October 2015 – Microsoft Releases 6 Security Advisories
Publish date: October 16, 2015
Advisory Date: OCT 13, 2015
DESCRIPTION
Microsoft addresses the following vulnerabilities in its batch of patches for Octover 2015:
- (MS15-106) Cumulative Security Update for Internet Explorer (3096441)
Risk Rating: Critical
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. - (MS15-107) Cumulative Security Update for Microsoft Edge (3089665)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. - (MS15-108) Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
Risk Rating: Critical
This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer. - (MS15-109)Security Update for Windows Shell to Address Remote Code Execution (3096443)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online. - (MS15-110) Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. - (MS15-111) Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
MS15-106, MS15-108 | CVE-2015-6055 | 1007103 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055) | 13-Oct-15 | YES |
MS15-106 | CVE-2015-6050 | 10071015 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050) | 13-Oct-15 | YES |
MS15-110 | CVE-2015-2557 | 1007111 | Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557) | 13-Oct-15 | YES |
MS15-109 | CVE-2015-2515 | 1007104 | Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515) | 13-Oct-15 | YES |
MS15-110 | CVE-2015-2558 | 1007112 | Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558) | 13-Oct-15 | YES |
MS15-106 | CVE-2015-6042 | 1007097 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042) | 13-Oct-15 | YES |
MS15-109 | CVE-2015-2548 | 1007105 | Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548) | 13-Oct-15 | YES |
MS15-105, MS15-108 | CVE-2015-6059 | 1007108 | Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059) | 13-Oct-15 | YES |
MS15-106, MS15-108 | CVE-2015-6052 | 1007107 | Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052) | 13-Oct-15 | YES |
MS15-106 | CVE-2015-6046 | 1007106 | Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046) | 13-Oct-15 | YES |
MS15-106 | CVE-2015-6048 | 1007099 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048) | 13-Oct-15 | YES |
MS15-106 | CVE-2015-6053 | 1007102 | Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053) | 13-Oct-15 | YES |
MS15-106, MS15-108 | CVE-2015-2482 | 1007096 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482) | 13-Oct-15 | YES |
MS15-106 | CVE-2015-6049 | 1007100 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049) | 13-Oct-15 | YES |
SOLUTION
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more