|
|
|
Severity Rating: Critical
Revision Note: V1.0 (July 20, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
|
|
|
Full View / NID: 55142 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 55133 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
|
Full View / NID: 55100 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
|
Full View / NID: 55099 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
|
|
|
Full View / NID: 55098 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
|
|
|
Full View / NID: 55093 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. An attacker must first log on to the system to exploit this vulnerability.
|
|
|
Full View / NID: 55092 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
|
Full View / NID: 55045 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published
Summary: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
|
|
|
Full View / NID: 55044 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.
|
|
|
Full View / NID: 55043 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Windows Hyper-V. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An an attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.
|
|
|
Full View / NID: 55042 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|
|
|
Full View / NID: 55041 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker convinces a user to open a file that contains a specially crafted OLE component.
|
|
|
Full View / NID: 55040 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
|
|
|
Full View / NID: 55039 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V2.1 (June 23, 2015): V2.1 (June 23, 2015): Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
|
|
|
Full View / NID: 54767 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (June 23, 2015): Bulletin published.
Summary: Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
|
|
|
Full View / NID: 54766 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.4 (June 17, 2015): Replaced CVE number CVE-2014-4078 with CVE number CVE-2014-8985. This is an informational change only. The CVE description was not changed. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 54689 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (June 17, 2015): Corrected bulletin replacement for the 3035488 update for .NET Framework 2.0 on all affected editions of Windows Server 2003 Service Pack 2.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker sends specially crafted data to a WinForms application running in partial trust.
|
|
|
Full View / NID: 54688 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (June 9, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
|
|
|
Full View / NID: 54839 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (June 9, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL.
|
|
|
Full View / NID: 54640 / Submitted by: The Zilla of Zuron
|
|
