating: Critical

TrueType Font Parsing Vulnerability (CVE-2015-2435) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when components of Windows, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

TrueType Font Parsing Vulnerability (CVE-2015-2455) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

TrueType Font Parsing Vulnerability (CVE-2015-2456) MS Rating: Critical

TrueType Font Parsing Vulnerability (CVE-2015-2463) MS Rating: Critical

TrueType Font Parsing Vulnerability (CVE-2015-2464) MS Rating: Critical

Kernel ASLR Bypass Vulnerability (CVE-2015-2433) MS Rating: Important

Windows CSRSS Elevation of Privilege Vulnerability (CVE-2015-2453) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the Windows Client/Server Run-time Subsystem (CSRSS) terminates a process when a user logs off. An attacker who successfully exploited this vulnerability could run code that is designed to monitor the actions of a user who subsequently logs on to the system. This could allow the disclosure of sensitive information or access to data on the affected systems that was accessible to the logged-on user. This sensitive data could include the logon credentials of subsequent users, which an attacker might later use for elevation of privilege or to execute code as a different user on the system.

Windows KMD Security Feature Bypass Vulnerability (CVE-2015-2454) MS Rating: Important

A security feature bypass vulnerability exists when the Windows kernel-mode driver fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system. An attacker can exploit this vulnerability in conjunction with another vulnerability.

Windows Shell Security Feature Bypass Vulnerability (CVE-2015-2465) MS Rating: Important

A security feature bypass vulnerability exists when the Windows shell fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system. An attacker can exploit this vulnerability in conjunction with another vulnerability.

MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1642) MS Rating: Important

Unsafe Command Line Parameter Passing Vulnerability (CVE-2015-2423) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Office when files at a medium integrity level become accessible when executed from a low integrity level in Internet Explorer Enhanced Protection Mode (EPM). An attacker can exploit this issue to read files on disk that should not be accessible from a low integrity level.

Microsoft Office Remote Code Execution Vulnerability (CVE-2015-2466) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly validate templates. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. An attacker can exploit this issue by tricking a user into opening a specially crafted template file with an affected version of Microsoft Office software.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477) MS Rating: Important

Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470) MS Rating: Important

A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. An attacker can exploit this issue by tricking a user into opening a specially crafted Office file with an affected version of Microsoft Office software.

MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)

Remote Desktop Session Host Spoofing Vulnerability (CVE-2015-2472) MS Rating: Important

A spoofing vulnerability exists when the Remote Desktop Session Host (RDSH) improperly validates cerficates during authentication. An attacker who successfully exploited this vulnerability impersonate the client session.

Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability (CVE-2015-2473) MS Rating: Important

A remote code execution vulnerability exists when the Remote Desktop Protocol (RDP) improperly loads binaries. An attacker who successfully exploited this vulnerability could execute arbitrary code within the context of the RDP (terminal) NetworkService account.

MS15-083 Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)

Server Message Block Memory Corruption Vulnerability (CVE-2015-2474) MS Rating: Important

An authenticated remote code execution vulnerability exists in Windows that is caused when Server Message Block (SMB) improperly handles certain logging activities, resulting in memory corruption. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

MS15-084 Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)

MSXML Information Disclosure Vulnerability (CVE-2015-2434) MS Rating: Important

An information disclosure vulnerability exists when MSXML explicitly allows the use of Secure Sockets Layer (SSL) 2.0. An attacker who successfully exploited the vulnerability could decrypt portions of encrypted network information traffic.

MSXML Information Disclosure Vulnerability (CVE-2015-2440) MS Rating: Important

An information disclosure vulnerability exists when Microsoft XML Core Services (MSXML) exposes memory addresses not intended for public disclosure. An attacker could combine this information disclosure vulnerability to bypass the Address Space Layout Randomization (ASLR) security feature with another vulnerability. An attacker who successfully exploited this vulnerability could potentially read private data.

MSXML Information Disclosure Vulnerability (CVE-2015-2471) MS Rating: Important

MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)

Elevation of Privilege in Mount Manager Vulnerability (CVE-2015-1769) MS Rating: Important

An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and in certain situations execute it.

MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)

System Center Operations Manager Web Console XSS Vulnerability (CVE-2015-2420) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft System Center Operations Manager that is caused by the improper validation of input. An attacker who successfully exploited this vulnerability could inject a client-side script into the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected website on behalf of the targeted user.

MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)

UDDI Services Could Allow Elevation of Privilege Vulnerability (CVE-2015-2475) MS Rating: Important

An elevation of privilege exists in Microsoft Windows when the Universal Description, Discovery, and Integration (UDDI) Services improperly validate or sanitize the search parameter in a tag. An attacker who successfully exploited this vulnerability could leak authorization cookies or unexpectedly redirect a user to a malicious webpage.

MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)

Unsafe Command Line Parameter Passing Vulnerability (CVE-2015-2423) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when files at a medium integrity level become accessible when executed from a low integrity level in Internet Explorer Enhanced Protection Mode (EPM). An attacker who successfully exploited this vulnerability could read files on disk that should not be accessible from a low integrity level.

