Microsoft Security Bulletin Coverage (Mar 10, 2015)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of March, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-018 Cumulative Security Update for Internet Explorer (3032359)

  • CVE-2015-0032 VBScript Memory Corruption Vulnerability
    IPS: 10808 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 8”
  • CVE-2015-0072 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 6288 “Internet Explorer Universal XSS 1”
  • CVE-2015-1627 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0056 Internet Explorer Memory Corruption Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0099 Internet Explorer Memory Corruption Vulnerability
    IPS: 10800 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 1”
  • CVE-2015-0100 Internet Explorer Memory Corruption Vulnerability
    IPS: 10801 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 2”
  • CVE-2015-1622 Internet Explorer Memory Corruption Vulnerability
    IPS: 10802 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 3”
  • CVE-2015-1623 Internet Explorer Memory Corruption Vulnerability
    IPS: 10803 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 4”
  • CVE-2015-1624 Internet Explorer Memory Corruption Vulnerability
    IPS: 10805 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 5”
  • CVE-2015-1625 Internet Explorer Memory Corruption Vulnerability
    IPS: 10806 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 6”
  • CVE-2015-1626 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 11c”
  • CVE-2015-1634 Internet Explorer Memory Corruption Vulnerability
    IPS: 10807 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 7”

MS15-019 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)

  • CVE-2015-0032 VBScript Memory Corruption Vulnerability
    IPS: 10808 “Internet Explorer Memory Corruption Vulnerability(MS15-018) 8”

MS15-020 Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)

  • CVE-2015-0081 WTS Remote Code Execution Vulnerability
    ASPY: 4858 “Malformed-File RTF.MP.1_2”
  • CVE-2015-0096 DLL Planting Remote Code Exectution Vulnerability
    ASPY: 4863 “Malformed-File lnk.MP.1”

MS15-021 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)

  • CVE-2015-0074 Adobe Font Driver Denial of Service Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0087 Adobe Font Driver Information Disclosure Vulnerability
    ASPY: 4861 “Malformed-File pfm.MP.1”
  • CVE-2015-0089 Adobe Font Driver Information Disclosure Vulnerability
    ASPY: 4862 “Malformed-File otf.MP.10”
  • CVE-2015-0088 Adobe Font Driver Remote Code Execution Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0090 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”
  • CVE-2015-0091 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”
  • CVE-2015-0092 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”
  • CVE-2015-0093 Adobe Font Driver Remote Code Execution Vulnerability
    ASPY: 4864 “Malformed-File pfb.MP.1”

MS15-022 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)

  • CVE-2015-0085 Microsoft Office Component Use After Free Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-0086 Microsoft Office Memory Corruption Vulnerability
    GAV: 27233 “Malformed.rtf.TL.5”
  • CVE-2015-0097 Microsoft Word Local Zone Remote Code Execution Vulnerability
    ASPY: 4859 “Malformed-File wps.MP.2”
  • CVE-2015-1633 Microsoft SharePoint XSS Vulnerability
    IPS: 2087 “Cross-Site Scripting (XSS) Attack 47”
  • CVE-2015-1636 Microsoft SharePoint XSS Vulnerability
    IPS: 2088 “Cross-Site Scripting (XSS) Attack 48”

MS15-023 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)

  • CVE-2015-0077 Microsoft Windows Kernel Memory Disclosure Vulnerability
    ASPY: 4860 “Malformed-File exe.MP.9”
  • CVE-2015-0078 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0094 Microsoft Windows Kernel Memory Disclosure Vulnerability
    ASPY: 4865 “Malformed-File exe.MP.10”
  • CVE-2015-0095 Microsoft Windows Kernel Memory Disclosure Vulnerability
    This is a local vulnerability.

MS15-024 Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)

  • CVE-2015-0080 Malformed PNG Parsing Information Disclosure Vulnerability
    ASPY: 4855 “Malformed-File png.MP.2”

MS15-025 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)

  • CVE-2015-0073 Registry Virtualization Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0075 Impersonation Level Check Elevation of Privilege Vulnerability
    There is no known exploit in the wild.

MS15-026 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)

  • CVE-2015-1628 OWA Modified Canary Parameter Cross Site Scripting Vulnerability
    IPS: 10804 “Microsoft Exchange Server OWA XSS 3”
  • CVE-2015-1629 ExchangeDLP Cross Site Scripting Vulnerability
    This is a local vulnerability.
  • CVE-2015-1630 Audit Report Cross Site Scripting Vulnerability
    This is a local vulnerability.
  • CVE-2015-1631 Exchange Forged Meeting Request Spoofing Vulnerability
    There is no known exploit in the wild.
  • CVE-2015-1632 Exchange Error Message Cross Site Scripting Vulnerability
    IPS: 6391 “Cross-Site Scripting (XSS) Attack 46”

MS15-027 Vulnerability in NETLOGON Could Allow Spoofing (3002657)

  • CVE-2015-0005 NETLOGON Spoofing Vulnerability
    There is no known exploit in the wild.

MS15-028 Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)

  • CVE-2015-0084 Task Scheduler Security Feature Bypass Vulnerability
    This is a local vulnerability.

MS15-029 Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)

  • CVE-2015-0076 JPEG XR Parser Information Disclosure Vulnerability
    ASPY: 4856 “Malformed-File jxr.MP.1”

MS15-030 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)

  • CVE-2015-0079 Remote Desktop Protocol (RDP) Denial of Service Vulnerability
    There is no known exploit in the wild.

MS15-031 Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

  • CVE-2015-1637 Schannel Security Feature Bypass Vulnerability
    IPS: 6366 “Client Hello with EXPORT Cipher Suites 1”
    IPS: 6412 “Client Hello with EXPORT Cipher Suites 2”
    IPS: 6428 “Server Hello with EXPORT Cipher Suite”
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.