|
|
|
Severity Rating: Critical
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
|
|
|
Full View / NID: 55568 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
|
|
|
Full View / NID: 55567 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: None
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and in certain situations execute it.
|
|
|
Full View / NID: 55552 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.
|
|
|
Full View / NID: 55532 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability affected software Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file that invokes the vulnerable sandboxed application.
|
|
|
Full View / NID: 55526 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
|
|
|
Full View / NID: 55525 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 55524 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and in certain situations execute it.
|
|
|
Full View / NID: 55523 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 55522 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.
|
|
|
Full View / NID: 55505 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.
|
|
|
Full View / NID: 55504 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
|
|
|
Full View / NID: 55503 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.
|
|
|
Full View / NID: 55502 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 55501 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (July 29, 2015): Bulletin revised to correct the Desktop Experience footnote in the Affected Software section. The footnote had incorrectly applied to update 3070738 on Windows Server 2008 R2 when it should have applied to update 3067903 on Windows Server 2008 and Windows Server 2008 R2. Also added a footnote for the 3070738 update to clarify that only systems with RDP 8.1 installed are affected. These are informational changes only. Customers who have already successfully applied the updates do not need to take any action. Customers who have not already installed the necessary updates should do so to be protected from the vulnerability it addresses.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
|
Full View / NID: 55318 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.0 (July 29, 2015): Bulletin published.
Summary: Bulletin rereleased to announce the availability of an update package for Windows 10 systems. Customers running Windows 10 should apply the 3074683 update to be protected from the vulnerability discussed in this bulletin. The update is available via Windows Update only. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
|
|
|
Full View / NID: 55316 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V2.0 (July 29, 2015): Bulletin published.
Summary: Bulletin rereleased to announce the availability of an update package for Windows 10 systems. Customers running Windows 10 should apply the 3074683 update to be protected from the vulnerability discussed in this bulletin. The update is available via Windows Update only. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.
|
|
|
Full View / NID: 55315 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (July 22, 2015): Bulletin revised to improve the Update FAQ section to help customers more easily identify the correct update to apply based on a currently installed version of SQL Server. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
|
|
|
Full View / NID: 55236 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V2.0 (July 22, 2015): Bulletin revised to inform customers of the July 14, 2015 reoffering of the 3004365 update for Windows 8.1 and Windows Server 2012 R2 systems. The update provides defense-in-depth measures beyond what was provided in the original update issued on January 13, 2015. Customers running these operating systems who have already successfully applied the update should reinstall the update to be best protected from the vulnerability discussed in this bulletin.
Summary: This security update resolves a privately reported vulnerability in Windows Error Reporting (WER). The vulnerability could allow security feature bypass if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain access to the memory of a running process. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 55235 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (July 22, 2015): Corrected the affected software entries for CVE-2015-1733 in the Severity Ratings and Vulnerability Identifiers table. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 55234 / Submitted by: The Zilla of Zuron
|
|
