Microsoft Security Bulletin Summary SEPTEMBER 2015 Twitter @acelium | www.acelium.com/library/msftdeck 12 Updates Released September 8, 2015 12 updates released, addressing 56 total CVEs. Severity Ratings: 5 Critical 7 Important Twitter @acelium | www.acelium.com/library/msftdeck CRITICAL Twitter @acelium | www.acelium.com/library/msftdeck MS15-094 Cumulative Security Update for Internet Explorer (3089548) - Critical Vulnerability Impact: Restart Requirement: • Remote Code Execution • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows, Internet Explorer • Workstations, servers Summary/Details: • This update resolves seventeen vulnerabilities in Microsoft Windows - CVE-2015-2483, CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-2491, CVE- 2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015- 2501, CVE-2015-2541, CVE-2015-2542 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.” • An attacker would be limited to the rights of the current user; admin users at highest risk. Update replaces: • MS15-093 Twitter @acelium | www.acelium.com/library/msftdeck MS15-095 Cumulative Security Update for Microsoft Edge (3089665) - Critical Vulnerability Impact: Restart Requirement: • Remote Code Execution • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows, Microsoft Edge • Workstations, servers Summary/Details: • This update resolves four vulnerabilities in Microsoft Windows - CVE-2015-2485, CVE-2015-2486, CVE-2015- 2494, CVE-2015-2542 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.” • An attacker would be limited to the rights of the current user; admin users at highest risk. Update replaces: • 3081444 Twitter @acelium | www.acelium.com/library/msftdeck MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) - Critical Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Windows, Microsoft Office, Microsoft • Workstations, servers Lync Summary/Details: • This update resolves eleven vulnerabilities in Microsoft Windows - CVE-2015-2506, CVE-2015-2507, CVE-2015- 2508, CVE-2015-2512, CVE-2015-2510, CVE-2015-2511, CVE-2015-2517, CVE-2015-2518, CVE-2015-2527, CVE-2015- 2529, CVE-2015-2546 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.” Update replaces: • MS14-036, MS15-078, MS15-080, 3081444 Twitter @acelium | www.acelium.com/library/msftdeck MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) - Critical Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Office • Workstations, servers Summary/Details: • This update resolves five vulnerabilities in Microsoft Office - CVE-2015-2513, CVE-2015-2514, CVE-2015- 2519, CVE-2015-2530, CVE-2015-2516 • From Microsoft: “The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file.” • An attacker would be limited to the rights of the current user; admin users at highest risk. Update replaces: • MS15-045, 3081444 Twitter @acelium | www.acelium.com/library/msftdeck MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) - Critical Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Office, Microsoft SharePoint • Workstations, servers Foundation Summary/Details: • This update resolves five vulnerabilities in Microsoft Office - CVE-2015-2520, CVE-2015-2521, CVE-2015- 2523, CVE-2015-2545, CVE-2015-2522 • From Microsoft: “The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.” • An attacker would be limited to the rights of the current user; admin users at highest risk. Update replaces: • MS15-022, MS15-047, MS15-059, MS15-070, MS15-081 Twitter @acelium | www.acelium.com/library/msftdeck IMPORTANT Twitter @acelium | www.acelium.com/library/msftdeck MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) - Important Vulnerability Impact: Restart Requirement: • Denial of Service • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows • Servers Summary/Details: • This update resolves one vulnerability in Microsoft Windows - CVE-2015-2535 • From Microsoft: “The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.” Update replaces: • MS14-016 Twitter @acelium | www.acelium.com/library/msftdeck MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918) - Important Vulnerability Impact: Restart Requirement: • Remote Code Execution • May require restart Affected Software: Primarily at Risk: • Microsoft Windows • Workstations Summary/Details: • This update resolves one vulnerability in Microsoft Windows - CVE-2015-2509 • From Microsoft: “The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.” • An attacker would be limited to the rights of the current user; admin users at highest risk. Update replaces: • None Twitter @acelium | www.acelium.com/library/msftdeck MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) - Important Vulnerability Impact: Restart Requirement: • Elevation of Privilege • Does not require restart Affected Software: Primarily at Risk: • Microsoft Windows, Microsoft .NET Framework • Workstations, servers Summary/Details: • This update resolves two vulnerabilities in Microsoft Windows - CVE-2015-2504, CVE-2015-22526 • From Microsoft: “This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.” Update replaces: • MS12-025, 3081444 Twitter @acelium | www.acelium.com/library/msftdeck MS15-102 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) - Important Vulnerability Impact: Restart Requirement: • Elevation of Privilege • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows • Workstations, servers Summary/Details: • This update resolves three vulnerabilities in Microsoft Windows - CVE-2015-2524, CVE-2015-2525, CVE- 2015-2528 • From Microsoft: “The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.” Update replaces: • MS14-054, 3081444 Twitter @acelium | www.acelium.com/library/msftdeck MS15-103 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250) - Important Vulnerability Impact: Restart Requirement: • Information Disclosure • May require restart Affected Software: Primarily at Risk: • Microsoft Exchange Server • Servers Summary/Details: • This update resolves three vulnerabilities in Microsoft Server Software - CVE-2015-2505, CVE-2015-2543, CVE-2015-2544 • From Microsoft: “The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.” Update replaces: • MS15-064 Twitter @acelium | www.acelium.com/library/msftdeck MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952) - Important Vulnerability Impact: Restart Requirement: • Elevation of Privilege • Does not require restart Affected Software: Primarily at Risk: • Skype for Business Server, Microsoft Lync Server • Servers Summary/Details: • This update resolves three vulnerabilities in Microsoft Windows - CVE-2015-2531, CVE-2015-2532, CVE- 2015-2536 • From Microsoft: “The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.” Update replaces: • MS14-055 Twitter @acelium | www.acelium.com/library/msftdeck MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287) - Important Vulnerability Impact: Restart Requirement: • Security Feature Bypass • Requires restart Affected Software: Primarily at Risk: • Microsoft Windows • Workstations, servers Summary/Details: • This update resolves one vulnerability in Microsoft Windows - CVE-2015-2534 • From Microsoft: “The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to incorrectly apply access control list (ACL) configuration