MS15-089 Vulnerability in WebDAV Could Allow Information Disclosure (3076949)

WebDAV Client Information Disclosure Vulnerability (CVE-2015-2476) MS Rating: Important

An information disclosure vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client that is caused when it explicitly allows the use of Secure Socket Layer (SSL) 2.0. An attacker who successfully exploited this vulnerability could decrypt portions of encrypted traffic. An attacker could force an encrypted SSL 2.0 session and use a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic to exploit this vulnerability.

MS15-090 Vulnerabilities in Microsoft Windows Could Allow Security Bypass (3060716)

Windows Object Manager Elevation of Privilege Vulnerability (CVE-2015-2428) MS Rating: Important

An elevation of privilege vulnerability exists in Windows Object Manager when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system. An attacker would have to log on to an affected system and run a specially crafted application to exploit this vulnerability.

Windows Registry Elevation of Privilege Vulnerability (CVE-2015-2429) MS Rating: Important

An elevation of privilege exists in Microsoft Windows when it improperly allows certain registry interactions from within vulnerable sandboxed applications. An attacker who successfully exploited this vulnerability could improperly interact with the registry and attempt to escape the application sandbox. An attacker exploit this vulnerability by convincing a user to open a specially crafted file that would invoke a vulnerable sandboxed application, resulting in a compromise of the sandbox.

Windows Filesystem Elevation of Privilege Vulnerability (CVE-2015-2430) MS Rating: Important

An elevation of privilege exists in Microsoft Windows when it improperly allows certain filesystem interactions from within vulnerable sandboxed applications. An attacker who successfully exploited this vulnerability could improperly interact with the filesystem and attempt to escape the application sandbox. An attacker exploit this vulnerability by convincing a user to open a specially crafted file that would invoke a vulnerable sandboxed application, allowing an attacker to escape the sandbox.

MS15-091 Cumulative Security Update for Microsoft Edge (3084525)

Edge Memory Corruption Vulnerability (CVE-2015-2441) MS Rating: Critical

A remote code execution vulnerability exists when Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Edge Memory Corruption Vulnerability (CVE-2015-2442) MS Rating: Critical

Edge Corruption Vulnerability (CVE-2015-2446) MS Rating: Critical

Edge ASLR Bypass Vulnerability (CVE-2015-2449) MS Rating: Important

A security feature bypass vulnerability exists when Edge fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)

RyuJIT Optimization Elevation of Privilege Vulnerability (CVE-2015-2479) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft .NET Framework when the RyuJIT compiler improperly optimizes certain parameters resulting in a code generation error. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker can exploit this issue by hosting a specially crafted .NET application and convince users to run the application.

RyuJIT Optimization Elevation of Privilege Vulnerability (CVE-2015-2480) MS Rating: Important

RyuJIT Optimization Elevation of Privilege Vulnerability (CVE-2015-2481) MS Rating: Important

Microsoft Patch Tuesday – July 2015
ms-tuesday-patch-key-concept-white-light 2_4.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 14 bulletins covering a total of 58 vulnerabilities. Twenty-four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-jul

The following is a breakdown of the issues being addressed this month:

MS15-058 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)

SQL Server Elevation of Privilege Vulnerability (CVE-2015-1761) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly casts pointers to an incorrect class. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database.

SQL Server Remote Code Execution Vulnerability (CVE-2015-1762) MS Rating: Important

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query on an affected SQL server that has special permission settings (such as VIEW SERVER STATE) turned on.

SQL Server Remote Code Execution Vulnerability (CVE-2015-1763) MS Rating: Important

An authenticated remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory.

MS15-065 Security Update for Internet Explorer (3076321)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1733) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1738) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1767) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2383) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2384) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2385) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2388) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2389) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2390) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2391) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2397) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2401) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2403) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2404) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2406) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2408) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2411) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2422) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-2425) MS Rating: Critical

Internet Explorer Information Disclosure Vulnerability (CVE-2015-1729) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to gain access to information in another domain or Internet Explorer zone.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2015-2402) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-2410) MS Rating: Moderate

An information disclosure vulnerability exists when Internet Explorer does not properly handle requests from external stylesheets, which could allow an attacker to detect the existence of specific files on the user's computer.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-2412) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly validate file paths, which could allow an attacker to disclose the contents of arbitrary files on the user's computer.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-2413) MS Rating: Important

Internet Explorer Information Disclosure Vulnerability (CVE-2015-2414) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly handle cached image information, which could allow an attacker to gain access to information about the user's browsing history.

Internet Explorer XSS Filter Bypass Vulnerability (CVE-2015-2398) MS Rating: Important

XSS filter bypass vulnerability exists in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-2421) MS Rating: Important

A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

JScript9 Memory Corruption Vulnerability (CVE-2015-2419) MS Rating: Important

A remote code execution vulnerability exists in the way that the JScript engine, when rendered in Internet Explorer, handles objects in memory.

VBScript Memory Corruption Vulnerability (CVE-2015-2372) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory.

MS15-066 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)

VBScript Memory Corruption Vulnerability (CVE-2015-2372) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory.

MS15-067 Vulnerability in RDP Could Allow Remote Code Execution (3073094)

Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373) MS Rating: Critical

A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) terminal service handles packets. An attacker can exploit this issue to execute arbitrary code or cause denial of service conditions.

