VERT Threat Alert: August 2015 Patch Tuesday Analysis

Image

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-628 on Wednesday, August 12th.

MS15-079

Up first this month, like most months, we have the Internet Explorer update. It’s worth noting that even though most Windows 10 users will be Familiar with Microsoft Edge, the operating system does still ship with Internet Explorer, so this bulletin includes updates for Windows 10.

MS15-080

This bulletin feels like a bit of a potluck, you show up and you never quite know what you’ll see on the menu. We have font driver vulnerabilities, security feature bypasses, elevation of privilege issues and all of these exist in assorted software packages. We have updates for Windows, .NET, Office, Lync, and Silverlight. This is important to note as you may require multiple updates to fully resolve these vulnerabilities on your system.

MS15-081

Up next, we have another omnibus update, this one covering Office products. The update includes Office, the individual components, the free viewers, SharePoint, and Office Web Apps Server.

MS15-082

RDP is patched again this month, seeing frequent updates over the past year. This time, the vulnerabilities differ from past issues. The first allows a man-in-the-middle attacker to generate an untrusted certificate that would be trusted due to improper certificate validation. The second involves placing a DLL on the system, an unexpected vulnerability since you generally expect network interaction when you see RDP vulnerabilities.

MS15-083

Another vulnerability that feels misleading when you read the title, MS15-083 is a remote code execution in Server Message Block (SMB). Upon further reading, you discover that the vulnerability requires authentication in order to be exploited. Specifically, the vulnerability is exploited by passing a malicious string to the server’s error logging.

MS15-084

This update disables SSL 2.0 in MSXML, one of two vulnerabilities this month related to client services that explicitly allow SSLv2 connections. In addition to resolving those issues, an ASLR bypass is also resolved in this bulletin.

MS15-085

Up next, we have an update that had been used to target organizations running Windows. It is a mount manager vulnerability that allows attackers to execute malicious code by plugging a USB Device into a target system.

MS15-086

The first System Center Operations Manager 2012 update resolves a cross-site scripting vulnerability in the Web Console.

MS15-087

A second XSS issue is resolved in MS15-087; this one fixes a vulnerability in the Universal Description, Discovery, and Integration (UDDI) Services on Windows Server 2008 and Microsoft BizTalk Server.

MS15-088

This is an interesting bulletin; those paying attention to the table at the beginning will note that the MS15-088 CVE is also patched in MS15-079 and MS15-081, that’s because the same issues affects Windows, Internet Explorer, and Microsoft Office. The issue, which requires an initial Internet Explorer vulnerability, allows attackers to execute Excel, Notepad, PowerPoint, Visio, or Word, which ultimately leads to an information disclosure.

MS15-089

The update fixes the second vulnerability that allows SSLv2 connections, this one in the WebDAV Client. This update restricts the WebDAV client to more secure connection methods.

MS15-090

This month’s generic “Windows” bulletin includes three elevation of privilege vulnerabilities affecting the Object Manager, Registry, and Filesystem.

MS15-091

It should be noted that MS15-091 is our first Microsoft Edge security bulletin, resolving 4 vulnerabilities – 3 Memory Corruption issues and an ASLR Bypass.

MS15-092

The final bulletin this month applies to .NET, including the recently released .NET Framework 4.6. This update resolves three vulnerabilities in the RyuJIT compiler.

Additional Details

Additionally, Adobe has released APSB15-19 for Adobe Flash Player.   As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.   Ease of Use (published exploits) to Risk Table: