August 2015 – Microsoft Releases 14 Security Advisories

  Advisory Date: AUG 11, 2015

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its batch of patches for August 2015:

  • (MS15-079) Cumulative Security Update for Internet Explorer (3082442)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-080) Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.


  • (MS15-081) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


  • (MS15-082) Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file.


  • (MS15-083) Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.


  • (MS15-084) Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0.


  • (MS15-085) Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system.


  • (MS15-086) Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.


  • (MS15-087) Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter.


  • (MS15-088) Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
    Risk Rating: Important

    This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process.


  • (MS15-089) Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.


  • (MS15-090) Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.


  • (MS15-091) Cumulative Security Update for Microsoft Edge (3084525)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.


  • (MS15-092) Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application.


  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS15-079 CVE-2015-2443 1006929 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443) 11-Aug-15 YES
MS15-079 CVE-2015-2446 1006931 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446) 11-Aug-15 YES
MS15-079 CVE-2015-2448 1006932 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448) 11-Aug-15 YES
MS15-079 CVE-2015-2450 1006933 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450) 11-Aug-15 YES
MS15-079 CVE-2015-2444 1006930 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444) 11-Aug-15 YES
MS15-079 CVE-2015-2442 1006928 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442) 11-Aug-15 YES
MS15-079 CVE-2015-2452 1006935 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452) 11-Aug-15 YES
MS15-079 CVE-2015-2451 1006934 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451) 11-Aug-15 YES
MS15-080 CVE-2015-2431 1006936 Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431) 11-Aug-15 YES
MS15-080 CVE-2015-2463 1006951 Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463) 11-Aug-15 YES
MS15-080 CVE-2015-2461 1006949 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461) 11-Aug-15 YES
MS15-080 CVE-2015-2462 1006950 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462) 11-Aug-15 YES
MS15-080 CVE-2015-2464 1006952 Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464) 11-Aug-15 YES
MS15-080 CVE-2015-2456 1006945 Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456) 11-Aug-15 YES
MS15-080 CVE-2015-2459 1006947 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459) 11-Aug-15 YES
MS15-080 CVE-2015-2458 1006946 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458) 11-Aug-15 YES
MS15-080 CVE-2015-2460 1006948 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460) 11-Aug-15 YES
MS15-080 CVE-2015-2432 1006944 Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432) 11-Aug-15 YES
MS15-080 CVE-2015-2435 1006955 Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435) 11-Aug-15 YES
MS15-080 CVE-2015-2455 1006956 Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455) 11-Aug-15 YES
MS15-081 CVE-2015-2467 1006937 Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467) 11-Aug-15 YES
MS15-081 CVE-2015-1642 1006624 Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642) 11-Aug-15 YES
MS15-081 CVE-2015-2477 1006941 Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477) 11-Aug-15 YES
MS15-081 CVE-2015-2470 1006940 Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470) 11-Aug-15 YES
MS15-081 CVE-2015-2469 1006939 Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469) 11-Aug-15 YES
MS15-081 CVE-2015-2468 1006938 Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468) 11-Aug-15 YES
MS15-091 CVE-2015-2442 1006928 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442) 11-Aug-15 YES
MS15-091 CVE-2015-2446 1006931 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446) 11-Aug-15 YES

  SOLUTION

Featured Stories