Microsoft has just released the patches for July. The details are available at http://technet.microsoft.com/en-us/security/bulletin/ms15-Jul
There are a total of fourteen bulletins ( including MS15-058), four of which are designated as CRITICAL and the remaining ten are designated as IMPORTANT. The vulnerabilities being patched in bulletins MS15-058, and MS15-065/MS15-70 could allow remote code execution. These are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems. In the case of Windows or Office vulnerabilities, remote code execution is exploitable via specially crafted files or media content.
The bulletins are identified as MS15-065/MS15-077
Note: Bulletin MS15-058 was also released in the July patches – https://technet.microsoft.com/library/security/MS15-058 . The patch is classified as IMPORTANT and applies to all currently supported versions of Microsoft SQL server.
CRITICAL patches for July
The CRITICAL vulnerabilities apply to Internet Explorer and Windows, and could allow remote code execution if successfully exploited.
The IMPORTANT bulletins apply to Office and Windows.
MS15-065 – Internet Explorer
There are a total of twenty-nine vulnerabilities being patched in Internet Explorer. Twenty-one of which are remote code execution if successfully exploited. The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises. Other mechanisms of compromise could allow the following exploits: Elevation of Privilege, Information Disclosure, or Security Feature Bypass (such as Cross Site Scripting (XSS) filter bypass or Address Space Randomization Layout bypass).
As of this time, only four have been disclosed publicly but are not currently being actively exploited. The four disclosed publicly include Cross Site Scripting filter bypass; JScript9 Memory corruption; Information Disclosure; and Address Space Randomization Layout bypass.
Note: The vulnerabilities are classified as MODERATE for Server operating systems.
MS15-066 – Windows – VBScript Scripting Engine (under Internet Explorer)
There is one CRITICAL remote code execution vulnerability being patched in Windows VBScript Scripting Engine. The vulnerability could allow remote code execution if the user visits a specially crafted web page. The vulnerability exists in VBScript version 5.6 for Internet Explorer 6, VBScript version 5.7 for Internet Explorer 6 and 7, VBScript version 5.8 for Internet Explorer 8.
Note: The vulnerabilities for VBScript version 5.8 on Internet Explorer versions 9-11 are being addressed in the July Microsoft Patches for Internet Explorer MS15-065
Note2: Server core only installations of Windows Server 2008 are not vulnerable to the exploit.
MS15-067– Windows – Remote Desktop Protocol.
There is one CRITICAL remote code execution vulnerability being patched in Windows Remote Desktop Protocol. The vulnerability exists in 32 and 64 bit versions of Windows 7, 32 and 64 bit versions of Windows 8, and complete or server core only versions of Windows Server 2012. The protocol is not enabled by default on any Windows operating system. Systems without Remote Desktop Protocol enabled are not at risk.
MS15-068 – Windows – Hyper-V
There are two CRITICAL remote code execution vulnerabilities in Hyper-V for the following versions of Windows: Windows workstation version 8 and 8.1 (64 bit), Windows Server 2008, Server 2008R2, Server 2012, and Server 2012R2. One of the two vulnerabilities is a buffer overflow in Hyper-V and the second is data structure. All operating systems are not vulnerable to both vulnerabilities. All OS versions are vulnerable to the Data structure exploit. The buffer overflow exploit can only be leveraged on 64 bit versions of Windows 8.1 and Server 2012R2 (including server core only versions).
MS15-069 – Windows – DLL – IMPORTANT (classified as CRITICAL for workstations by SANS – https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/ )
There are two IMPORTANT remote code execution vulnerability being patched for Windows DLL. The vulnerabilities exist in all currently supported versions of Windows (including Server 2003). The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file
MS15-070 – Office – IMPORTANT (classified as CRITICAL for workstations by SANS – https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/ )
There are eight remote code execution vulnerabilities being patched for all current versions of Microsoft Office. As of this time, the vulnerabilities have not been publicly disclosed.
MS15-071 – Netlogon – IMPORTANT
There is one elevation of privilege vulnerability being patched in Netlogon for all currently supported versions of Windows Server (including server 2003). The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC).
MS15-072 – Windows GDI – IMPORTANT
There is one elevation of privilege vulnerability being patched in the Graphics component of all current Windows workstation and server versions. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. There have been no reports of exploits being publicly available as of this time.
MS15-073 – Windows Kernel Mode Drivers – IMPORTANT
There are six elevation of privilege vulnerabilities being patched in the Kernel mode Drivers of Windows. There have been no reports of exploits being publicly available as of this time.
MS15-074 – Windows Installer Service – IMPORTANT
There is one elevation of privilege vulnerability being patched in the Installer Service of all currently supported versions of Windows. The condition exists in some cases in the Windows Installer service when it improperly runs custom action scripts. An attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
To exploit the vulnerability, an attacker must first compromise a user who is logged on to the target system, then find a vulnerable .msi package that is installed on the target system and, finally, place specially crafted code on the target system that the vulnerable .msi package can execute.
There have been no reports of exploits being publicly available as of this time.
MS15-075 – Windows Object Linking and Embedding – IMPORTANT (classified as CRITICAL for workstations by SANS – https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/ )
There are two elevation of privilege vulnerabilities being patched in the Object Linking and Embedding (OLE) module of all currently supported versions of Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run through Internet Explorer. Once the other vulnerability has been exploited, an attacker could then exploit the vulnerabilities addressed in this bulletin to cause arbitrary code to run at a medium integrity level. There have been no reports of exploits being publicly available as of this time.
MS15-076 – Windows Remote Procedure Call – IMPORTANT
There are two elevation of privilege vulnerabilities being patched in the Remote Procedure Call (RPC) module of all currently supported versions of Windows. The vulnerability, (which exists in Windows Remote Procedure Call authentication), could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There have been no reports of exploits being publicly available as of this time.
MS15-077 – Windows Adobe Type Manager Font Driver (ATMFD.DLL) – IMPORTANT
There is one elevation of privilege vulnerability being patched in the Adobe Type Manager Font Driver (ATMFD) module. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. The security update addresses the vulnerability by correcting how Adobe Type Manager Font Driver (ATMFD) handles objects in memory. According to SANS, exploits for this vulnerability have been detected.
Adobe products
On July 14, patches were also released for Adobe Flash and Adobe Reader.
The updated version of Flash for Windows and Mac systems is 18.0.0.209. Details for the Adobe Flash patches are available at https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
The updated versions of Reader are 10.1.15 and 11.0.12. Details for the Adobe Reader patches are available at https://helpx.adobe.com/security/products/reader/apsb15-15.html
AgriLife ISO Recommendation
According to the Adobe links, the vulnerabilities for Flash are being actively exploited. Considering that issue and the fact that the Internet Explorer vulnerabilities are likely to be exploited in the near future, it is recommended that the July patches for Microsoft and Adobe products be applied as soon as possible to workstation systems and when feasible for server systems following appropriate testing.
Windows Server 2003 EOL
Also, please note that Windows Server 2003 will no longer be supported after July 14. It is fully expected the Texas A&M IT Network group will be disabling the network connections for any Server 2003 systems identified as active.