Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins covering a total of 53 vulnerabilities. Twenty-nine of this month's issues are rated Critical.
-
MS15-112 Cumulative Security Update for Internet Explorer (3104517)
Internet Explorer Memory Corruption Vulnerability (CVE-2015-2427) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6064) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6065) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6066) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6068) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6069) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6070) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6071) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6072) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6073) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6074) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6076) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6077) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6078) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6079) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6080) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6081) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6082) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6084) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6085) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6086) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2015-6087) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser ASLR Bypass Vulnerability (CVE-2015-6088) MS Rating: Important
A security feature bypass exists when Microsoft Edge fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited the vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities.
VBScript and JScript Engine Memory Corruption Vulnerability (CVE-2015-6089) MS Rating: Critical
Remote code execution vulnerability exists in the way that the VBScript and JScript engines, when rendered in Internet Explorer, handle objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.
-
MS15-113 Cumulative Security Update for Microsoft Edge (3104519)
Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6064) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6073) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Memory Corruption Vulnerability (CVE-2015-6078) MS Rating: Critical
A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser ASLR Bypass Vulnerability (CVE-2015-6088) MS Rating: Important
A security feature bypass exists when Microsoft Edge fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited the vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities.
-
MS15-114 Security Update for Windows Journal to Address Remote Code Execution (3100213)
Windows Journal Heap Overflow Vulnerability (CVE-2015-6097) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.
-
MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6100) MS Rating: Important
An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Windows Kernel Memory Elevation of Privilege Vulnerability (CVE-2015-6101) MS Rating: Important
An elevation of privilege vulnerability exist in the way the Windows kernel handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Windows Kernel Memory Information Disclosure Vulnerability (CVE-2015-6102) MS Rating: Important
An information disclosure vulnerability exists when Windows fails to properly initialize memory addresses, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the Kernel driver from a compromised process.
Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6103) MS Rating: Critical
A remote code execution vulnerability exists when the Adobe Type Manager Library in Windows improperly handles specially crafted OpenType fonts.
Windows Graphics Memory Remote Code Execution Vulnerability (CVE-2015-6104) MS Rating: Critical
A remote code execution vulnerability exists when the Adobe Type Manager Library in Windows improperly handles specially crafted OpenType fonts.
Windows Kernel Memory Information Disclosure Vulnerability (CVE-2015-6109) MS Rating: Important
An information disclosure vulnerability exists when Windows fails to properly initialize memory addresses, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.
Windows Kernel Security Feature Bypass Vulnerability (CVE-2015-6113) MS Rating: Important
A security feature bypass vulnerability exists when the Windows kernel fails to properly validate permissions, allowing an attacker to inappropriately interact with the filesystem from low integrity level user-mode applications.
-
MS15-116 Microsoft Security Bulletin MS15-116 – Security Updates for Microsoft Office to Address Remote Code Execution - Important (3104540)
Microsoft Office Elevation of Privilege Vulnerability (CVE-2015-2503) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Office software when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploited the vulnerability could gain elevated privileges and break out of the Internet Explorer sandbox.
Microsoft Office Memory Corruption Vulnerability (CVE-2015-6038) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
Microsoft Office Memory Corruption Vulnerability (CVE-2015-6091) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
Microsoft Office Memory Corruption Vulnerability (CVE-2015-6092) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
Microsoft Office Memory Corruption Vulnerability (CVE-2015-6093) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
Microsoft Office Memory Corruption Vulnerability (CVE-2015-6094) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2015-6123) MS Rating: Important
A spoofing vulnerability exists that could lead to information disclosure when Microsoft Outlook for Mac does not sanitize HTML or treat it in a safe manner. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a malicious website.
-
MS15-117 Security Update for NDIS to Address Elevation of Privilege (3101722)
Windows NDIS Elevation of Privilege Vulnerability (CVE-2015-6098) MS Rating: Important
An elevation of privilege vulnerability exists when NDIS fails to check the length of a buffer prior to copying memory into it. An attacker who successfully exploited this vulnerability could gain elevated privileges on a targeted system.
-
MS15-118 Security Updates in .NET Framework to Address Elevation of Privilege (3104507)
Microsoft .NET Information Disclosure Vulnerability (CVE-2015-6096) MS Rating: Important
An information disclosure vulnerability exists in the .NET Framework DTD parsing of certain specially crafted XML files. An attacker who successfully exploited this vulnerability could gain read access to local files on the target system.
Microsoft .NET Elevation of Privilege Vulnerability (CVE-2015-6099) MS Rating: Important
A cross-site scripting (XSS) vulnerability exists in the way that .NET Framework validates the value of a HTTP request. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser.
Microsoft .NET ASLR Bypass Vulnerability (CVE-2015-6115) MS Rating: Important
A security feature bypass exists in a .NET Framework component that does not properly implement the Address Space Layout Randomization (ASLR) security feature.
-
MS15-119 Security Update in Winsock to Address Elevation of Privilege (3104521)
Winsock Elevation of Privilege Vulnerability (CVE-2015-2478) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Windows when Winsock makes a call to a memory address without verifying that the address is valid. An attacker who successfully exploited this vulnerability could execute code with higher permissions than are allowed by their privilege level.
-
MS15-120 Security Update for IPSec to Address Denial of Service (3102939)
Windows IPSec Denial of Service Vulnerability (CVE-2015-6111) MS Rating: Important
A denial of service vulnerability exists in Windows when the Internet Protocol Security (IPSec) service improperly handles encryption negotiation. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive.
-
MS15-121 Security Update for Schannel to Address Spoofing (3081320)
Windows Schannel TLS Triple Handshake Vulnerability (CVE-2015-6112) MS Rating: Important
A spoofing vulnerability exists in Microsoft Windows that is caused by a weakness in all supported versions of the TLS protocol. An attacker who successfully exploited this vulnerability could impersonate a victim on any other server that uses the same credentials as those used between the client and server where the attack is initiated.
-
MS15-122 Security Update for Kerberos to Address Security Feature Bypass (3105256)
Windows Kerberos Security Feature Bypass Vulnerability (CVE-2015-6095) MS Rating: Important
A security feature bypass exists in Windows when Kerberos fails to checks the password change of a user signing into a workstation. An attacker who successfully exploited the bypass could use it to unlock a workstation and decrypt drives protected by BitLocker.
-
MS15-123 Security Update for Skype for Business and Lync to Address Information Disclosure (3105872)
Server Input Validation Security Feature Bypass Vulnerability (CVE-2015-6061) MS Rating: Important
A security feature bypass vulnerability exists when Skype for Business and Lync Servers improperly sanitize specially crafted content. An attacker who successfully exploited the vulnerability could execute HTML and JavaScript content in the Skype for Business or Lync context.
More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.