Posts

Microsoft Security Bulletin Coverage (Feb 10, 2015)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of February, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-009 Security Update for Internet Explorer (3034682)

  • CVE-2014-8967 Internet Explorer Memory Corruption Vulnerability
    IPS: 6108 “Internet Explorer HTML Use-After-Free 6”
  • CVE-2015-0017 Internet Explorer Memory Corruption Vulnerability
    IPS: 3480 “DOM Object Use-After-Free Attack 3a”
  • CVE-2015-0018 Internet Explorer Memory Corruption Vulnerability
    IPS: 6329 “Microsoft Internet Explorer HTML Use After Free 6”
  • CVE-2015-0019 Internet Explorer Memory Corruption Vulnerability
    IPS: 6331 “Microsoft Internet Explorer Use After Free 2”
  • CVE-2015-0020 Internet Explorer Memory Corruption Vulnerability
    IPS: 6333 “Microsoft Internet Explorer Use After Free 3”
  • CVE-2015-0021 Internet Explorer Memory Corruption Vulnerability
    IPS: 6340 “Microsoft Internet Explorer Use After Free 4”
  • CVE-2015-0022 Internet Explorer Memory Corruption Vulnerability
    IPS: 9961 “Microsoft Internet Explorer Use After Free 10”
  • CVE-2015-0023 Internet Explorer Memory Corruption Vulnerability
    IPS: 9961 “HTTP Client Shellcode Exploit 15”
  • CVE-2015-0025 Internet Explorer Memory Corruption Vulnerability
    IPS: 6344 “Microsoft Internet Explorer Use After Free 6”
  • CVE-2015-0026 Internet Explorer Memory Corruption Vulnerability
    IPS: 6346 “Microsoft Internet Explorer HTML Use After Free 7”
  • CVE-2015-0027 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0028 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0029 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 11c”
  • CVE-2015-0030 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0031 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0035 Internet Explorer Memory Corruption Vulnerability
    IPS: 9836 “Microsoft Internet Explorer Use After Free 9”
  • CVE-2015-0036 Internet Explorer Memory Corruption Vulnerability
    IPS: 6347 “Microsoft Internet Explorer Out of Bound index array (MS15-009)”
  • CVE-2015-0037 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0038 Internet Explorer Memory Corruption Vulnerability
    IPS: 9944 “Microsoft Internet Explorer HTML Use After Free 10”
  • CVE-2015-0039 Internet Explorer Memory Corruption Vulnerability
    IPS: 6350 “Microsoft Internet Explorer HTML Use After Free 8”
  • CVE-2015-0040 Internet Explorer Memory Corruption Vulnerability
    IPS: 6351 “Microsoft Internet Explorer Use After Free 7”
  • CVE-2015-0041 Internet Explorer Memory Corruption Vulnerability
    IPS: 5097 “Microsoft Internet Explorer Use After Free 8”
  • CVE-2015-0042 Internet Explorer Memory Corruption Vulnerability
    IPS: 6320 “Microsoft Internet Explorer HTML Use After Free 9”
  • CVE-2015-0043 Internet Explorer Memory Corruption Vulnerability
    IPS: 10726 “Microsoft Internet Explorer Use After Free 11”
    IPS: 10727 “Microsoft Internet Explorer Use After Free 12”
  • CVE-2015-0044 Internet Explorer Memory Corruption Vulnerability
    IPS: 10728 “Microsoft Internet Explorer Remote Code Execution 4”
  • CVE-2015-0045 Internet Explorer Memory Corruption Vulnerability
    IPS: 10729 “Microsoft Internet Explorer Use After Free 14”
  • CVE-2015-0046 Internet Explorer Memory Corruption Vulnerability
    IPS: 10730 “Microsoft Internet Explorer Remote Code Execution 3”
  • CVE-2015-0048 Internet Explorer Memory Corruption Vulnerability
    IPS: 10731 “Microsoft Internet Explorer Use After Free 16”
  • CVE-2015-0049 Internet Explorer Memory Corruption Vulnerability
    IPS: 10732 “Microsoft Internet Explorer Use After Free 17”
  • CVE-2015-0050 Internet Explorer Memory Corruption Vulnerability
    IPS: 3310 “HTTP Client Shellcode Exploit 82”
  • CVE-2015-0051 Internet Explorer ASLR Bypass Vulnerability
    IPS: 10733 “Microsoft Internet Explorer Memory Access”
  • CVE-2015-0052 Internet Explorer Memory Corruption Vulnerability
    IPS: 10734 “Microsoft Internet Explorer Remote Code Execution 2”
  • CVE-2015-0053 Internet Explorer Memory Corruption Vulnerability
    IPS: 2067 “Microsoft Internet Explorer 7 Uninitialized Pointer (MS15-009)”
  • CVE-2015-0054 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0055 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0066 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0067 Internet Explorer Memory Corruption Vulnerability
    IPS: 9948 “Microsoft Internet Explorer Uninitialized Pointer (MS15-009)”
  • CVE-2015-0068 Internet Explorer Memory Corruption Vulnerability
    IPS: 9926 “Microsoft Internet Explorer Remote Code Execution (MS15-009)”
  • CVE-2015-0069 Internet Explorer ASLR Bypass Vulnerability
    IPS: 9988 “HP Data Protector Remote Code Execution”
  • CVE-2015-0070 Internet Explorer Cross-domain Information Disclosure Vulnerability
    IPS: 9925 “Microsoft Internet Explorer Information Disclosure (MS15-009)”
  • CVE-2015-0071 Internet Explorer ASLR Bypass Vulnerability
    IPS: 9949 “Internet Explorer Memory Corruption Vulnerability (MS13-047) 12”

MS15-010 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)

  • CVE-2015-0003 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0010 CNG Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0057 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-0058 Windows Cursor Object Double Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-0059 TrueType Font Parsing Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0060 Windows Font Driver Denial of Service Vulnerability
    There are no known exploits in the wild.

MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)

  • CVE-2015-0008 Group Policy Remote Code Execution Vulnerability
    IPS: 10735 “Group Policy Remote Code Execution Vulnerability”

MS15-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)

  • CVE-2015-0063 Excel Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0064 Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-0065 OneTableDocumentStream Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)

  • CVE-2014-6362 Microsoft Office Component Use After Free Vulnerability
    There are no known exploits in the wild.

MS15-014 Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)

  • CVE-2015-0009 Group Policy Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)

  • CVE-2015-0062 Windows Create Process Elevation of Privilege Vulnerability
    This is a local vulnerability.

MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)

  • CVE-2015-0061 TIFF Processing Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)

  • CVE-2015-0012 Virtual Machine Manager Elevation of Privilege Vulnerability
    This is a local vulnerability.