Security Alert (A15-10-01): Multiple Vulnerabilities in Microsoft Products (October 2015)


 

Published on: 14 October 2015

  
  

Description:

Microsoft has released 6 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS15-106    Cumulative Security Update for Internet Explorer
MS15-107    Cumulative Security Update for Microsoft Edge
MS15-108    Security Update for JScript and VBScript to Address Remote Code Execution
MS15-109    Security Update for Windows Shell to Address Remote Code Execution
MS15-110    Security Updates for Microsoft Office to Address Remote Code Execution
MS15-111    Security Update for Windows Kernel to Address Elevation of Privilege


Affected Systems:

  • Microsoft Edge
  • Microsoft Internet Explorer 7, 8, 9, 10, 11
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, Office for Mac 2011 & 2016
  • Microsoft Office Web Apps 2010, 2013
  • Microsoft SharePoint 2007, 2010, 2013
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
  • Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1, 10

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:

https://technet.microsoft.com/library/security/ms15-oct


Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, elevation of privilege or information disclosure.


Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate
Users should be reminded that Microsoft Windows Server 2003 has reached its End-Of-Support on 14 July 2015. No more security updates are available from the vendor. Users should upgrade or migrate the obsolete Windows Server 2003 to a platform with vendor support and implement compensating security measures before completing the upgrade or migration.

More Information:

https://technet.microsoft.com/en-us/library/security/ms15-oct
https://technet.microsoft.com/library/security/MS15-106
https://technet.microsoft.com/library/security/MS15-107
https://technet.microsoft.com/library/security/MS15-108
https://technet.microsoft.com/library/security/MS15-109
https://technet.microsoft.com/library/security/MS15-110
https://technet.microsoft.com/library/security/MS15-111
https://www.hkcert.org/my_url/en/alert/15101401
https://www.hkcert.org/my_url/en/alert/15101402
https://www.hkcert.org/my_url/en/alert/15101403
https://www.hkcert.org/my_url/en/alert/15101404
https://www.hkcert.org/my_url/en/alert/15101405
https://www.hkcert.org/my_url/en/alert/15101406
https://www.us-cert.gov/ncas/current-activity/2015/10/13/Microsoft-Releases-October-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2548 (to CVE-2015-2550)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2552 (to CVE-2015-2558)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6046 (to CVE-2015-6053)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6055 (to CVE-2015-6059)



Tag: Edge , Internet Explorer , Office , SharePoint , Windows Server , Windows , Microsoft
Tags