Archive

Archive for September, 2015

MS15-097 – Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (September 30, 2015): Revised bulletin to announce the availability of an update package for Skype for Business 2016. Customers running Skype for Business 2016 should apply the 2910994 update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

Categories: Uncategorized Tags:

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version: 2.0

Revision Note: V2.0 (September 30, 2015): Bulletin Summary revised to announce the availability of update packages for Microsoft Office 2016 in MS15-097 and for Skype for Business 2016 in MS15-099. Customers running Microsoft Office 2016 or Skype for Business 2016 should apply the applicable updates to be protected from the vulnerabilities discussed in the bulletins. The majority of customers have automatic updating enabled and will not need to take any action because applicable updates will be downloaded and installed automatically.
Summary: This bulletin summary lists security bulletins released for September 2015.

Categories: Uncategorized Tags:

MS15-099 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) – Version: 3.0

Severity Rating: Critical
Revision Note: V3.0 (September 30, 2015): Revised bulletin to announce the availability of an update package for Microsoft Office 2016. Customers running Microsoft Office 2016 should apply the 2910993 update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS15-099 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) – Version: 3.0

Severity Rating: Critical
Revision Note: V3.0 (September 30, 2015): Revised bulletin to announce the availability of an update package for Microsoft Office 2016. Customers running Microsoft Office 2016 should apply the 2910993 update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version: 2.0

Revision Note: V2.0 (September 30, 2015): Bulletin Summary revised to announce the availability of update packages for Microsoft Office 2016 in MS15-097 and for Skype for Business 2016 in MS15-099. Customers running Microsoft Office 2016 or Skype for Business 2016 should apply the applicable updates to be protected from the vulnerabilities discussed in the bulletins. The majority of customers have automatic updating enabled and will not need to take any action because applicable updates will be downloaded and installed automatically.
Summary: This bulletin summary lists security bulletins released for September 2015.

Categories: Uncategorized Tags:

MS15-097 – Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (September 30, 2015): Revised bulletin to announce the availability of an update package for Skype for Business 2016. Customers running Skype for Business 2016 should apply the 2910994 update to be protected from the vulnerabilities discussed in this bulletin. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

Categories: Uncategorized Tags:

MS15-092 – Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) – Version: 1.2

Severity Rating: Important
Revision Note: V1.2 (September 25, 2015): Added a footnote to the Affected Software table to inform customers that Windows Server Technical Preview 2 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

Categories: Uncategorized Tags:

MS15-101 – Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (September 25, 2015): Removed Windows Server Technical Preview 3 from the Affected Software table footnote because it is not affected by the vulnerabilities described in this security bulletin. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

Categories: Uncategorized Tags:

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version: 1.4

Revision Note: V1.4 (September 25, 2015): For MS15-099, added the 3088502 update for Microsoft Office 2016 for Mac, which is available as of September 15, 2015. For more information see Microsoft Knowledge Base Article 3088502.
Summary: This bulletin summary lists security bulletins released for September 2015.

Categories: Uncategorized Tags:

MS15-101 – Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (September 25, 2015): Removed Windows Server Technical Preview 3 from the Affected Software table footnote because it is not affected by the vulnerabilities described in this security bulletin. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

Categories: Uncategorized Tags:

MS15-092 – Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) – Version: 1.2

Severity Rating: Important
Revision Note: V1.2 (September 25, 2015): Added a footnote to the Affected Software table to inform customers that Windows Server Technical Preview 2 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

Categories: Uncategorized Tags:

3097966 – Inadvertently Disclosed Digital Certificates Could Allow Spoofing – Version: 1.0

Revision Note: V1.0 (September 24, 2015): Advisory published.
Summary: Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows.

Categories: Uncategorized Tags:

3097966 – Inadvertently Disclosed Digital Certificates Could Allow Spoofing – Version: 1.0

Revision Note: V1.0 (September 24, 2015): Advisory published.
Summary: Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows.

Categories: Uncategorized Tags:

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version: 1.3

Revision Note: V1.3 (September 23, 2015): Bulletin Summary revised to correct the title for CVE-2015-2514 in the Exploitability Index. This is an informational change only. Customers who have already successfully installed the update that addresses the vulnerability do not need to take any action.
Summary: This bulletin summary lists security bulletins released for September 2015.

Categories: Uncategorized Tags:

MS15-098 – Critical: Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (September 23, 2015): Bulletin revised to correct the severity and impact for CVE-2015-2514. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

MS15-098 – Critical: Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (September 23, 2015): Bulletin revised to correct the severity and impact for CVE-2015-2514. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version: 1.3

Revision Note: V1.3 (September 23, 2015): Bulletin Summary revised to correct the title for CVE-2015-2514 in the Exploitability Index. This is an informational change only. Customers who have already successfully installed the update that addresses the vulnerability do not need to take any action.
Summary: This bulletin summary lists security bulletins released for September 2015.

Categories: Uncategorized Tags:

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge – Version: 47.0

Revision Note: V47.0 (September 21, 2015): Added the 3087040 update to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; the update is also available for Adobe Flash Player in Microsoft Edge on all supported editions of Windows 10. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

Categories: Uncategorized Tags:

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge – Version: 47.0

Revision Note: V47.0 (September 21, 2015): Added the 3087040 update to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10; the update is also available for Adobe Flash Player in Microsoft Edge on all supported editions of Windows 10. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

Categories: Uncategorized Tags:

MS15-099 – Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (September 15, 2015): Bulletin revised to announce that the 3088502 update for Microsoft Office for Mac 2016 is available. For more information see Microsoft Knowledge Base Article 3088502.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags: