|
Severity Rating: Critical Revision Note: V2.1 (September 8, 2015): Revised bulletin to add an Update FAQ that explains why customers running Office 2010 on Windows Vista and later versions of Windows are not being offered the 3054846 update. Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
|
|
Full View / NID: 55908 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.
|
|
Full View / NID: 55887 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
|
|
Full View / NID: 55886 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55883 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55882 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
Full View / NID: 55865 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.1 (September 8, 2015): Revised bulletin to correct the security impact and the vulnerability information for CVE-2015-2506 (from denial of service to elevation of privilege). This is an informational change only. Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
|
|
Full View / NID: 55864 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
|
|
Full View / NID: 55863 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55849 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.
|
|
Full View / NID: 55848 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to improperly check configuration settings. Customers who have not enabled the Hyper-V role are not affected.
|
|
Full View / NID: 55847 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
|
|
Full View / NID: 55846 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55845 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V2.0 (September 2, 2015): Bulletin revised to announce that the 3039798 update for Microsoft Office 2013 RT Service Pack 1 is available via Windows Update. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55792 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.1 (August 24, 2015): Updated bulletin to inform customers that on August 18, 2015, a metadata change was implemented on Windows Update for the updates documented in this bulletin. This is an informational change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
|
|
Full View / NID: 55661 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V2.0 (August 21, 2015): Updated bulletin to inform customers running Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 2, and Windows 7 Service Pack 1 that the 3078601 update on the Microsoft Download Center was updated on August 18, 2015. Microsoft recommends that customers who installed the 3078601 update via the Microsoft Download Center prior to August 18 reinstall the update to be fully protected from the vulnerabilities discussed in this bulletin. If you installed update 3078601 via Windows Update, Windows Update Catalog, or WSUS, no action is required. Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
|
|
Full View / NID: 55642 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.1 (August 21, 2015): Improved the Update FAQ section and the footnote for the Affected Software table to help customers more easily identify the correct update to apply based on the currently installed version of RDP on Windows 7 systems. These are informational changes only. Customers who have already successfully applied the update do not need to take any action. Customers who have not already installed the necessary update should do so to be protected from the vulnerability it addresses. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
|
|
Full View / NID: 55641 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.1 (August 20, 2015): Bulletin revised to announce a detection change in the 3087985 update for Internet Explorer. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55627 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Critical Revision Note: V1.0 (August 18, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
Full View / NID: 55588 / Submitted by: The Zilla of Zuron
|
|
Severity Rating: Important Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link; an attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.
|
|
Full View / NID: 55570 / Submitted by: The Zilla of Zuron
|