14 Security Bulletins were released – 4 Critical, 10 Important, and 0 Moderate
This Month In Brief
14 Security Bulletins were released – 4 Critical, 10 Important
We have not uncovered any widespread problems with any of 14 Security Bulletins and are releasing all of them.
We have seen problems with KB3087916 and KB3081424 have denied it in all patch polices – see details below.
MS15-079, MS15-080, MS15-081 and MS15-091 are rated Critical.
After your next patch cycle completes you should follow up and make sure these are installed.
Out-of-band security updates
Microsoft Security Bulletin MS15-078 was released on July 20 and it was approved in Kaseya the same day.
MS15-078: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
https://technet.microsoft.com/library/security/MS15-078
Denied Updates
KB3087916 – Security update for Flash player
https://support.microsoft.com/en-us/kb/3087916
We are denying this until Microsoft releases a revised update.
“Microsoft has accidentally updated the embedded flash player in Internet Explorer 11 to use the debugger version instead of the ‘normal’ version.”
And causes “alert boxes pop up on some but not all sites that use flash and warn about action script and other flash features.”
See: http://myonlinesecurity.co.uk/flash-player-alerts-or-warnings-when-using-internet-explorer-11-on-windows-88-1-and-windows-10/
KB3081424 – Cumulative Update for Windows 10: August 5, 2015
“Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes. If you have previous updates installed, only the new fixes that are contained in this package will be downloaded and installed to your computer.”
On August 5th Microsoft release KB3081424 – a cumulative update. KB3081424 was causing some machines to go into a reboot loop. On August 11th (Patch Tuesday) Microsoft released KB3081436. KB3081436 is a cumulative update and replaced/superseded KB3081424.
Cumulative update for Windows 10: August 11, 2015
https://support.microsoft.com/en-us/kb/3081436
There have reports of KB3081436 failing to install correctly.
Cumulative Update for Windows 10 (KB3081424) fails to install –
Microsoft Community:http://answers.microsoft.com/en-us/windows/forum/windows_10-update/cumulative-update-for-windows-10-kb3081424-fails/c7c1750a-63be-4b88-9a49-e18bfa8782de?auth=1
However no one has seen KB3081440 available?
There is a registry fix/hack that has been shown to fix this issue. If you are having trouble with KB3081424 or KB3081436 search for “KB3081424 fix” or “KB3081436 fix”. Because this is not sanctioned by Microsoft, and we not have tried it, we can’t recommend it.
Exploitability
- Publically disclosed: None
- Being exploited: MS15-081, MS15-085
- Rated CRITICAL: MS15-079, MS15-080, MS15-081, MS15-091
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
Requires Restart
- Servers:True
- Workstations:True
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
MS15-079 Cumulative Security Update for Internet Explorer (3082442) | (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) | (.NET Framework, Office, Lync, Silverlight) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. |
|
MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) | (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. |
|
MS15-091 Cumulative Security Update for Microsoft Edge (3084525) | (Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. |
IMPORTANT
MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution (3080348) | (Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. |
|
MS15-083 Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921) | (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging. |
|
MS15-084 Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129) | (Microsoft Office) The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. |
|
MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) | (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. |
|
MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158) | (Microsoft Server Software) The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. |
|
MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) | (Microsoft Server Software) The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. |
|
MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) | (Microsoft Windows) To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. |
|
MS15-089 Vulnerability in WebDAV Could Allow Information Disclosure (3076949) | (Microsoft Windows) The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. |
|
MS15-090 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) | (Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox. |
|
MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) | (.NET Framework) The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. |