Microsoft Security Bulletin Coverage (Feb 10, 2015)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of February, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:
MS15-009 Security Update for Internet Explorer (3034682)
- CVE-2014-8967 Internet Explorer Memory Corruption Vulnerability
IPS: 6108 “Internet Explorer HTML Use-After-Free 6” - CVE-2015-0017 Internet Explorer Memory Corruption Vulnerability
IPS: 3480 “DOM Object Use-After-Free Attack 3a” - CVE-2015-0018 Internet Explorer Memory Corruption Vulnerability
IPS: 6329 “Microsoft Internet Explorer HTML Use After Free 6” - CVE-2015-0019 Internet Explorer Memory Corruption Vulnerability
IPS: 6331 “Microsoft Internet Explorer Use After Free 2” - CVE-2015-0020 Internet Explorer Memory Corruption Vulnerability
IPS: 6333 “Microsoft Internet Explorer Use After Free 3” - CVE-2015-0021 Internet Explorer Memory Corruption Vulnerability
IPS: 6340 “Microsoft Internet Explorer Use After Free 4” - CVE-2015-0022 Internet Explorer Memory Corruption Vulnerability
IPS: 9961 “Microsoft Internet Explorer Use After Free 10” - CVE-2015-0023 Internet Explorer Memory Corruption Vulnerability
IPS: 9961 “HTTP Client Shellcode Exploit 15” - CVE-2015-0025 Internet Explorer Memory Corruption Vulnerability
IPS: 6344 “Microsoft Internet Explorer Use After Free 6” - CVE-2015-0026 Internet Explorer Memory Corruption Vulnerability
IPS: 6346 “Microsoft Internet Explorer HTML Use After Free 7” - CVE-2015-0027 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-0028 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-0029 Internet Explorer Memory Corruption Vulnerability
IPS: 7645 “HTTP Client Shellcode Exploit 11c” - CVE-2015-0030 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-0031 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-0035 Internet Explorer Memory Corruption Vulnerability
IPS: 9836 “Microsoft Internet Explorer Use After Free 9” - CVE-2015-0036 Internet Explorer Memory Corruption Vulnerability
IPS: 6347 “Microsoft Internet Explorer Out of Bound index array (MS15-009)” - CVE-2015-0037 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-0038 Internet Explorer Memory Corruption Vulnerability
IPS: 9944 “Microsoft Internet Explorer HTML Use After Free 10” - CVE-2015-0039 Internet Explorer Memory Corruption Vulnerability
IPS: 6350 “Microsoft Internet Explorer HTML Use After Free 8” - CVE-2015-0040 Internet Explorer Memory Corruption Vulnerability
IPS: 6351 “Microsoft Internet Explorer Use After Free 7” - CVE-2015-0041 Internet Explorer Memory Corruption Vulnerability
IPS: 5097 “Microsoft Internet Explorer Use After Free 8” - CVE-2015-0042 Internet Explorer Memory Corruption Vulnerability
IPS: 6320 “Microsoft Internet Explorer HTML Use After Free 9” - CVE-2015-0043 Internet Explorer Memory Corruption Vulnerability
IPS: 10726 “Microsoft Internet Explorer Use After Free 11”
IPS: 10727 “Microsoft Internet Explorer Use After Free 12” - CVE-2015-0044 Internet Explorer Memory Corruption Vulnerability
IPS: 10728 “Microsoft Internet Explorer Remote Code Execution 4” - CVE-2015-0045 Internet Explorer Memory Corruption Vulnerability
IPS: 10729 “Microsoft Internet Explorer Use After Free 14” - CVE-2015-0046 Internet Explorer Memory Corruption Vulnerability
IPS: 10730 “Microsoft Internet Explorer Remote Code Execution 3” - CVE-2015-0048 Internet Explorer Memory Corruption Vulnerability
IPS: 10731 “Microsoft Internet Explorer Use After Free 16” - CVE-2015-0049 Internet Explorer Memory Corruption Vulnerability
IPS: 10732 “Microsoft Internet Explorer Use After Free 17” - CVE-2015-0050 Internet Explorer Memory Corruption Vulnerability
IPS: 3310 “HTTP Client Shellcode Exploit 82” - CVE-2015-0051 Internet Explorer ASLR Bypass Vulnerability
IPS: 10733 “Microsoft Internet Explorer Memory Access” - CVE-2015-0052 Internet Explorer Memory Corruption Vulnerability
IPS: 10734 “Microsoft Internet Explorer Remote Code Execution 2” - CVE-2015-0053 Internet Explorer Memory Corruption Vulnerability
IPS: 2067 “Microsoft Internet Explorer 7 Uninitialized Pointer (MS15-009)” - CVE-2015-0054 Internet Explorer Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-0055 Internet Explorer Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-0066 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-0067 Internet Explorer Memory Corruption Vulnerability
IPS: 9948 “Microsoft Internet Explorer Uninitialized Pointer (MS15-009)” - CVE-2015-0068 Internet Explorer Memory Corruption Vulnerability
IPS: 9926 “Microsoft Internet Explorer Remote Code Execution (MS15-009)” - CVE-2015-0069 Internet Explorer ASLR Bypass Vulnerability
IPS: 9988 “HP Data Protector Remote Code Execution” - CVE-2015-0070 Internet Explorer Cross-domain Information Disclosure Vulnerability
IPS: 9925 “Microsoft Internet Explorer Information Disclosure (MS15-009)” - CVE-2015-0071 Internet Explorer ASLR Bypass Vulnerability
IPS: 9949 “Internet Explorer Memory Corruption Vulnerability (MS13-047) 12”
MS15-010 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
- CVE-2015-0003 Win32k Elevation of Privilege Vulnerability
This is a local vulnerability. - CVE-2015-0010 CNG Security Feature Bypass Vulnerability
There are no known exploits in the wild. - CVE-2015-0057 Win32k Elevation of Privilege Vulnerability
This is a local vulnerability. - CVE-2015-0058 Windows Cursor Object Double Free Vulnerability
This is a local vulnerability. - CVE-2015-0059 TrueType Font Parsing Remote Code Execution Vulnerability
There are no known exploits in the wild. - CVE-2015-0060 Windows Font Driver Denial of Service Vulnerability
There are no known exploits in the wild.
MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
- CVE-2015-0008 Group Policy Remote Code Execution Vulnerability
IPS: 10735 “Group Policy Remote Code Execution Vulnerability”
MS15-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
- CVE-2015-0063 Excel Remote Code Execution Vulnerability
There are no known exploits in the wild. - CVE-2015-0064 Office Remote Code Execution Vulnerability
There are no known exploits in the wild. - CVE-2015-0065 OneTableDocumentStream Remote Code Execution Vulnerability
There are no known exploits in the wild.
MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
- CVE-2014-6362 Microsoft Office Component Use After Free Vulnerability
There are no known exploits in the wild.
MS15-014 Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
- CVE-2015-0009 Group Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
- CVE-2015-0062 Windows Create Process Elevation of Privilege Vulnerability
This is a local vulnerability.
MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
- CVE-2015-0061 TIFF Processing Information Disclosure Vulnerability
There are no known exploits in the wild.
MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
- CVE-2015-0012 Virtual Machine Manager Elevation of Privilege Vulnerability
This is a local vulnerability.