MS15-068 Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution (3072000)

Hyper-V Buffer Overflow Vulnerability (CVE-2015-2361) MS Rating: Critical

A remote code execution vulnerability exists in Windows Server Hyper-V in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

Hyper-V System Data Structure Vulnerability (CVE-2015-2362) MS Rating: Critical

MS15-069 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)

Windows DLL Remote Code Execution Vulnerability (CVE-2015-2368) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows improperly handles the loading of dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker would first have to place a specially crafted DLL file in the target user's current working directory to exploit this vulnerability. The attacker would then have to convince the user to load the DLL file.

DLL Planting Remote Code Execution Vulnerability (CVE-2015-2369) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows Media Device Manager improperly handles the loading of certain specially crafted DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker would first have to convince a user to open a specially crafted .RTF file to exploit this vulnerability.

MS15-070 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)

Microsoft Excel ASLR Bypass Vulnerability (CVE-2015-2375) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Excel when memory is released in an unintended manner. The vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, and potentially allow remote code execution. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability to run arbitrary code.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2376) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2377) MS Rating: Important

Microsoft Excel DLL Remote Code Execution Vulnerability (CVE-2015-2378) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Excel improperly handles the loading of dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker would first have to place a specially crafted DLL file in the target user's current working directory to exploit this vulnerability. The attacker would then have to convince the user to load the DLL file.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2379) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2380) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2415) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-2424) MS Rating: Important

MS15-071 Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)

Elevation of Privilege Vulnerability in Netlogon (CVE-2015-2374) MS Rating: Important

An elevation of privilege vulnerability exists in Netlogon that is caused when the service improperly establishes a secure communications channel to a primary domain controller (PDC). An attacker would first need to have access to a PDC on a target network to exploit this vulnerability.

MS15-072 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)

Graphics Component EOP Vulnerability (CVE-2015-2364) MS Rating: Important

An elevation of privilege vulnerability exists in Windows Graphics Component when it fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system.

MS15-073 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)

Win32k Elevation of Privilege Vulnerability (CVE-2015-2363) MS Rating: Important

An elevation of privilege vulnerability exists due to the way the Windows kernel-mode driver handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker would first have to log on to the system to exploit this vulnerability.

Win32k Elevation of Privilege Vulnerability (CVE-2015-2365) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2015-2366) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2015-2367) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles certain non-initialized values in memory. An attacker who successfully exploited this vulnerability could leak memory addresses or other sensitive kernel information that could be used for further exploitation of the system.

Win32k Memory Disclosure Vulnerability (CVE-2015-2381) MS Rating: Important

An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver leaks private address information during a function call. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.

Win32k Memory Disclosure Vulnerability (CVE-2015-2382) MS Rating: Important

MS15-074 Vulnerability in Windows Installer Component Could Allow Elevation of Privilege (3072630)

Windows Installer EoP Vulnerability (CVE-2015-2371) MS Rating: Important

An elevation of privilege vulnerability exists in some cases in the Windows Installer component when it improperly runs custom action scripts. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker must first compromise a user who is logged on to the system and find a vulnerable .msi package installed on it to exploit the vulnerability. The attacker could then place malicious code designed to increase privileges that the vulnerable .msi package can execute on the target machine.

MS15-075 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)

OLE Elevation of Privilege Vulnerability (CVE-2015-2416) MS Rating: Important

An elevation of privilege vulnerability exists when OLE objects are improperly handled in memory. An attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could exploit this vulnerability by convincing a user to open a file that contains a specially crafted OLE object.

OLE Elevation of Privilege Vulnerability (CVE-2015-2417) MS Rating: Important

MS15-076 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)

Windows DCOM RPC Elevation of Privilege Vulnerability (CVE-2015-2370) MS Rating: Important

An elevation of privilege vulnerability exists in the Microsoft Remote Procedure Call (RPC) that could allow an attacker to elevate privileges on a targeted system. The vulnerability is caused when Windows RPC inadvertently allows a DCE/RPC connection reflection.

MS15-077 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)

ATMFD.DLL Memory Corruption Vulnerability (CVE-2015-2387) MS Rating: Important

An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.

Microsoft Patch Tuesday – June 2015
ms-tuesday-patch-key-concept-white-light 2_3.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 45 vulnerabilities. Twenty of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-jun

The following is a breakdown of the issues being addressed this month:

MS15-056 Cumulative Security Update for Internet Explorer (3058515)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1754) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766) MS Rating: Critical

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1739) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1743) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1748) MS Rating: Moderate

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Internet Explorer Information Disclosure Vulnerability (CVE-2015-1765) MS Rating: Important

An information disclosure vulnerability exists in Internet Explorer that could allow an attacker who successfully exploited this vulnerability to gain access to a user's browser history.

MS15-057 Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)

Windows Media Player RCE via DataObject Vulnerability (CVE-2015-1728) MS Rating: Important

A remote code execution vulnerability exists in the way that the Windows Media Player handles specially crafted DataObjects. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely.

MS15-059 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)

Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1759) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software that is caused when the Office software improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1760) MS Rating: Important

MS15-060 Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)

Microsoft Common Control use after free vulnerability (CVE-2015-1756) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Common Controls when it accesses an object in memory that has not been correctly initialized or has been deleted. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

MS15-061 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3057839)

Microsoft Windows Kernel Information Disclosure Vulnerability (CVE-2015-1719) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles buffer elements under certain conditions, allowing an attacker to request the contents of specific memory addresses. An attacker who successfully exploited this vulnerability could potentially read data not intended to be disclosed. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information in an attempt to further compromise the affected system.

Microsoft Windows Kernel Use After Free Vulnerability (CVE-2015-1720) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly frees an object in memory that an attacker can use to execute arbitrary code with elevated permissions. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Win32k Null Pointer Dereference Vulnerability (CVE-2015-1721) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to insufficient validation of certain data passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability (CVE-2015-1722) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel-mode driver when it accesses an object in memory that has either not been correctly initialized or deleted. The vulnerability may corrupt memory in such a way that an attacker could gain elevated privileges on a targeted system. An attacker would first have to log on to the system to exploit this vulnerability.

Microsoft Windows Station Use After Free Vulnerability (CVE-2015-1723) MS Rating: Important

Microsoft Windows Kernel Object Use After Free Vulnerability (CVE-2015-1724) MS Rating: Important

Win32k Buffer Overflow Vulnerability (CVE-2015-1725) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel-mode driver when it improperly validates user input. An attacker who successfully exploited this vulnerability could gain elevated privileges on a targeted system. An attacker would first have to log on to the system to exploit this vulnerability.

Microsoft Windows Kernel Brush Object Use After Free Vulnerability (CVE-2015-1726) MS Rating: Important

Win32k Pool Buffer Overflow Vulnerability (CVE-2015-1727) MS Rating: Important

Win32k Memory Corruption Elevation of Privilege Vulnerability (CVE-2015-1768) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver, Win32k.sys, fails to properly free memory. An attacker who successfully exploited this vulnerability could execute arbitrary code within the context of another user. An attacker would first have to log on to the system to exploit this vulnerability.

Win32k Elevation of Privilege Vulnerability (CVE-2015-2360) MS Rating: Important

MS15-062 Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)

ADFS XSS Elevation of Privilege Vulnerability (CVE-2015-1757) MS Rating: Important

An elevation of privilege vulnerability exists in the way that URL's are sanitized in Active Directory Federation Services (AD FS). An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.

MS15-063 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)

Windows LoadLibrary EoP Vulnerability (CVE-2015-1758) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows LoadLibrary when it fails to properly validate user input. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system.

MS15-064 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

Exchange Server-Side Request Forgery Vulnerability (CVE-2015-1764) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Exchange web applications when Exchange does not properly manage the same-origin policy. An attacker could exploit this Server-Side Request Forgery (SSRF) vulnerability by using a specially crafted web application request. An attacker who successfully exploited this vulnerability could then perform certain unauthorized actions.

Exchange Cross-Site Request Forgery Vulnerability (CVE-2015-1771) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Exchange web applications when Exchange does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated (logged on) to the target site.

Exchange HTML Injection Vulnerability (CVE-2015-2359) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Exchange web applications when Exchange does not properly sanitize HTML strings. To exploit this HTML Injection vulnerability an attacker must have the ability to submit a specially crafted script to a target site that uses HTML sanitization.

Microsoft Patch Tuesday – May 2015
ms-tuesday-patch-key-concept-white-light 2_2.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 13 bulletins covering a total of 46 vulnerabilities. Twenty-one of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-may

The following is a breakdown of the issues being addressed this month:

MS15-043 Cumulative Security Update for Internet Explorer (3049563)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1658) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1689) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1691) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1694) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1705) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1706) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1708) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1709) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1710) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1711) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1712) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1714) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1717) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1718) MS Rating: Critical

VBScript ASLR Bypass (CVE-2015-1684) MS Rating: Important

A security feature bypass exists when the VBScript engine, when rendered in Internet Explorer, does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker can use the ASLR bypass in conjunction with another vulnerability to run arbitrary code.

VBScript and JScript ASLR Bypass (CVE-2015-1686) MS Rating: Important

A security feature bypass exists when the JScript and VBScript engines, when rendered in Internet Explorer, do not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker can use the ASLR bypass in conjunction with another vulnerability to run arbitrary code.

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-1685) MS Rating: Important

A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this issue to bypass the Address Space Layout Randomization (ASLR) security feature by predicting the memory offsets of specific instructions in a given call stack. An attacker can use the ASLR bypass in conjunction with another vulnerability to run arbitrary code.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1688 ) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1703 ) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1704 ) MS Rating: Moderate

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1713 ) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2015-1692 ) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly restrict access to the clipboard of a user who visits a website. The vulnerability could allow data stored on the Windows clipboard to be accessed by a malicious site.

MS15-044 Vulnerabilities in GDI+ Could Allow Remote Code Execution (3057110)

OpenType Font Parsing Vulnerability (CVE-2015-1670) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Windows when the Windows DirectWrite library improperly handles OpenType fonts. An attacker who successfully exploited this vulnerability could potentially read data which was not intended to be disclosed.

