Microsoft Security Bulletin Coverage (August 11, 2015)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:
MS15-079 Cumulative Security Update fro Internet Explorer
- CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
This is a local vulnerability. - CVE-2015-2441 Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-2442 Memory Corruption Vulnerability
IPS: 11076 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 1” - CVE-2015-2443 Memory Corruption Vulnerability
IPS: 11077 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 2” - CVE-2015-2444 Memory Corruption Vulnerability
IPS: 11078 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 3” - CVE-2015-2445 ASLR Bypass
There are no known exploits in the wild. - CVE-2015-2446 Memory Corruption Vulnerability
IPS: 11079 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 4” - CVE-2015-2447 Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-2448 Memory Corruption Vulnerability
IPS: 11080 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 5” - CVE-2015-2449 ASLR Bypass
There are no known exploits in the wild. - CVE-2015-2450 Memory Corruption Vulnerability
IPS: 11081 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 6” - CVE-2015-2451 Memory Corruption Vulnerability
IPS: 11083 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 8” - CVE-2015-2452 Memory Corruption Vulnerability
IPS: 11082 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 7”
MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
- CVE-2015-2431 Microsoft Office Graphics Component Remote Code Execution Vulnerability
SPY: 4276 “Malformed-File doc.MP.30” - CVE-2015-2432 OpenType Font Parsing Vulnerability
SPY: 3148 “Malformed-File otf.MP.12” - CVE-2015-2433 Kernel ASLR Bypass Vulnerability
There are no known exploits in the wild. - CVE-2015-2435 TrueType Font Parsing Vulnerability
SPY: 4232 “Malformed-File ttf.MP.4” - CVE-2015-2453 Windows CSRSS Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-2454 Windows KMD Security Feature Bypass Vulnerability
There are no known exploits in the wild. - CVE-2015-2455 TrueType Font Parsing Vulnerability
SPY: 4209 “Malformed-File ttf.MP.3” - CVE-2015-2456 TrueType Font Parsing Vulnerability
SPY: 3149 ” Malformed-File otf.MP.13 “ - CVE-2015-2458 OpenType Font Parsing Vulnerability
SPY: 3150 ” Malformed-File otf.MP.14 “ - CVE-2015-2459 OpenType Font Parsing Vulnerability
SPY: 3151 ” Malformed-File otf.MP.15 “ - CVE-2015-2460 OpenType Font Parsing Vulnerability
SPY: 3152 ” Malformed-File otf.MP.16 “ - CVE-2015-2461 OpenType Font Parsing Vulnerability
SPY: 3153 ” Malformed-File otf.MP.17 “ - CVE-2015-2462 OpenType Font Parsing Vulnerability
SPY: 3157 ” Malformed-File otf.MP.20 “ - CVE-2015-2463 TrueType Font Parsing Vulnerability
SPY: 3155 ” Malformed-File otf.MP.18 “ - CVE-2015-2464 TrueType Font Parsing Vulnerability
SPY: 3156 ” Malformed-File otf.MP.19 “ - CVE-2015-2465 Windows Shell Security Feature Bypass Vulnerability
There are no known exploits in the wild.
MS15-081 Vulnerability in Microsoft Office Could Allow Remote Code Execution
- CVE-2015-1642 Microsoft Office Memory Corruption Vulnerability
SPY: 4366 “Malformed-File docx.MP.5” - CVE-2015-24
23 Unsafe Command Line Parameter Passing Vulnerability
There are no known exploits in the wild. - CVE-2015-2466 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild. - CVE-2015-2467 Microsoft Office Memory Corruption Vulnerability
SPY: 3159 “Malformed-File doc.MP.25” - CVE-2015-2468 Microsoft Office Memory Corruption Vulnerability
SPY: 3160 “Malformed-File doc.MP.26” - CVE-2015-2469 Microsoft Office Memory Corruption Vulnerability
SPY: 3365 “Malformed-File doc.MP.27” - CVE-2015-2470 Microsoft Office Integer Underflow Vulnerability
SPY: 4193 ” Malformed-File doc.MP.28″ - CVE-2015-2477 Microsoft Office Memory Corruption Vulnerability
SPY: 4195 “Malformed-File doc.MP.29”
MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution
- CVE-2015-2472 Remote Desktop Session Host Spoofing Vulnerability
There are no known exploits in the wild. - CVE-2015-2473 Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability
There are no known exploits in the wild.
MS15-083 Vulnerabilities in Server Message Block Could Allow Remote Code Execution
- CVE-2015-2474 Server Message Block Memory Corruption Vulnerability
There are no known exploits in the wild.
MS15-084 Vulnerability in XML Core Services Could Allow Elevation of Privilege
- CVE-2015-2434 MSXML Information Disclosure Vulnerability
IPS: 5770 “Downgraded TLS Traffic”
- CVE-2015-2440 MSXML Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2015-2471 MSXML Information Disclosure Vulnerability
IPS: 5770 “Downgraded TLS Traffic”
MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege
- CVE-2015-1769 Mount Manager Elevation of Privilege Vulnerability
This is a local vulnerability.
MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege
- CVE-2015-2420 System Center Operations Manager Web Console XSS Vulnerability
There are no known exploits in the wild.
MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege
- CVE-2015-2475 UDDI Services Could Allow Elevation of Privilege Vulnerability
There are no known exploits in the wild.
MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure
- CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
This is a local vulnerability.
MS15-089 Vulnerabilities in WebDAV Could Allow Information Disclosure
- CVE-2015-2476 WebDAV Client Information Disclosure Vulnerability
IPS: 5770 “Downgraded TLS Traffic”
MS15-090 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege
- CVE-2015-2428 Windows Object Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-2429 Windows Registry Elevation of Privilege Vulnerability
This is a local vulnerability. - CVE-2015-2430 Windows Filesystem Elevation of Privilege Vulnerability
There are no known exploits in the wild.
MS15-091 Cumulative Security Update for Microsoft Edge
- CVE-2015-2441 Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-2442 Memory Corruption Vulnerability
IPS: 11076 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 1” - CVE-2015-2446 Memory Corruption Vulnerability
IPS: 11079 “Internet Explorer Memory Corruption Vulnerability (MS15-079) 4” - CVE-2015-2449 ASLR Bypass
There are no known exploits in the wild.
MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
- CVE-2015-2479 RyuJIT Optimiza
tion Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-2480 RyuJIT Optimization Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-2481 RyuJIT Optimization Elevation of Privilege Vulnerability
There are no known exploits in the wild.