Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Microsoft patches released on September 8

by

Microsoft has just released the patches for September. The details are available at  http://technet.microsoft.com/en-us/security/bulletin/ms15-sep

There are a total of twelve bulletins being released. Five of the vulnerabilities being patched are identified as CRITICAL and the remainder are classified as IMPORTANT. Vulnerabilities being patched in bulletins MS15-094, MS15-095 and MS15-097 through MS15-100 could allow remote code execution if successfully exploited. These are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems.  In the case of Windows or Office vulnerabilities, remote code execution is exploitable via specially crafted files or media content.

The September bulletins are identified as MS15-094/MS15-105

CRITICAL patches for September

The CRITICAL vulnerabilities apply to Internet Explorer, Edge (MS15-095), Windows, Office, Lync and SharePoint Foundation, and could allow remote code execution if successfully exploited.

The IMPORTANT bulletins apply to Office, Windows, .NET framework, Exchange, Skype for Business and Lync Server.

MS15-094 – Internet Explorer – CRITICAL

There are a total of seventeen vulnerabilities being patched in Internet Explorer (not all of which are designated as critical). Thirteen of the seventeen vulnerabilities would allow a critical remote code execution if successfully exploited (on workstations) and in some aspect, apply to all current supported versions of Internet Explorer.  The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises.  Other mechanisms of compromise could allow the following exploits: Elevation of Privilege, or Information Disclosure.

As of this time, only one of the seventeen vulnerabilities has been publically disclosed. However, exploits of the vulnerability have yet to materialize.

Note: The vulnerabilities are classified as MODERATE for Server operating systems such as Windows Server 2008 (32, 64 bit and Itanium), Server 2008R2, Server 2012 and Server 2012R2.

MS15-095 – Windows 10 – Microsoft Edge – CRITICAL

There are four remote code execution vulnerabilities being patched in the Edge web browser that ships with Windows 10. All four of the vulnerabilities could allow a critical remote code execution if successfully exploited on Windows 10 workstations. As of this time, only one of the four has been publicly disclosed. However, exploits of the vulnerability have yet to materialize.

MS15-096 – Active Directory – IMPORTANT

There is one vulnerability being patched Windows Active Directory that could enable a denial of service condition if successfully exploited.  The condition exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive.

To exploit this vulnerability an attacker must have valid credentials. An attacker could exploit this vulnerability by creating multiple machine accounts, resulting in denial of service. The update addresses the vulnerability by correcting how machine accounts are created.

MS15-097 – Windows, Office and LyncGraphics component and others – CRITICAL (others designated as IMPORTANT)

There are a total of eleven vulnerabilities being patched in several modules of Windows. The module identified as having CRITICAL vulnerability is known as Windows Graphics component and applies to Office 2007 and 2010 (32 and 64 bit versions), Microsoft Lync (also known as Live meeting 2007, Lync 2010 attendee, Lync 2010, and Lync 2013/Lync 2013 basic) and also Windows Sever 2008. This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

Other modules that are being patched in bulletin MS15-097 (such as font driver/font parsing, or Win32K memory corruption) are limited to elevation of privilege or denial of service compromises and for that reason are classified as IMPORTANT. Only one of the important vulnerabilities are currently known to be publicly available and have active exploits. The specific vulnerability is an elevation of privilege condition and applies to Win32K memory.

This security update is rated as critical for Windows Server 2008

MS15-098 –  Windows – journal – CRITICAL  

There are five vulnerabilities being patched for Windows journal. Four of the vulnerabilities are classified as CRITICAL (as they are remote code execution) and the remaining one is classified as low (as it is a denial of service). As of this time, none of the vulnerabilities have been publically disclosed.

The vulnerabilities are designated as critical even for Windows Server operating systems.

MS15-099 –  Office – CRITICAL  (and also IMPORTANT)

There are five remote code execution vulnerabilities being patched in Microsoft Office 2007, 2010 and 2013 and Excel 2007, 2010 and 2013 (for Windows and Macintosh). Only one of the vulnerabilities is designated as CRITICAL and it only applies to Windows. As of this time, none of the vulnerabilities have been publicly disclosed.

MS15-0100 –  Windows – Media center – IMPORTANT

There is one IMPORTANT remote code execution vulnerability being patched in Windows media center for Windows 7, 8 and Windows 8.1 (32 and 64 bit systems). The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. As of this time, the vulnerability has not been publicly disclosed.

MS15-0101 –  Windows – .NET framework – IMPORTANT

There are two IMPORTANT vulnerabilities being patched in the .NET framework module of all current Workstation and Server versions (even server core only installations) of Windows. One of the vulnerabilities would allow an elevation of privilege if successfully exploited. The second vulnerability would enable a denial of service condition. Information indicates that this vulnerability has been publicly disclosed as of 9/8.

MS15-0102 –  Windows – task manager – IMPORTANT

There are three IMPORTANT elevation of privilege vulnerabilities being patched in the task manager module of Windows. The patch applies to all current workstation and server versions of Windows (including server core only installations). As of this time, none of the vulnerabilities have been publicly disclosed.

MS15-0103 –  Exchange server – IMPORTANT

There are three IMPORTANT vulnerabilities being patched in Microsoft Exchange Server 2013 (service pack 1 and cumulative update 8 and 9). One of the vulnerabilities would allow an information disclosure if successfully exploited. The remaining two would allow a spoofing condition to take place. As of this time, the spoofing vulnerabilities have not been publicly disclosed.

MS15-0104 –  Skype for Business 2015 (aka Lync server) – IMPORTANT

There are three IMPORTANT vulnerabilities being patched in Skype for Business. Two of the vulnerabilities would enable information disclosure if successfully exploited. The third vulnerability would enable an elevation of privilege condition.

MS15-0105 –  Windows – Hyper-V- IMPORTANT

There is single security bypass vulnerability being patched in the Hyper-V module of Windows. The vulnerability applies to Windows 8.1, Windows 10 and Server 2012 (including server core only installations).

A security feature bypass vulnerability exists in Windows Hyper-V when access control list (ACL) configuration settings are not applied correctly. To exploit the vulnerability, an attacker could run a specially crafted application that could cause Hyper-V to allow unintended network traffic. Customers who have not enabled the Hyper-V role are not affected. The security update addresses the vulnerability by correcting how Hyper-V applies ACL configuration settings.

Adobe products
On Sept 8, one patch was released for Adobe shockwave

Details for the Adobe Flash patches are available at https://helpx.adobe.com/security/products/flash-player/apsb15-22.html

AgriLife ISO Recommendation

Considering the fact that the Internet Explorer vulnerabilities are likely to be exploited in the near future, it is recommended that the September patches for Microsoft be applied as soon as possible to workstation and also server systems following appropriate testing.