Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-632 on Wednesday, September 9th. Ease of Use (published exploits) to Risk Table
|
Automated Exploit
|
|||||||
|
Easy
|
|||||||
|
Moderate
|
|||||||
|
Difficult
|
|||||||
|
Extremely Difficult
|
|||||||
|
No Known Exploit
|
MS15-103 | MS15-096 | MS15-094 MS15-095 MS15-098 MS15-100 MS15-101 | MS15-105 | MS15-099 MS15-104 | MS15-097 MS15-102 | |
|
Exposure
|
Local Availability
|
Local Access
|
Remote Availability
|
Remote Access
|
Local Privileged
|
Remote Privileged
|
| Multiple Memory Corruption Vulnerabilities in Internet Explorer | MULTIPLE | |
| Scripting Engine Memory Corruption Vulnerability | CVE-2015-2493 | |
| Elevation of Privilege Vulnerability | CVE-2015-2489 | |
| Information Disclosure Vulnerability | CVE-2015-2483 | |
| Multiple Memory Corruption Vulnerabilities | MULTIPLE | |
| Active Directory Denial of Service Vulnerability | CVE-2015-2535 | |
| OpenType Font Parsing Vulnerability | CVE-2015-2506 | |
| Multiple Font Driver Elevation of Privilege Vulnerabilities | MULTIPLE | |
| Graphics Component Buffer Overflow Vulnerability | CVE-2015-2510 | |
| Multiple Win32k Memory Corruption Elevation of Privilege Vulnerabilities | MULTIPLE | |
| Win32k Elevation of Privilege Vulnerability | CVE-2015-2527 | |
| Kernel ASLR Bypass Vulnerability | CVE-2015-2529 | |
| Windows Journal DoS Vulnerability | CVE-2015-2516 | |
| Multiple Microsoft Office Memory Corruption Vulnerabilities | MULTIPLE | |
| Microsoft SharePoint XSS Spoofing Vulnerability | CVE-2015-2522 | |
| Microsoft Office Malformed EPS File Vulnerability | CVE-2015-2545 | |
| Windows Media Center RCE Vulnerability | CVE-2015-2509 | |
| .NET Elevation of Privilege Vulnerability | CVE-2015-2504 | |
| MVC Denial of Service Vulnerability | CVE-2015-2526 | |
| Windows Task Management Elevation of Privilege Vulnerability | CVE-2015-2524 | |
| Windows Task File Deletion Elevation of Privilege Vulnerability | CVE-2015-2525 | |
| Windows Task Management Elevation of Privilege Vulnerability | CVE-2015-2528 | |
| Exchange Information Disclosure Vulnerability | CVE-2015-2505 | |
| Multiple Exchange Spoofing Vulnerabilities | MULTIPLE | |
| Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability | CVE-2015-2531 | |
| Lync Server XSS Information Disclosure Vulnerability | CVE-2015-2532 | |
| Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability | CVE-2015-2536 | |
| Hyper-V Security Feature Bypass Vulnerability | CVE-2015-2534 |
MS15-094
Up first this month, we have an Internet Explorer update that resolves a number of vulnerabilities including one publicly disclosed vulnerability. The most interesting element of this update would be CVE-2015-2493, a vulnerability in the VBScript and JScript engines. Normally, a vulnerability in these components in the IE update would mean a second Windows update to resolve the standalone VBScript and JScript implementations. The lack of this update means one of two things: that the vulnerability exists in the code that integrates VBScript and JScript into Internet Explorer or that a bulletin resolving this issue in VBScript and JScript was withheld and may be coming at a later date.
MS15-095
Up next, we have an update for Microsoft Edge, which includes a number of CVEs from the Internet Explorer bulletin. This overlap includes CVE-2015-2542, the vulnerability that has been publicly disclosed.
MS15-096
This bulletin describes a denial of service in Active Directory that could allow an authenticated user to create multiple machine accounts. Upon creating multiple machine accounts, the AD service could become non-responsive.
MS15-097
Lately, no month is complete without an update to various system drivers, including font drivers. This month is no exception, with OpenType fonts, the Windows kernel-mode driver, and the Windows kernel affected. This bulletin provides a great opportunity to remind Windows 10 users that your updates are all or nothing, you can’t pick and choose as Microsoft provides one massive cumulative update for all Windows 10 security issues.
MS15-098
Every so often the Windows Journal makes an appearance, just as it does in MS15-098. At this point, the majority of users could simply remove the journal file associations as it’s a seldom-used application and reducing the system attack surface is always beneficial.
MS15-099
The final double-digit bulletin of the year belongs to Microsoft Office resolving issues with Office, Excel, and SharePoint Foundation 2013.
MS15-100
Much like MS15-098, MS15-100 is code execution in a file type that most users seldom use. The Media Center link file (.mcl) is the culprit this time and if you’re not making use of Media Center, you could remove this file type association as well.
MS15-101
Next, we have a pair of vulnerabilities in .NET. The denial of service applies to web servers with ASP.NET applications but the elevation of privilege could be exploited using a malicious web-based application or a desktop application.
MS15-102
Three vulnerabilities in Windows Task management are next on the list. One of these vulnerabilities exists within the Task Scheduler, while the other two have to do with Windows impersonation levels. All three vulnerabilities require that the attacker have access to the system in order to elevate their privileges.
MS15-103
Microsoft Exchange, specifically the OWA interface, fails to properly handle data leading to three vulnerabilities. The first is a failure to properly handle web requests, which can lead to stacktrace disclosure, while the other two are related to the sanitization of email, which could allow spoofing.
MS15-104
The penultimate update this month resolves a trio of XSS vulnerabilities that affect Microsoft Lync Server and Skype for Business Server. All three attacks require that the user click on a malicious URL.
MS15-105
The final bulletin this month resolves a bypass that exists within the Hyper-V ACLs that could allow an attacker to bypass network traffic restrictions.
Additional Details
Adobe has released APSB15-022 to address multiple vulnerabilities in Adobe Shockwave Player. As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems. Ease of Use (published exploits) to Risk Table
|
Automated Exploit
|
|||||||
|
Easy
|
|||||||
|
Moderate
|
|||||||
|
Difficult
|
|||||||
|
Extremely Difficult
|
|||||||
|
No Known Exploit
|
MS15-103 | MS15-096 | MS15-094 MS15-095 MS15-098 MS15-100 MS15-101 | MS15-105 | MS15-099 MS15-104 | MS15-097 MS15-102 | |
|
Exposure
|
Local Availability
|
Local Access
|
Remote Availability
|
Remote Access
|
Local Privileged
|
Remote Privileged
|