TrueType Font Parsing Vulnerability (CVE-2015-1671) MS Rating: Critical

A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

MS15-045 Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)

Windows Journal Remote Code Execution Vulnerability (CVE-2015-1675) MS Rating: Critical

Windows Journal Remote Code Execution Vulnerability (CVE-2015-1695) MS Rating: Critical

Windows Journal Remote Code Execution Vulnerability (CVE-2015-1696) MS Rating: Critical

Windows Journal Remote Code Execution Vulnerability (CVE-2015-1697) MS Rating: Critical

Windows Journal Remote Code Execution Vulnerability (CVE-2015-1698) MS Rating: Critical

Windows Journal Remote Code Execution Vulnerability (CVE-2015-1699) MS Rating: Critical

MS15-046 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1682) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. Specifically, this issue occurs when a user opens a specially crafted file with an affected version of Microsoft Office software.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1683) MS Rating: Important

MS15-047 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)

Microsoft SharePoint Page Content Vulnerabilities (CVE-2015-1700) MS Rating: Important

Multiple remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.

MS15-048 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

.NET XML Decryption Denial of Service Vulnerability (CVE-2015-1672) MS Rating: Important

A denial of service vulnerability exists in Microsoft .NET Framework that could allow an unauthenticated attacker to degrade the performance of a .NET-enabled website and disrupt the availability of applications that use Microsoft .NET Framework. The vulnerability exists when Microsoft .NET Framework attempts to decrypt certain specially crafted XML data. An attacker can exploit this issue by sending a specially crafted XML data to a .NET application with the intention of causing processing recursion that leads to the denial-of-service condition.

Windows Forms Elevation of Privilege Vulnerability (CVE-2015-1673) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft .NET Framework that is caused when .NET's Windows Forms (WinForms) libraries improperly handle objects in memory. An attacker who successfully exploited the vulnerability could take complete control of an affected system.

MS15-049 Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)

Microsoft Silverlight Out of Browser Application Vulnerability (CVE-2015-1715) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Silverlight that is caused when Silverlight improperly allows applications that are intended to run at a low integrity level (very limited permissions) to be executed at a medium integrity level (permissions of the current user) or higher. To exploit this vulnerability an attacker would first have to log on to the system or convince a logged on user to execute a specially crafted Silverlight application.

MS15-050 Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)

Service Control Manager Elevation of Privilege Vulnerability (CVE-2015-1702) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows Service Control Manager (SCM) when the SCM improperly verifies impersonation levels. An attacker who successfully exploited this vulnerability could gain elevated privileges and make calls to SCM for which they lack sufficient privilege.

MS15-051 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-1676) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel-mode driver leaks private address information during a function call, which could allow the disclosure of kernel memory contents, revealing information about the system to an attacker.

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-1677) MS Rating: Important

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-1678) MS Rating: Important

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-1679) MS Rating: Important

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-1680) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2015-1701) MS Rating: Important

An elevation of privilege vulnerability exists when Windows kernel-mode drivers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

MS15-052 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)

Windows Kernel Security Feature Bypass Vulnerability (CVE-2015-1674) MS Rating: Important

A security feature bypass vulnerability exists when the Windows kernel fails to properly validate which mode the request comes from, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could then retrieve the base address of cng.sys from a compromised process.

MS15-053 Vulnerability in VBScript Scripting Engine Could Allow Security Feature Bypass (3057263)

VBScript ASLR Bypass (CVE-2015-1684) MS Rating: Important

VBScript and JScript ASLR Bypass (CVE-2015-1686) MS Rating: Important

MS15-054 Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)

Microsoft Management Console File Format Denial of Service Vulnerability (CVE-2015-1681) MS Rating: Important

A denial of service vulnerability exists when Windows attempts to access a specially crafted .msc file to retrieve the icon information and then fails to properly validate a destination buffer.

MS15-055 Vulnerability in Schannel Could Allow Information Disclosure (3061518)

Schannel Information Disclosure Vulnerability (CVE-2015-1716) MS Rating: Important

An information disclosure vulnerability exists in Secure Channel (Schannel) when it allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks.

Microsoft Patch Tuesday – April 2015
ms-tuesday-patch-key-concept-white-light 2_2.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 11 bulletins covering a total of 26 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-apr

The following is a breakdown of the issues being addressed this month:

MS15-032 Cumulative Security Update for Internet Explorer (3038314)

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1652) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1657) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1659) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1660) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1662) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1665) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1666) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1667) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1668) MS Rating: Critical

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-1661) MS Rating: Important

MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)

Microsoft Outlook App for Mac XSS Vulnerability (CVE-2015-1639) MS Rating: Important

An elevation of privilege vulnerability exists in the Microsoft Outlook for Mac app that is caused when the software improperly sanitizes HTML strings. An attacker who successfully exploited this vulnerability could read content that the attacker is not authorized to read or use the victim's identity to take actions on the targeted site or application.

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle rich text format files in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649) MS Rating: Critical

Microsoft Office Component Use After Free Vulnerability (CVE-2015-1650) MS Rating: Important

Microsoft Office Component Use After Free Vulnerability (CVE-2015-1651) MS Rating: Critical

MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635) MS Rating: Critical

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account. An attacker can exploit this issue by sending a specially crafted HTTP request to the affected system.

MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)

EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Windows improperly processes certain, specially crafted Enhanced Metafile (EMF) image format files. An attacker can exploit this issue to run arbitrary code as the logged-on user.

MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)

Microsoft SharePoint XSS Vulnerability (CVE-2015-1640) MS Rating: Important

An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this issue by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this issue could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

Microsoft SharePoint XSS Vulnerability (CVE-2015-1653) MS Rating: Important

MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)

Task Scheduler Elevation of Privilege Vulnerability (CVE-2015-0098) MS Rating: Important

An elevation of privilege vulnerability exists in Task Scheduler due to a known invalid task being present on certain systems. An attacker can exploit this issue to cause Task Scheduler to run a specially crafted application in the context of the System account.

MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)

NtCreateTransactionManager Type Confusion Vulnerability (CVE-2015-1643) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker can exploit this issue to bypass impersonation-level security checks and gain elevated privileges on a targeted system. An authenticated attacker can exploit this issue to acquire administrator credentials.

Windows MS-DOS device name Vulnerability (CVE-2015-1644) MS Rating: Important

MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)

MSXML3 Same Origin Policy SFB vulnerability (CVE-2015-1646) MS Rating: Important

A same-origin policy security feature bypass vulnerability exists in Microsoft XML Core Services (MSXML) where cross-domain data access could be possible in a document type declaration (DTD) scenario. An attacker can exploit this issue to gain access to sensitive user information, such as usernames and passwords.

MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)

Active Directory Federation Services Information Disclosure Vulnerability (CVE-2015-1638) MS Rating: Important

An information disclosure vulnerability exists when Active Directory Federation Services (AD FS) fails to properly log off a user. The vulnerability could allow an unintentional information disclosure. An attacker can exploit this issue to gain access to a user's information by reopening an application from which the user logged off.

MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)

ASP.NET Information Disclosure Vulnerability (CVE-2015-1648) MS Rating: Important

An information disclosure vulnerability exists in ASP.NET that is caused when ASP.NET improperly handles certain requests on systems that have custom error messages disabled. An attacker can exploit this issue to view parts of a web configuration file, which could expose sensitive information.

MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)

Windows Hyper-V DoS Vulnerability (CVE-2015-1647) MS Rating: Important

A denial of service vulnerability exists in Hyper-V when an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. This issue does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host, but it may cause other VMs on the host to be unmanageable in Virtual Machine Manager.

Microsoft Patch Tuesday – March 2015
ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing fourteen bulletins covering a total of 45 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-mar

The following is a breakdown of the issues being addressed this month:

MS15-018 Cumulative Security Update for Internet Explorer (3032359)

VBScript Memory Corruption Vulnerability (CVE-2015-0032) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0056) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0099) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0100) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1622) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1623) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1624) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1625) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1626) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-1634) MS Rating: Critical

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-0072) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-1627 ) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

MS15-019 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)

VBScript Memory Corruption Vulnerability (CVE-2015-0032) MS Rating: Critical

MS15-020 Vulnerability in Windows Shell Could Allow Remote Code Execution (3041836)

WTS Remote Code Execution Vulnerability (CVE-2015-0081) MS Rating: Critical

A remote code execution vulnerability exists when Windows Text Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the logged-on user.

DLL Planting Remote Code Exectution Vulnerability (CVE-2015-0096) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Windows improperly handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

MS15-021 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)

Adobe Font Driver Denial of Service Vulnerability (CVE-2015-0074) MS Rating: Moderate

A denial of service vulnerability exists in how the Adobe Font Driver manages memory when parsing fonts. A user who visited a specially crafted website or opened a specially crafted file could be affected by this vulnerability.

Adobe Font Driver Information Disclosure Vulnerability (CVE-2015-0087) MS Rating: Important

An information-disclosure vulnerability exists in the Adobe Font Driver that could allow the disclosure of memory contents to an attacker. This issue occurs when the Adobe Font Driver tries to read or display certain fonts.

Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0088) MS Rating: Critical

A remote code-execution vulnerability exists in the Adobe Font Driver that could allow remote code execution if a user views a specially crafted file or website. This issue occurs when the Adobe Font Driver improperly overwrites objects in memory.

Adobe Font Driver Information Disclosure Vulnerability (CVE-2015-0089) MS Rating: Important

Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0090) MS Rating: Critical

Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0091) MS Rating: Critical

Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0092) MS Rating: Critical

Adobe Font Driver Remote Code Execution Vulnerability (CVE-2015-0093) MS Rating: Critical

MS15-022 Vulnerabilities in Microsoft Office could allow Elevation of Privilege (3038999)

Microsoft Office Component Use After Free Vulnerability (CVE-2015-0085) MS Rating: Important

Microsoft Office Memory Corruption Vulnerability (CVE-2015-0086) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle rich text format files in memory.

Microsoft Word Local Zone Remote Code Execution Vulnerability (CVE-2015-0097) MS Rating: Important

SharePoint User Name XSS Vulnerability (CVE-2015-1633) MS Rating: Important

An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.

SharePoint XSS Vulnerability (CVE-2015-1636) MS Rating: Important

An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.

MS15-023 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-0077) MS Rating: Important

An information disclosure vulnerability exists in the Windows kernel-mode driver that could allow the disclosure of kernel memory contents to an attacker. This vulnerability is caused when the Windows kernel-mode driver fails to initialize function buffers in a manner that removes the results of previous function calls.

Win32k Elevation of Privilege Vulnerability (CVE-2015-0078) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel-mode driver that is caused when the kernel-mode driver fails to properly validate the calling thread's token.

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-0094) MS Rating: Important

Microsoft Windows Kernel Memory Disclosure Vulnerability (CVE-2015-0095) MS Rating: Important

MS15-024 Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)

Malformed PNG Parsing Information Disclosure Vulnerability (CVE-2015-0080) MS Rating: Important

An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted PNG image format files. The vulnerability could allow an information disclosure if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

MS15-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (CVE-2015-0073) MS Rating: Important

An elevation of privilege vulnerability exists in the way that Windows Registry Virtualization improperly allows a user to modify the virtual store of another user. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system.

Impersonation Level Check Elevation of Privilege Vulnerability (CVE-2015-0075) MS Rating: Important

An elevation of privilege vulnerability exists when Windows fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass user account checks to gain elevated privileges.

MS15-026 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)

OWA Modified Canary Parameter Cross Site Scripting Vulnerability (CVE-2015-1628) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue affects the OWA Modified Canary Parameter.

ExchangeDLP Cross Site Scripting Vulnerability (CVE-2015-1629) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue exists in ExchangeDLP.

Audit Report Cross Site Scripting Vulnerability (CVE-2015-1630) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue exists in Audit Report.

Exchange Forged Meeting Request Spoofing Vulnerability (CVE-2015-1631) MS Rating: Important

A spoofing vulnerability exists in Exchange Server when Exchange fails to properly validate the meeting organizer identity when accepting or modifying meeting requests. An attacker who successfully exploited this vulnerability could then use the vulnerability to schedule or modify meetings while appearing to originate from a legitimate meeting organizer.

Exchange Error Message Cross Site Scripting Vulnerability (CVE-2015-1632) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. This issue exists in Exchange Error Message.

MS15-027 Vulnerability in NETLOGON Could Allow Spoofing (3002657)

NETLOGON Spoofing Vulnerability (CVE-2015-0005) MS Rating: Important

A spoofing vulnerability exists in NETLOGON. The vulnerability is caused when the Netlogon service improperly establishes a secure communications channel, when given a computer name, without challenging for credentials.

MS15-028 Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)

Task Scheduler Security Feature Bypass Vulnerability (CVE-2015-0084) MS Rating: Important

A security feature bypass vulnerability exists when Windows Task Scheduler fails to properly validate and enforce impersonation levels. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run.

MS15-029 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3035126)

JPEG XR Parser Information Disclosure Vulnerability (CVE-2015-0076) MS Rating: Important

An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted JPEG XR (.JXR) image format files. The vulnerability could allow an information disclosure if an attacker runs a specially crafted application on an affected system.

MS15-030 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2015-0079) MS Rating: Important

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker creates multiple RDP sessions which fail to properly fails to properly free objects in memory. An unauthenticated attacker could use this vulnerability to exhaust the system memory by creating multiple RDP sessions.

MS15-031 Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

Schannel Security Feature Bypass Vulnerability (CVE-2015-1637) MS Rating: Important

A security feature bypass vulnerability exists in Secure Channel (Schannel) that is caused by an issue in the TLS state machine whereby a client system accepts an RSA key with a shorter key length than the originally negotiated key length. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems.

Microsoft Patch Tuesday – February 2015
ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 56 vulnerabilities. Thirty-seven of this month's issues are rated "Critical".

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/library/security/ms15-feb

The following is a breakdown of the issues being addressed this month:

MS15-009 Cumulative Security Update for Internet Explorer (3034682)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-8967) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0017) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0018) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0019) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0020) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0021) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0022) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0023) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0025) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0026) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0027) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0028) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0029) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0030) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0031) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0035) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0036) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0037) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0038) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0039) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0040) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0041) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0042) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0043) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0044) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0045) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0046) MS Rating: Important

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0048) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0049) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0052) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0053) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0066) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0067) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2015-0068) MS Rating: Critical

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-0054) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-0055) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0051) MS Rating: Important

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0069) MS Rating: Important

Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0071) MS Rating: Important

Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2015-0070) MS Rating: Critical

An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies which could allow an attacker to gain access to information in another domain or Internet Explorer zone.

MS15-010 Vulnerabilities in Windows Kernel Mode Driver Could Allow Remote Code (3036220)

Win32k Elevation of Privilege Vulnerability (CVE-2015-0003) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel mode driver (Win32k.sys) that is caused when it improperly validates permissions under specific conditions, allowing scripts to be run with elevated privileges.

CNG Security Feature Bypass Vulnerability (CVE-2015-0010) MS Rating: Important

A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user.

Win32k Elevation of Privilege Vulnerability (CVE-2015-0057) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

Windows Cursor Object Double Free Vulnerability (CVE-2015-0058) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when a function call returns unverified user mode data. This allows for the hijacking of the user mode function in order to pass arbitrary code to the kernel for execution.

TrueType Font Parsing Remote Code Execution Vulnerability (CVE-2015-0059) MS Rating: Critical

A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles error checking related to TrueType fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Font Driver Denial of Service Vulnerability (CVE-2015-0060) MS Rating: Moderate

A denial of service vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when the Windows font mapper attempts to scale a font that has an incorrect width. An attacker who successfully exploited this vulnerability could cause the user's computer to stop responding.

MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)

Group Policy Remote Code Execution Vulnerability (CVE-2015-0008) MS Rating: Critical

A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller.

