Microsoft has just released the patches for December. The details are available at http://technet.microsoft.com/en-us/security/bulletin/ms15-dec
There are a total of twelve bulletins being released. Eight of the bulletins being patched are identified as CRITICAL and the remainder are classified as IMPORTANT. Vulnerabilities being patched in bulletins MS15-124 through MS15-131 could allow remote code execution if successfully exploited.
Remote code execution exploits are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems. In the case of Windows or Office vulnerabilities, remote code execution is exploitable via specially crafted files or media content. The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises. Other mechanisms of compromise could allow the following exploits: Elevation of Privilege, or Information Disclosure.
The December bulletins are identified as MS15-124/MS15-135
CRITICAL patches for December
The CRITICAL vulnerabilities apply to Windows, Internet Explorer, Edge (Windows 10 browser) and Office and could allow remote code execution if successfully exploited.
IMPORTANT bulletins apply to Windows.
MS15-124– Internet Explorer – Remote Code Execution – CRITICAL
There are a total of twenty-eight vulnerabilities being patched in Internet Explorer (not all of which are designated as critical). More than twenty-three of the twenty-eight vulnerabilities would allow a critical remote code execution if successfully exploited (on workstations) and in some aspect, apply to all current supported versions of Internet Explorer. The remaining patches address vulnerabilities that could allow Security Feature Bypass (XSS), Information Disclosure or Elevation of Privilege if successfully exploited.
As of this time, none of the Internet Explorer Remote Code Execution vulnerabilities have been publicly disclosed.
Note: The vulnerabilities are classified as MODERATE for Server operating systems such as Windows Server 2008 (32, 64 bit and Itanium), Server 2008R2, Server 2012 and Server 2012R2.
MS15-125 – Windows 10 – Microsoft Edge – Remote Code Execution – CRITICAL
There are a total of fifteen vulnerabilities being patched in the Edge web browser that ships with Windows 10. Ten of the vulnerabilities could allow Remote Code Execution on workstations if successfully exploited on Windows 10 workstations. The remaining patches address vulnerabilities that could allow Security Feature Bypass (XSS), Information Disclosure, Elevation of Privilege or spoofing if successfully exploited. As of this time, none of the Edge Browser Remote Code Execution vulnerabilities have been publicly disclosed.
MS15-126 – Windows Vista and Server 2008 – JScript and VBScript versions 5.7 and 5.8 – Remote Code Execution – CRITICAL
There are two vulnerabilities being patched in the Visual Basic Scripting engine in Windows for the following Operating Systems: Windows Vista (32 and 64 bit versions), Windows Server 2008 (including server core only installations). The more severe of the vulnerabilities (CVE-2015-6136) could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website The second vulnerability being patched in MS15-126 is an information disclosure vulnerability.
No details are available regarding public disclosure of the Windows VBScript vulnerability
MS15-127 – Windows DNS – Remote Code Execution – CRITICAL for ALL current server operating systems including server core only installs
There is one remote code execution vulnerability being patched in Windows DNS for current server operating systems. Various resources are advising this patch be applied as soon as possible to server operating systems that use Microsoft DNS resources.
Note: Even Server Core only installations of Windows Server 2008, 2008R2 and 2012 are vulnerable to a remote code execution exploit.
MS15-128 – Windows, .NET framework, Silverlight, Office 2007/2010, Lync 2010/2013 and Skype for Business 2016 – Remote Code Execution – CRITICAL
There are three vulnerabilities being patched in the Microsoft Graphic component for several Microsoft products. All of which could allow remote code execution if successfully exploited. The vulnerabilities exist in the following workstation products: Vista (32 and 64 bit), Windows 7 (32 and 64 bit), Windows 8/8.1 (32 and 64 bit), Windows RT and RT 8.1, and Windows 10. At least one of the vulnerabilities also exist in the following Server products: Server 2008, Server 2008R2, Server 2012,
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS15-129 – Windows Silverlight installations on all platforms (including Mac) – Remote Code Execution – CRITICAL
There is one Remote Code Execution and two Information Disclosure vulnerabilities being patched in Windows Silverlight. The vulnerability exists in all versions of Silverlight 5 or Silverlight 5 Developer Runtime when installed on any workstation or server system including Macintosh.
