August 2015 – Microsoft Releases 14 Security Advisories
Advisory Date: AUG 11, 2015
DESCRIPTION
Microsoft addresses the following vulnerabilities in its batch of patches for August 2015:
- (MS15-079) Cumulative Security Update for Internet Explorer (3082442)
Risk Rating: Critical
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. - (MS15-080) Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. - (MS15-081) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. - (MS15-082) Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. - (MS15-083) Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging. - (MS15-084) Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. - (MS15-085) Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. - (MS15-086) Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. - (MS15-087) Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. - (MS15-088) Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
Risk Rating: Important
This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. - (MS15-089) Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. - (MS15-090) Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox. - (MS15-091) Cumulative Security Update for Microsoft Edge (3084525)
Risk Rating: Critical
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. - (MS15-092) Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
Risk Rating: Important
This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| MS15-079 | CVE-2015-2443 | 1006929 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2446 | 1006931 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2448 | 1006932 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2450 | 1006933 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2444 | 1006930 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2442 | 1006928 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2452 | 1006935 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452) | 11-Aug-15 | YES |
| MS15-079 | CVE-2015-2451 | 1006934 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2431 | 1006936 | Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2463 | 1006951 | Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2461 | 1006949 | Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2462 | 1006950 | Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2464 | 1006952 | Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2456 | 1006945 | Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2459 | 1006947 | Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2458 | 1006946 | Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2460 | 1006948 | Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2432 | 1006944 | Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2435 | 1006955 | Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435) | 11-Aug-15 | YES |
| MS15-080 | CVE-2015-2455 | 1006956 | Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455) | 11-Aug-15 | YES |
| MS15-081 | CVE-2015-2467 | 1006937 | Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467) | 11-Aug-15 | YES |
| MS15-081 | CVE-2015-1642 | 1006624 | Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642) | 11-Aug-15 | YES |
| MS15-081 | CVE-2015-2477 | 1006941 | Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477) | 11-Aug-15 | YES |
| MS15-081 | CVE-2015-2470 | 1006940 | Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470) | 11-Aug-15 | YES |
| MS15-081 | CVE-2015-2469 | 1006939 | Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469) | 11-Aug-15 | YES |
| MS15-081 | CVE-2015-2468 | 1006938 | Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468) | 11-Aug-15 | YES |
| MS15-091 | CVE-2015-2442 | 1006928 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442) | 11-Aug-15 | YES |
| MS15-091 | CVE-2015-2446 | 1006931 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446) | 11-Aug-15 | YES |