Date du conseil: 13 octobre 2015

  Description

Microsoft addresses the following vulnerabilities in its batch of patches for Octover 2015:

  • (MS15-106) Cumulative Security Update for Internet Explorer (3096441)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS15-107) Cumulative Security Update for Microsoft Edge (3089665)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge.


  • (MS15-108) Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
    Risk Rating: Critical

    This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer.


  • (MS15-109)Security Update for Windows Shell to Address Remote Code Execution (3096443)
    Risk Rating: Critical

    This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.


  • (MS15-110) Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.


  • (MS15-111) Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
    Risk Rating: Important

    This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.


  Information Exposure Rating:

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS15-106, MS15-108 CVE-2015-6055 1007103 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055) 13-Oct-15 YES
MS15-106 CVE-2015-6050 10071015 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050) 13-Oct-15 YES
MS15-110 CVE-2015-2557 1007111 Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557) 13-Oct-15 YES
MS15-109 CVE-2015-2515 1007104 Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515) 13-Oct-15 YES
MS15-110 CVE-2015-2558 1007112 Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558) 13-Oct-15 YES
MS15-106 CVE-2015-6042 1007097 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042) 13-Oct-15 YES
MS15-109 CVE-2015-2548 1007105 Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548) 13-Oct-15 YES
MS15-105, MS15-108 CVE-2015-6059 1007108 Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059) 13-Oct-15 YES
MS15-106, MS15-108 CVE-2015-6052 1007107 Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052) 13-Oct-15 YES
MS15-106 CVE-2015-6046 1007106 Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046) 13-Oct-15 YES
MS15-106 CVE-2015-6048 1007099 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048) 13-Oct-15 YES
MS15-106 CVE-2015-6053 1007102 Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053) 13-Oct-15 YES
MS15-106, MS15-108 CVE-2015-2482 1007096 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482) 13-Oct-15 YES
MS15-106 CVE-2015-6049 1007100 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049) 13-Oct-15 YES

  Solutions