Avatar

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 8 bulletins being released which address 45 CVE. Two of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer and Windows Media Player. The remaining six bulletins are marked as Important and address vulnerabilities in Microsoft Office, Windows Kernel, Active Directory, Microsoft Exchange Server, and Microsoft Common Controls.

Bulletins Rated Critical

MS15-056 and MS15-057 are rated Critical.

MS15-056 is this month’s Internet Explorer security bulletin with vulnerabilities in versions 6 through 11 being addressed. This month 24 CVE were addressed. The majority of those CVE were memory corruption vulnerabilities that could result in remote code execution. There were also several elevation of privilege and information disclosure vulnerabilities that were addressed this month.

MS15-057 addresses a vulnerability (CVE-2015-1728) in Windows Media Player. This vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website. Please review the specific bulletin for all OS/Application versions that are affected.

Bulletins Rated as Important

MS15-059, MS15-060, MS15-061, MS15-062, MS15-063, and MS15-064 are rated as Important.

MS15-059 addresses three CVE related to Microsoft Office. These vulnerabilities (CVE-2015-1759, CVE-2015-1760, and CVE-2015-1770) are memory corruption vulnerabilities that could result in remote code execution if a user opens a specially crafted Microsoft Office document.

MS15-060 addresses a vulnerability (CVE-2015-1756) associated with Microsoft Common Controls. This vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer. Please review the specific bulletin for all OS/Application versions that are affected.

MS15-061 addresses eleven vulnerabilities associated with Windows Kernel-Mode Drivers affecting multiple different Microsoft Windows versions. The majority are Use After Free vulnerabilities. Successful exploitation could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

MS15-062 addresses a vulnerability (CVE-2015-1757) associated with Microsoft Active Directory. This vulnerability could allow elevation of privilege via a specially crafted URL, which subsequently could lead to an attacker-supplied script being run in the security context of a user.

MS15-063 addresses a vulnerability (CVE-2015-1758) associated with Microsoft Windows Kernel. The vulnerability could allow elevation of privilege via a malicious .dll. Please review the specific bulletin for all OS/Application versions that are affected.

MS15-064 addresses three CVE related to Microsoft Exchange Server. These vulnerabilities (CVE-2015-1764, CVE-2015-1771, and CVE-2015-2359) could result in elevation of privileges. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site.

Coverage

In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Defense Center, FireSIGHT Management Center or Snort.org.

Snort SIDs: 18494,18495,31284-31286,32262,32263,34721-34740,34743-34791