Posts

Microsoft Security Bulletin Coverage (November 10, 2015)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November 10, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-112 Cumulative Security Update for Internet Explorer

  • CVE-2015-2427 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6064 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11260 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 5”
  • CVE-2015-6065 Internet Explorer Memory Corruption Vulnerability
    IPS: 6041 “IInternet Explorer Memory Corruption Vulnerability (MS10-071) 1”
  • CVE-2015-6066 Internet Explorer Memory Corruption Vulnerability
    IPS: 11261 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 6”
  • CVE-2015-6068 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6069 Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6070 Internet Explorer Memory Corruption Vulnerability
    IPS: 11262 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 7”
  • CVE-2015-6071 Internet Explorer Memory Corruption Vulnerability
    IPS: 11263 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 8”
  • CVE-2015-6072 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6073 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6074 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6075 Internet Explorer Memory Corruption Vulnerability
    IPS: 11264 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 9”
  • CVE-2015-6076 Internet Explorer Memory Corruption Vulnerability
    IPS: 11265 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 10”
  • CVE-2015-6077 Internet Explorer Memory Corruption Vulnerability
    IPS: 6395 “Client Application Shellcode Exploit 23”
  • CVE-2015-6078 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11266 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 11”
  • CVE-2015-6079 Internet Explorer Memory Corruption Vulnerability
    IPS: 11267 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 12”
  • CVE-2015-6080 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6081 Internet Explorer Memory Corruption Vulnerability
    IPS: 11243 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 1”
  • CVE-2015-6082 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6084 Internet Explorer Memory Corruption Vulnerability
    IPS: 11244 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 2”
  • CVE-2015-6085 Internet Explorer Memory Corruption Vulnerability
    IPS: 11245 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 3”
  • CVE-2015-6086 Internet Explorer Information Disclosure Vulnerability
    IPS: 11256 “Internet Explorer Information Disclosure Vulnerability (MS15-112) 1”
  • CVE-2015-6087 Internet Explorer Memory Corruption Vulnerability
    IPS: 11255 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 4”
  • CVE-2015-6088 Microsoft Browser ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2015-6089 Scripting Engine Memory Corruption Vulnerability
    IPS: 11257 “Scripting Engine Memory Corruption Vulnerability (MS15-112) 1”

MS15-113 Cumulative Security Update for Microsoft Edge

  • CVE-2015-6064 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11260 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 5”
  • CVE-2015-6073 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6078 Microsoft Browser Memory Corruption Vulnerabi
    lity
    IPS: 11266 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 11”
  • CVE-2015-6088 Microsoft Browser ASLR Bypass
    There are no known exploits in the wild.

MS15-114 Security Update for Windows Journal to Address Remote Code Execution

  • CVE-2015-6097 Windows Journal Heap Overflow Vulnerability
    SPY: 3215 “Malformed-File jnt.MP.8”

MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution

  • CVE-2015-6100 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6101 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6102 Windows Kernel Memory Information Disclosure Vulnerability
    This is a local Vulnerability
  • CVE-2015-6103 Windows Graphics Memory Remote Code Execution Vulnerability
    IPS: 3218 “HP Data Protector Remote Code Execution 3”
  • CVE-2015-6104 Windows Graphics Memory Remote Code Execution Vulnerability
    IPS: 3219 “Active WebCam — Remote Camera Request”
  • CVE-2015-6109 Windows Kernel Memory Information Disclosure Vulnerability
    This is a local Vulnerability
  • CVE-2015-6113 Windows Kernel Security Feature Bypass Vulnerability
    This is a local Vulnerability

MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution

  • CVE-2015-2503 Microsoft Office Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6038 Microsoft Office Memory Corruption Vulnerability
    IPS: 11258 “Malformed Excel Document 1”
  • CVE-2015-6091 Microsoft Office Memory Corruption Vulnerability
    SPY: 3213 “Malformed-File doc.MP.31”
  • CVE-2015-6092 Microsoft Office Memory Corruption Vulnerability
    SPY: 3214 “Malformed-File doc.MP.32”
  • CVE-2015-6093 Microsoft Office Memory Corruption Vulnerability
    SPY: 3216 “Malformed-File docx.MP.8”
  • CVE-2015-6094 Microsoft Office Memory Corruption Vulnerability
    SPY: 3217 “Malformed-File xlsb.MP.1”

MS15-117 Security Update for NDIS to Address Elevation of Privilege

  • CVE-2015-6098 Windows Kernel Memory Corruption Vulnerability
    This is a local Vulnerability

MS15-118 Security Update for .NET Framework to Address Elevation of Privilege

  • CVE-2015-6096 .NET Information Disclosure Vulnerability
    GAV “Malformed.svg.MP.1”
  • CVE-2015-6099 .NET Elevation of Privilege Vulnerability
    IPS “Cross-Site Scripting (XSS) Attack signatures”
  • CVE-2015-6115 .NET ASLR Bypass
    This is a local Vulnerability

MS15-119 Security Update for Winsock to Address Elevation of Privilege

  • CVE-2015-2478 Winsock Elevation of Privilege Vulnerability
    This is a local Vulnerability

MS15-120 Security Update for IPSec to Address Denial of Service

  • CVE-2015-6111 Windows IPSec Denial of Service Vulnerability
    There are no known exploits in the wild.

MS15-121 Security Update for Schannel to Address Spoofing

  • CVE-2015-6112 Schannel TLS Triple Handshake Vulnerability
    There are no known exploits in the wild.

MS15-122 Security Update for Kerberos to Address Security Feature Bypass

  • CVE-2015-6095 Windows Kerberos Security Feature Bypass
    There are no known exploits in the wild.

MS15-123 Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure

  • CVE-2015-6061 Server Input Validation Security Feature Bypass Vulnerability
    There are no known exploits in the wild.