To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS15-130 – Microsoft Uniscribe– Remote Code Execution – CRITICAL
There is one Remote Code Execution vulnerability being patched in Windows .NET framework. The vulnerability applies to the following products: Windows 7, and Server 2008R2 including Server core only installations. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
As of this time, no information has been provided by Microsoft indicating if the details have been disclosed publicly or has exploit code been potentially identified.
Note: Even Server Core Only installations are affected by the Elevation of Privilege vulnerability.
MS15-131 – Microsoft Office – Remote Code Execution – CRITICAL
There are six vulnerabilities being patched in Microsoft Office. The vulnerabilities applies to all current Microsoft Office versions. At least one of the vulnerabilities (CVE-2015-6172 ) could allow remote code execution if successfully exploited. The remaining vulnerabilities are classified as IMPORTANT.
The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
As of this time, information provided by Microsoft indicates the details of one of the six vulnerabilities are being actively exploited. However, the active exploit is NOT for the vulnerability identified as CRITICAL.
Note: See Dec 9 update below
MS15-132– Windows – Remote Code Execution – IMPORTANT
There is one Remote Code Execution vulnerability classified as IMPORTANT being patched in all versions of Windows. The vulnerability applies to all current Microsoft Server and workstation operating systems including those with the Server Core Only installation option.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS15-133 – Windows Pragmatic General Multicast (PGM) – Elevation of Privilege – IMPORTANT
There is one Elevation of Privilege vulnerability classified as IMPORTANT being patched in Windows PGM. The vulnerability applies to all current Microsoft Server and workstation operating systems including those with the Server Core Only installation option.
The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed. Microsoft Message Queuing (MSMQ) must be installed and the Windows Pragmatic General Multicast (PGM) protocol specifically enabled for a system to be vulnerable. MSMQ is not present in default configurations and, if it is installed, the PGM protocol is available but disabled by default.
MS15-134 – Windows Media Center – Remote Code Execution and Information Disclosure – IMPORTANT
There is one Remote Code Execution and one Information Disclosure vulnerability classified as IMPORTANT being patched in Windows Media Center. The vulnerability applies to the following Workstation operating systems: Vista (32 and 64 bit), Windows 7 (32 and 64 bit), and Windows 8/8.1 (32 and 64 bit).
The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
MS15-135 – Windows Kernel Mode Drivers – Elevation of Privilege/Denial of Service – IMPORTANT
There are four Elevation of Privilege/Denial of Service vulnerabilities being patched in all current Windows workstation and server operating system versions.
The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. For the following operating systems, two of the vulnerabilities are classified as moderate and exploitation would cause a denial of service condition as opposed to an elevation of privilege: Windows 8/8.1, Windows RT/RT8.1, Windows 10 and Server 2012 (including Server core only installs). The remaining supported operating systems (Windows Vista, Windows 7, Server 2008 and 2008R2) could potentially experience Elevation of Privilege compromises on at least 3 of the four vulnerabilities.
Update Dec 9 10:30 a.m.
A number of individuals experienced problems with KB3114409 (also known as CVE-2015-6124 under MS15-131). For that reason the update has been removed from distribution by Microsoft.
Adobe products
On December 8, one patch was released for Adobe Flash. The patch addresses seventy-seven! vulnerabilities. The current version of Flash is now 20.0.0.248.
Details for the Adobe Acrobat/Reader patches are available at https://helpx.adobe.com/security/products/reader/apsb15-32.html
Updated versions of Chrome and Internet Explorer 10/11 and Edge also have the new Flash security patches included. The updated versions are Chrome – 47.0.2526.80 and 51.0 for Internet Explorer
AgriLife ISO Recommendation
Considering the fact that the Internet Explorer vulnerabilities are likely to be exploited in the near future, it is recommended that the December patches for Microsoft be applied as soon as possible to workstation and also server systems following appropriate testing.