Microsoft Security Bulletin Coverage (Jun 9, 2015)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-056 Cumulative Security Update for Internet Explorer (3058515)

  • CVE-2015-1765 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1739 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-1743 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-1748 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 10988 “Internet Explorer Elevation of Privilege Vulnerability (MS15-056) 1”
  • CVE-2015-1687 Internet Explorer Memory Corruption Vulnerability
    IPS: 10977 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 1”
  • CVE-2015-1730 Internet Explorer Memory Corruption Vulnerability
    IPS: 10978 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 2”
  • CVE-2015-1731 Internet Explorer Memory Corruption Vulnerability
    IPS: 10979 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 3”
  • CVE-2015-1732 Internet Explorer Memory Corruption Vulnerability
    IPS: 10980 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 7”
  • CVE-2015-1735 Internet Explorer Memory Corruption Vulnerability
    IPS: 10981 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 10”
  • CVE-2015-1736 Internet Explorer Memory Corruption Vulnerability
    IPS: 10982 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 8”
  • CVE-2015-1737 Internet Explorer Memory Corruption Vulnerability
    IPS: 10983 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 9”
  • CVE-2015-1740 Internet Explorer Memory Corruption Vulnerability
    IPS: 10984 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 12”
  • CVE-2015-1741 Internet Explorer Memory Corruption Vulnerability
    IPS: 10985 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 14”
  • CVE-2015-1742 Internet Explorer Memory Corruption Vulnerability
    IPS: 10986 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 15”
  • CVE-2015-1744 Internet Explorer Memory Corruption Vulnerability
    IPS: 10987 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 19”
  • CVE-2015-1745 Internet Explorer Memory Corruption Vulnerability
    IPS: 2144 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 4”
  • CVE-2015-1747 Internet Explorer Memory Corruption Vulnerability
    IPS: 2145 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 6”
  • CVE-2015-1750 Internet Explorer Memory Corruption Vulnerability
    IPS: 2147 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 11”
  • CVE-2015-1751 Internet Explorer Memory Corruption Vulnerability
    IPS: 2151 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 13”
  • CVE-2015-1752 Internet Explorer Memory Corruption Vulnerability
    IPS: 2153 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 18”
  • CVE-2015-1753 Internet Explorer Memory Corruption Vulnerability
    IPS: 2168 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 22”
  • CVE-2015-1754 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1755 Internet Explorer Memory Corruption Vulnerability
    IPS: 2156 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 20”
  • CVE-2015-1766 Internet Explorer Memory Corruption Vulnerability
    IPS: 2167 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 21”

MS15-057 Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)

  • CVE-2015-1728 Windows Media Player RCE via DataObject Vulnerability
    This is a local vulnerability.

MS15-059 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)

  • CVE-2015-1759 Microsoft Office Memory Corruption Vulnerability
    ASPY: 1021 “Malformed-File doc.MP.21”
  • CVE-2015-1760 Microsoft Office Memory Corruption Vulnerability
    ASPY: 1037 “Malformed-File doc.MP.22”
  • CVE-2015-1770 Microsoft Office Uninitialized Memory Use Vulnerability
    ASPY: 1038 “Malformed-File docx.MP.6”

MS15-060 Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)

  • CVE-2015-1756 Microsoft Common Control Use After Free Vulnerability
    There are no known exploits in the wild.

MS15-061 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)

  • CVE-2015-1719 Microsoft Windows Kernel Information Disclosure Vulnerability
    This is a local vulnerability.
  • CVE-2015-1720 Microsoft Windows Kernel Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1721 Win32k Null Pointer Dereference Vulnerability
    This is a local vulnerability.
  • CVE-2015-1722 Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1723 Microsoft Windows Station Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1724 Microsoft Windows Kernel Object Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1725 Win32k Buffer Overflow Vulnerability
    This is a local vulnerability.
  • CVE-2015-1726 Microsoft Windows Kernel Brush Object Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1727 Win32k Pool Buffer Overflow Vulnerability
    This is a local vulnerability.
  • CVE-2015-1768 Win32k Memory Corruption Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-2360 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.

MS15-062 Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)

  • CVE-2015-1757 ADFS XSS Elevation of Privilege Vulnerability
    IPS: 10892 “Cross-Site Scripting (XSS) Attack 49”

MS15-063 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)

  • CVE-2015-1758 Windows LoadLibrary EoP Vulnerability
    This is a local vulnerability.

MS15-064 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

  • CVE-2015-1764 Exchange Server-Side Request Forgery Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1771 Exchange Cross-Site Request Forgery Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2359 Exchange HTML Injection Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.