September 2015

Microsoft Security Bulletin Summary SEPTEMBER 2015

Twitter @acelium | www.acelium.com/library/msftdeck 12 Updates Released September 8, 2015

12 updates released, addressing 56 total CVEs.

Severity Ratings: 5 Critical 7 Important

Twitter @acelium | www.acelium.com/library/msftdeck CRITICAL

Twitter @acelium | www.acelium.com/library/msftdeck MS15-094 Cumulative Security Update for Internet Explorer (3089548) - Critical

Vulnerability Impact: Restart Requirement: • Remote Code Execution • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows, Internet Explorer • Workstations, servers

Summary/Details: • This update resolves seventeen vulnerabilities in Microsoft Windows - CVE-2015-2483, CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-2491, CVE- 2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015- 2501, CVE-2015-2541, CVE-2015-2542 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.” • An attacker would be limited to the rights of the current user; admin users at highest risk. Update replaces: • MS15-093

Twitter @acelium | www.acelium.com/library/msftdeck MS15-095 Cumulative Security Update for Microsoft Edge (3089665) - Critical

Vulnerability Impact: Restart Requirement: • Remote Code Execution • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows, Microsoft Edge • Workstations, servers

Summary/Details: • This update resolves four vulnerabilities in Microsoft Windows - CVE-2015-2485, CVE-2015-2486, CVE-2015- 2494, CVE-2015-2542 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.” • An attacker would be limited to the rights of the current user; admin users at highest risk.

Update replaces: • 3081444

Twitter @acelium | www.acelium.com/library/msftdeck MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) - Critical Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Windows, Microsoft Office, Microsoft • Workstations, servers Lync Summary/Details: • This update resolves eleven vulnerabilities in Microsoft Windows - CVE-2015-2506, CVE-2015-2507, CVE-2015- 2508, CVE-2015-2512, CVE-2015-2510, CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2527, CVE-2015- 2529, CVE-2015-2546 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.”

Update replaces: • MS14-036, MS15-078, MS15-080, 3081444

Twitter @acelium | www.acelium.com/library/msftdeck MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) - Critical

Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Office • Workstations, servers

Summary/Details: • This update resolves five vulnerabilities in Microsoft Office - CVE-2015-2513, CVE-2015-2514, CVE-2015- 2519, CVE-2015-2530, CVE-2015-2516 • From Microsoft: “The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file.” • An attacker would be limited to the rights of the current user; admin users at highest risk.

Update replaces: • MS15-045, 3081444

Twitter @acelium | www.acelium.com/library/msftdeck MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) - Critical

Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Office, Microsoft SharePoint • Workstations, servers Foundation Summary/Details: • This update resolves five vulnerabilities in Microsoft Office - CVE-2015-2520, CVE-2015-2521, CVE-2015- 2523, CVE-2015-2545, CVE-2015-2522 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.” • An attacker would be limited to the rights of the current user; admin users at highest risk.

Update replaces: • MS15-022, MS15-047, MS15-059, MS15-070, MS15-081

Twitter @acelium | www.acelium.com/library/msftdeck IMPORTANT

Twitter @acelium | www.acelium.com/library/msftdeck MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) - Important

Vulnerability Impact: Restart Requirement: • Denial of Service • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows • Servers

Summary/Details: • This update resolves one vulnerability in Microsoft Windows - CVE-2015-2535 • From Microsoft: “The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.”

Update replaces: • MS14-016

Twitter @acelium | www.acelium.com/library/msftdeck MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918) - Important Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Windows • Workstations

Summary/Details: • This update resolves one vulnerability in Microsoft Windows - CVE-2015-2509 • From Microsoft: “The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.” • An attacker would be limited to the rights of the current user; admin users at highest risk.

Update replaces: • None

Twitter @acelium | www.acelium.com/library/msftdeck MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) - Important

Vulnerability Impact: Restart Requirement: • Elevation of Privilege • Does not require restart Affected Software: Primarily at Risk: • Microsoft Windows, Microsoft .NET Framework • Workstations, servers

Summary/Details: • This update resolves two vulnerabilities in Microsoft Windows - CVE-2015-2504, CVE-2015-22526 • From Microsoft: “This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.”

Update replaces: • MS12-025, 3081444

Twitter @acelium | www.acelium.com/library/msftdeck MS15-102 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) - Important Vulnerability Impact: Restart Requirement: • Elevation of Privilege • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows • Workstations, servers

Summary/Details: • This update resolves three vulnerabilities in Microsoft Windows - CVE-2015-2524, CVE-2015-2525, CVE- 2015-2528 • From Microsoft: “The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.”

Update replaces: • MS14-054, 3081444

Twitter @acelium | www.acelium.com/library/msftdeck MS15-103 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250) - Important Vulnerability Impact: Restart Requirement: • Information Disclosure • May require restart Affected Software: Primarily at Risk: • Microsoft Exchange Server • Servers

Summary/Details: • This update resolves three vulnerabilities in Microsoft Server Software - CVE-2015-2505, CVE-2015-2543, CVE-2015-2544 • From Microsoft: “The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.”

Update replaces: • MS15-064

Twitter @acelium | www.acelium.com/library/msftdeck MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952) - Important Vulnerability Impact: Restart Requirement: • Elevation of Privilege • Does not require restart Affected Software: Primarily at Risk: • Skype for Business Server, Microsoft Lync Server • Servers

Summary/Details: • This update resolves three vulnerabilities in Microsoft Windows - CVE-2015-2531, CVE-2015-2532, CVE- 2015-2536 • From Microsoft: “The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.”

Update replaces: • MS14-055

Twitter @acelium | www.acelium.com/library/msftdeck MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287) - Important

Vulnerability Impact: Restart Requirement: • Security Feature Bypass • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows • Workstations, servers

Summary/Details: • This update resolves one vulnerability in Microsoft Windows - CVE-2015-2534 • From Microsoft: “The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to incorrectly apply access control list (ACL) configuration settings. Customers who have not enabled the Hyper-V role are not affected.”

Update replaces: • 3081444

Twitter @acelium | www.acelium.com/library/msftdeck Sources / Detailed Information

All Bulletins: https://technet.microsoft.com/library/security/ms15-sep

MS15-094: https://technet.microsoft.com/library/security/MS15-094

MS15-095: https://technet.microsoft.com/library/security/MS15-095

MS15-097: https://technet.microsoft.com/library/security/MS15-097

MS15-098: https://technet.microsoft.com/library/security/MS15-098

MS15-099: https://technet.microsoft.com/library/security/MS15-099

MS15-096: https://technet.microsoft.com/library/security/MS15-096

MS15-100: https://technet.microsoft.com/library/security/MS15-100

MS15-101: https://technet.microsoft.com/library/security/MS15-101

MS15-102: https://technet.microsoft.com/library/security/MS15-102

MS15-103: https://technet.microsoft.com/library/security/MS15-103

MS15-104: https://technet.microsoft.com/library/security/MS15-104

MS15-105: https://technet.microsoft.com/library/security/MS15-105

Twitter @acelium | www.acelium.com/library/msftdeck