Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its November batch of patches:

  • (MS15-112) Cumulative Security Update for Internet Explorer (3104517)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS15-113) Cumulative Security Update for Microsoft Edge (3104519)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS15-114) Security Update for Windows Journal to Address Remote Code Execution (3100213)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.


  • (MS15-115) Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.


  • (MS15-116) Security Update for Microsoft Office to Address Remote Code Execution (3104540)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.


  • (MS15-117) Security Update for NDIS to Address Elevation of Privilege (3101722)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.


  • (MS15-118) Security Update for .NET Framework to Address Elevation of Privilege (3104507)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.


  • (MS15-119) Security Update for Winsock to Address Elevation of Privilege (3104521)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.


  • (MS15-120) Security Update for IPSec to Address Denial of Service (3102939)
    Risk Rating: Important

    This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.


  • (MS15-121) Security Update for Schannel to Address Spoofing (3081320)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.


  • (MS15-122) Security Update for Kerberos to Address Security Feature Bypass (3105256)
    Risk Rating: Important

    This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.


  • (MS15-123) Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
    Risk Rating: Important

    This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.


Adobe Flash Player Vulnerability (CVE-2015-7645)
 Severity:    
 Advisory Date:  14 Oct 2015

This is a zero-day vulnerability in Adobe Flash Player is reportedly used by the Pawn Storm targeted attack campaign. The said vulnerability exists in Adobe Flash Player versions 19.0.0.207 and earlier for Windows and Mac operating systems.

Trend Micro researcher Peter Pi discovered and reported the details of the vulnerability to Adobe. The said company credited Pi for his research contribution.

IOHIDFamily in Apple iOS Vulnerability (CVE-2015-5867)
 Severity:    
 Advisory Date:  13 Oct 2015

This vulnerability exists in Apple iOS before 9 that can allow attackers to execute arbitrary code or cause denial of service (DoS) via a crafted application, thus compromising the security of the device.

Trend Micro researcher Moony Li disclosed details about this vulnerability to Apple. The said company acknowledged Li’s research contribution.

Microsoft addresses the following vulnerabilities in its batch of patches for Octover 2015:

  • (MS15-106) Cumulative Security Update for Internet Explorer (3096441)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-107) Cumulative Security Update for Microsoft Edge (3089665)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge.


  • (MS15-108) Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer.


  • (MS15-109)Security Update for Windows Shell to Address Remote Code Execution (3096443)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.


  • (MS15-110) Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


  • (MS15-111) Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


Android <5.0 Privilege Escalation using ObjectInputStream (CVE-2014-7911)
 Severity:    
 Advisory Date:  08 Oct 2015

This is one of the vulnerabilities used by the exploit kit, GiefRoot, which Retro Tetris, a malicious Android app downloads onto the device. The said malicious gaming app is published on Google Play that has the capability of rooting devices.

An attacker may cause an instance of any class with a non-private parameterless constructor to be created when the ObjectInputStream is used on untrusted inputs. In addition, an attacker may execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service.

Memory Corruption in QSEECOM Driver (CVE-2014-4322)
 Severity:    
 Advisory Date:  02 Oct 2015
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
Microsoft Internet Explorer is prone to a double free memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial of service condition.
Adobe Flash Player Integer Overflow Vulnerability (CVE-2015-5560)
 Severity:    
 Advisory Date:  21 Sep 2015
Adobe Flash Player is prone to an unspecified integer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

Trend Micro researchers Aaron Luo, Kenney Lu, and Ziv Chang discovered this zero-day exploit, which also emerged from the Hacking Team leak.

Microsoft addresses the following vulnerabilities in its batch of patches for September 2015:

  • (MS15-094) Cumulative Security Update for Internet Explorer (3089548)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-095) Cumulative Security Update for Microsoft Edge (3089665)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.


  • (MS15-096) Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
    Risk Rating: Important

    This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts.


  • (MS15-097) Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.


  • (MS15-098) Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file.


  • (MS15-099) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


  • (MS15-100) Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.


  • (MS15-101) Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application.


  • (MS15-102) Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.


  • (MS15-103) Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.


  • (MS15-104) Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
    Risk Rating: Important

    This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.


  • (MS15-105) Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to incorrectly apply access control list (ACL) configuration settings. Customers who have not enabled the Hyper-V role are not affected.