MS15-012 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3032328)

Excel Remote Code Execution Vulnerability (CVE-2015-0063) MS Rating: Important

A remote code execution vulnerability exists that is caused when Microsoft Excel improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

Office Remote Code Execution Vulnerability (CVE-2015-0064) MS Rating: Important

A remote code execution vulnerability exists that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code

OneTableDocumentStream Remote Code Execution Vulnerability (CVE-2015-0065) MS Rating: Important

MS15-013 Vulnerability in Microsoft Office Could Allow Security Bypass (3033857)

Microsoft Office Component Use After Free Vulnerability (CVE-2014-6362) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft Office when it fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass does not allow arbitrary code execution by itself. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.

MS15-014 Vulnerability in SMB Could Allow Security Feature Bypass (3004361)

SMB Security Feature Bypass Vulnerability (CVE-2015-0009) MS Rating: Moderate

A security feature bypass vulnerability exists in the Server Message Block (SMB) application of Group Policy that could allow an attacker to circumvent SMB signing and cause less-secure Group Policy settings to be applied to a targeted system.

MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)

Windows Create Process Elevation of Privilege Vulnerability (CVE-2015-0062) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system.

MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information (3029944)

TIFF Processing Information Disclosure Vulnerability (CVE-2015-0061) MS Rating: Important

An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted TIFF image format files. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an affected system.

MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)

Virtual Machine Manager Elevation of Privilege Vulnerability (CVE-2015-0012) MS Rating: Moderate

A vulnerability exists in the Virtual Machine Manager (VMM) when the VMM improperly validates user roles. The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with that credential to exploit the vulnerability.

Microsoft Patch Tuesday – January 2015
ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 8 vulnerabilities. One of this month's issues is rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-jan

The following is a breakdown of the issues being addressed this month:

MS15-001 Vulnerability in Windows AppCompatCache Could Allow Elevation of Privilege (3023266)

Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability (CVE-2015-0002) MS Rating: Important

An elevation of privilege vulnerability exists in how Microsoft Windows Application Compatibility Infrastructure (AppCompat) improperly checks the caller's impersonation token authorization to write to the AppCompat cache. An attacker could attempt to exploit this vulnerability by inserting an entry into the AppCompat cache that points to a privileged application they want to execute.

MS15-002 Vulnerability in Windows Telnet Service Could Cause Remote Code Execution (3020393)

Windows Telnet Service Buffer Overflow Vulnerability (CVE-2015-0014) MS Rating: Critical

A buffer overflow vulnerability that could allow a remote code execution exists in Windows Telnet service. The vulnerability is caused when telnet service improperly validates the memory location. An attacker who successfully exploited this vulnerability could run arbitrary code on a target server. An attacker could attempt to exploit this vulnerability by sending specially crafted telnet packets to a Windows server.

MS15-003 Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)

Microsoft User Profile Service Elevation of Privilege Vulnerability (CVE-2015-0004) MS Rating: Important

An elevation of privilege vulnerability exists in how the Windows User Profile Service (ProfSvc) validates user privilege. A local attacker who successfully exploited this vulnerability could run arbitrary code on a target system.

MS15-004 Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)

Directory Traversal Elevation of Privilege Vulnerability (CVE-2015-0016) MS Rating: Important

An elevation of privilege vulnerability exists in Windows Components. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

MS15-005 Vulnerability in NLA Could Allow Security Feature Bypass (3022777)

NLA Security Feature Bypass Vulnerability (CVE-2015-0006) MS Rating: Important

A security feature bypass vulnerability exists in the Network Location Awareness (NLA) service that could unintentionally relax the firewall policy and/or configuration of certain services. This could increase the surface exposed to an attacker. The vulnerability is caused when the NLA service fails to properly validate if a domain-connected machine is connected to the domain or to an untrusted network.

MS15-006 Vulnerability in WER Could Allow Security Feature Bypass (3004365)

Windows Error Reporting Security Feature Bypass Vulnerability (CVE-2015-0001) MS Rating: Important

A security feature bypass vulnerability exists in the context of the current user that is caused when Windows Error Reporting incorrectly handles access to process memory that could allow an attacker to create unencrypted memory dumps of the LSASS process. An attacker who successfully exploited this vulnerability could read the memory of a running process that would normally be unavailable. An attacker could use an executable to dump memory from a running process.

MS15-007 Vulnerability in Network Policy Server RADIUS Could Cause Denial of Service (3014029)

Network Policy Server RADIUS Implementation Denial of Service Vulnerability (CVE-2015-0015) MS Rating: Important

A denial of service vulnerability exists in Network Policy Server RADIUS. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted user name strings to an Internet Authentication Service (IAS) or Network Policy Server (NPS), causing a denial of service condition for RADIUS authentication on the IAS or NPS. The denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS. An attacker who successfully exploited the vulnerability could cause the target system to stop responding.

MS15-008 Vulnerabilities in Windows Kernel Mode Drivers Could Allow Elevation of Privilege (3019215)

WebDAV Elevation of Privilege Vulnerability (CVE-2015-0011) MS Rating: Important

An elevation of privilege vulnerability exists in the WebDAV kernel-mode driver (mrxdav.sys) when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation level security and gain elevated privileges on a targeted system, which could allow them to intercept WebDAV requests for files from any server (including corporate SharePoint sites) and redirect those file requests to return any, potentially malicious, files of the attacker's choosing.