Advisory Date: 09 June 2015

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its batch of patches for June 2015:

  • (MS15-056) Cumulative Security Update for Internet Explorer (3058515)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-057) Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
    Risk Rating: Critical

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website.


  • (MS15-059) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


  • (MS15-060) Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.


  • (MS15-061) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


  • (MS15-062) Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content.


  • (MS15-063) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share.


  • (MS15-064) Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS15-056 CVE-2015-1687 1006745 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1687) 09-June-15 YES
MS15-056 CVE-2015-1730 1006747 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1730) 09-June-15 YES
MS15-056 CVE-2015-1731 1006748 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1731) 09-June-15 YES
MS15-056 CVE-2015-1732 1006749 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1732) 09-June-15 YES
MS15-056 CVE-2015-1735 1006751 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1735) 09-June-15 YES
MS15-056 CVE-2015-1736 1006752 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1736) 09-June-15 YES
MS15-056 CVE-2015-1737 1006753 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1737) 09-June-15 YES
MS15-056 CVE-2015-1740 1006755 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1740) 09-June-15 YES
MS15-056 CVE-2015-1741 1006756 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1741) 09-June-15 YES
MS15-056 CVE-2015-1742 1006757 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1742) 09-June-15 YES
MS15-056 CVE-2015-1744 1006758 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1744) 09-June-15 YES
MS15-056 CVE-2015-1745 1006759 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1745) 09-June-15 YES
MS15-056 CVE-2015-1747 1006760 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1747) 09-June-15 YES
MS15-056 CVE-2015-1748 1006761 Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2015-1748) 09-June-15 YES
MS15-056 CVE-2015-1750 1006762 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1750) 09-June-15 YES
MS15-056 CVE-2015-1751 1006763 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1751) 09-June-15 YES
MS15-056 CVE-2015-1752 1006764 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1752) 09-June-15 YES
MS15-056 CVE-2015-1753 1006765 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1753) 09-June-15 YES
MS15-056 CVE-2015-1755 1006766 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1755) 09-June-15 YES
MS15-056 CVE-2015-1766 1006767 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1766)) 09-June-15 YES
MS15-059 CVE-2015-1759 1006769 Microsoft Office Use After Free Vulnerability (CVE-2015-1759) 09-June-15 YES
MS15-059 CVE-2015-1760 1006770 Microsoft Office Use After Free Vulnerability (CVE-2015-1760) 09-June-15 YES
MS15-059 CVE-2015-1770 1006771 Microsoft Office Uninitialized Memory Use Vulnerability (CVE-2015-1770) 09-June-15 YES
MS15-062 CVE-2015-1757 1000552 Generic Cross Site Scripting(XSS) Prevention 09-June-15 NO

  SOLUTION