Microsoft fixed a dangerous vulnerability in Windows Server
Microsoft has released a set of updates for its products, fixing 71 vulnerabilities in them. In total, eight Critical updates were released (a record number for one month) and four updates with the Important status. By updating MS15-127, the company fixed a dangerous vulnerability in Windows Server 2008+ with identifier CVE-2015-6125. The use-after-free vulnerability was present in the DNS Server service component (Dns.exe) and allowed attackers to remotely execute code with high rights in the system (LocalSystem) by sending a specially crafted DNS request to the server.
Two vulnerabilities in the win32k.sys driver and Office package, which are at the stage of active exploitation by attackers, have also been fixed. The first CVE-2015-6175 is used by attackers to gain SYSTEM rights in Windows, and the second CVE-2015-6175 for remote code execution using a specially crafted Office file.
')
The MS15-124 update fixes thirty different vulnerabilities in the Internet Explorer web browser, most of these vulnerabilities are of the Remote Code Execution type and can be used by attackers for remote code execution via a specially crafted web page. Upgrade to all versions of IE 7-11. Critical.
The MS15-125 update fixes 15 vulnerabilities in the Edge web browser, which can also be used by attackers to remotely execute code in the system through the browser. One of the vulnerabilities CVE-2015-6161 can be used by attackers to bypass the ASLR. Critical.
The MS15-126 update fixes two vulnerabilities in the JScript (jscript.dll) and VBScript (vbscript.dll) engines on Windows Vista, which Internet Explorer uses to work with JavaScript and Visual Basic Scripting. Remote code execution is possible through a web page with special content, or through an Office document with malicious ActiveX content. Critical.
The MS15-128 update fixes three vulnerabilities in the win32k.sys driver, system libraries Gdiplus.dll, Advapi32.dll, Kernel32.dll, Ole32.dll, as well as in the .NET Framework software for all Windows Vista + operating systems. Vulnerabilities allow attackers to remotely execute code in the system using special font files, as well as in products such as Skype for Business 2016, Microsoft Lync 2013, Microsoft Lync 2010, Office 2007, Office 2010. Critical.
Update MS15-129 fixes three RCE and Information Disclosure vulnerabilities in the Silverlight 5 platform, the plug-in for which works in modern web browsers to play media content. Such content can be used by attackers to execute malicious code using the specified vulnerabilities. Critical.
The MS15-130 update fixes one RCE vulnerability in the Uniscribe component (Usp10.dll) on Windows 7. The vulnerability allows attackers to remotely execute code in the system using a malicious font file located on a web page. Critical.
Update MS15-135 fixes 4 vulnerabilities like Local Privilege Escalation in win32k.sys driver and system libraries on all Windows Vista + operating systems. Vulnerabilities can be used by attackers to elevate their privileges in the system to the SYSTEM level and unauthorized launch of kernel mode code. Important.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
technet.microsoft.com/library/security/ms15-dec
be secure.
Two vulnerabilities in the win32k.sys driver and Office package, which are at the stage of active exploitation by attackers, have also been fixed. The first CVE-2015-6175 is used by attackers to gain SYSTEM rights in Windows, and the second CVE-2015-6175 for remote code execution using a specially crafted Office file.
')
The MS15-124 update fixes thirty different vulnerabilities in the Internet Explorer web browser, most of these vulnerabilities are of the Remote Code Execution type and can be used by attackers for remote code execution via a specially crafted web page. Upgrade to all versions of IE 7-11. Critical.
The MS15-125 update fixes 15 vulnerabilities in the Edge web browser, which can also be used by attackers to remotely execute code in the system through the browser. One of the vulnerabilities CVE-2015-6161 can be used by attackers to bypass the ASLR. Critical.
The MS15-126 update fixes two vulnerabilities in the JScript (jscript.dll) and VBScript (vbscript.dll) engines on Windows Vista, which Internet Explorer uses to work with JavaScript and Visual Basic Scripting. Remote code execution is possible through a web page with special content, or through an Office document with malicious ActiveX content. Critical.
The MS15-128 update fixes three vulnerabilities in the win32k.sys driver, system libraries Gdiplus.dll, Advapi32.dll, Kernel32.dll, Ole32.dll, as well as in the .NET Framework software for all Windows Vista + operating systems. Vulnerabilities allow attackers to remotely execute code in the system using special font files, as well as in products such as Skype for Business 2016, Microsoft Lync 2013, Microsoft Lync 2010, Office 2007, Office 2010. Critical.
Update MS15-129 fixes three RCE and Information Disclosure vulnerabilities in the Silverlight 5 platform, the plug-in for which works in modern web browsers to play media content. Such content can be used by attackers to execute malicious code using the specified vulnerabilities. Critical.
The MS15-130 update fixes one RCE vulnerability in the Uniscribe component (Usp10.dll) on Windows 7. The vulnerability allows attackers to remotely execute code in the system using a malicious font file located on a web page. Critical.
Update MS15-135 fixes 4 vulnerabilities like Local Privilege Escalation in win32k.sys driver and system libraries on all Windows Vista + operating systems. Vulnerabilities can be used by attackers to elevate their privileges in the system to the SYSTEM level and unauthorized launch of kernel mode code. Important.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
technet.microsoft.com/library/security/ms15-dec
be secure.
Source: https://habr.com/ru/post/272693/
All Articles