Microsoft released a set of updates for its products, August 2015
The company has released a set of updates for its Windows products, Internet Explorer, Edge, .NET Framework, Office, Lync, Silverlight. A total of 4 updates with the status of Critical and 10 Important were released, they cover more than 50 vulnerabilities. MS released the first critical update, MS15-091, for the Edge web browser, which closed 4 vulnerabilities in this web browser. 3 vulnerabilities are related to the Remote Code Execution type and can be used by attackers for remote code execution in a web browser, another CVE-2015-2449 vulnerability is of the ASLR bypass type and can be used by attackers to bypass ASLR.
Unlike Internet Explorer 11, Edge defaults to working with high security settings: tab processes run as 64-bit and work on the Integrity-level AppContainer. Within MS15-079, IE was also updated, in which 13 vulnerabilities were closed, most of which are of type RCE.
')
Update MS15-080 fixes multiple vulnerabilities in Windows graphics components that are used by various products and components, including Office, .NET Framework, Lync, and Silverlight. Updates are subject to known system files, including, Atmfd.dll, Atmlib.dll, Win32k.sys, Fntcache.dll, Dwrite.dll. 11 vulnerabilities are related to the OpenType Font Parsing Vulnerability type and can be used by attackers for remote code execution using a specially formed font file. Vulnerabilities in the Windows components of the Adobe Type Manager Library (Atmfd.dll) and in the Windows DirectWrite library (Dwrite.dll) are used to do this. The update also fixes a number of vulnerabilities in drivers and system components of Windows: CVE-2015-2433 ( Kernel ASLR Bypass ) refers to the kernel and can be used by attackers to get the kernel address in an illegitimate way, which allows to bypass Kernel ASLR, CVE-2015-2453 ( CSRSS Elevation of Privilege ) is present in the Windows system file csrss.exe and allows you to upgrade your privileges to the SYSTEM level, CVE-2015-2454 ( Windows KMD Security Feature Bypass ) is present in the system driver and allows attackers to get the level of impersonation they need. The update is relevant for all versions of Windows, including, Windows 10. Critical. Exploitation Less Likely .
Update MS15-081 fixes multiple vulnerabilities in Microsoft Office products. Vulnerabilities are of type Remote Code Execution and can be used by attackers for remote code execution using specially crafted Office files. Critical. Exploitation More Likely .
Update MS15-082 fixes two vulnerabilities CVE-2015-2472 ( Remote Desktop Session Host Spoofing Vulnerability ) and CVE-2015-2473 ( Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability ) that are present in the RDP client component. The first vulnerability applies to all versions of Windows except the latest Windows 10, the second is relevant only for WIndows 7 SP1. The first vulnerability can be exploited using a Man-in-the-Middle (MiTM) attack, an attacker can generate an illegitimate digital certificate with the identifier and name of the owner known to the RDP client, and then gain access to the user's RDP session. Operation of the second vulnerability is possible using a special DLL-library, which will be located in the current user directory, then the user needs to open the RDP file located in the same directory. After that, the RDP service will execute the code from this library. Important.
The MS15-083 update closes the RCE vulnerability CVE-2015-2474 in the SMB service on Windows Vista and Windows Server 2008. To exploit the vulnerability, an attacker must have valid credentials to connect to the SMB server, and then he needs to send a specially crafted string to request to this server (SMB server error logging). Updates are subject to drivers Srvnet.sys and Srv.sys. Important. Exploitation Less Likely .
Update MS15-084 closes three Information Disclosure vulnerabilities in XML Core Services products that attackers can use to unauthorized information. Actual for all versions of Windows, except Windows 10. Important. Exploitation Unlikely .
Update MS15-085 closes the LPE vulnerability CVE-2015-1769 in the mount manager component of all versions of Windows. We wrote about it in detail here . Important. Exploitation Detected .
More detailed information about all released updates can be found here .
1 - Exploitation More Likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploitation Less Likely
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
To view the details of the Windows 10 update, see KB3081436 .
be secure.
Unlike Internet Explorer 11, Edge defaults to working with high security settings: tab processes run as 64-bit and work on the Integrity-level AppContainer. Within MS15-079, IE was also updated, in which 13 vulnerabilities were closed, most of which are of type RCE.
')
Update MS15-080 fixes multiple vulnerabilities in Windows graphics components that are used by various products and components, including Office, .NET Framework, Lync, and Silverlight. Updates are subject to known system files, including, Atmfd.dll, Atmlib.dll, Win32k.sys, Fntcache.dll, Dwrite.dll. 11 vulnerabilities are related to the OpenType Font Parsing Vulnerability type and can be used by attackers for remote code execution using a specially formed font file. Vulnerabilities in the Windows components of the Adobe Type Manager Library (Atmfd.dll) and in the Windows DirectWrite library (Dwrite.dll) are used to do this. The update also fixes a number of vulnerabilities in drivers and system components of Windows: CVE-2015-2433 ( Kernel ASLR Bypass ) refers to the kernel and can be used by attackers to get the kernel address in an illegitimate way, which allows to bypass Kernel ASLR, CVE-2015-2453 ( CSRSS Elevation of Privilege ) is present in the Windows system file csrss.exe and allows you to upgrade your privileges to the SYSTEM level, CVE-2015-2454 ( Windows KMD Security Feature Bypass ) is present in the system driver and allows attackers to get the level of impersonation they need. The update is relevant for all versions of Windows, including, Windows 10. Critical. Exploitation Less Likely .
Update MS15-081 fixes multiple vulnerabilities in Microsoft Office products. Vulnerabilities are of type Remote Code Execution and can be used by attackers for remote code execution using specially crafted Office files. Critical. Exploitation More Likely .
Update MS15-082 fixes two vulnerabilities CVE-2015-2472 ( Remote Desktop Session Host Spoofing Vulnerability ) and CVE-2015-2473 ( Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability ) that are present in the RDP client component. The first vulnerability applies to all versions of Windows except the latest Windows 10, the second is relevant only for WIndows 7 SP1. The first vulnerability can be exploited using a Man-in-the-Middle (MiTM) attack, an attacker can generate an illegitimate digital certificate with the identifier and name of the owner known to the RDP client, and then gain access to the user's RDP session. Operation of the second vulnerability is possible using a special DLL-library, which will be located in the current user directory, then the user needs to open the RDP file located in the same directory. After that, the RDP service will execute the code from this library. Important.
The MS15-083 update closes the RCE vulnerability CVE-2015-2474 in the SMB service on Windows Vista and Windows Server 2008. To exploit the vulnerability, an attacker must have valid credentials to connect to the SMB server, and then he needs to send a specially crafted string to request to this server (SMB server error logging). Updates are subject to drivers Srvnet.sys and Srv.sys. Important. Exploitation Less Likely .
Update MS15-084 closes three Information Disclosure vulnerabilities in XML Core Services products that attackers can use to unauthorized information. Actual for all versions of Windows, except Windows 10. Important. Exploitation Unlikely .
Update MS15-085 closes the LPE vulnerability CVE-2015-1769 in the mount manager component of all versions of Windows. We wrote about it in detail here . Important. Exploitation Detected .
More detailed information about all released updates can be found here .
1 - Exploitation More Likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploitation Less Likely
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
To view the details of the Windows 10 update, see KB3081436 .
be secure.
Source: https://habr.com/ru/post/264713/
All Articles