Security Alert (A15-09-02): Multiple Vulnerabilities in Microsoft Products (September 2015)


 

Published on: 09 September 2015

  
  

Description:

Microsoft has released 12 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:


MS15-094    Cumulative Security Update for Internet Explorer
MS15-095    Cumulative Security Update for Microsoft Edge
MS15-096    Vulnerability in Active Directory Service Could Allow Denial of Service
MS15-097    Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
MS15-098    Vulnerabilities in Windows Journal Could Allow Remote Code Execution
MS15-099    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
MS15-100    Vulnerability in Windows Media Center Could Allow Remote Code Execution
MS15-101    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
MS15-102    Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege
MS15-103    Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure
MS15-104    Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege
MS15-105    Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass


Affected Systems:

  • Microsoft Edge
  • Microsoft Exchange Server 2013
  • Microsoft Internet Explorer 7, 8, 9, 10, 11
  • Microsoft Live Meeting 2007 Console
  • Microsoft Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013
  • Microsoft Office 2007, 2010, 2013, 2013 RT, Office for Mac 2011 & 2016
  • Microsoft Office Compatibility Pack, Excel Viewer
  • Microsoft SharePoint Foundation 2013
  • Microsoft Skype for Business Server 2015
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
  • Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1, 10

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:

https://technet.microsoft.com/library/security/ms15-sep

 


Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, elevation of privilege, bypass of security restrictions or information disclosure.


Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate
Users should be reminded that Microsoft Windows Server 2003 has reached its End-Of-Support on 14 July 2015. No more security updates are available from the vendor. Users should upgrade or migrate the obsolete Windows Server 2003 to a platform with vendor support and implement compensating security measures before completing the upgrade or migration.

More Information:

https://technet.microsoft.com/en-us/library/security/ms15-sep
https://technet.microsoft.com/library/security/MS15-094 (to MS15-105)
https://www.hkcert.org/my_url/en/alert/15090901 (to 15090912)
https://www.us-cert.gov/ncas/current-activity/2015/09/08/Microsoft-Releases-September-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2483 (to CVE-2015-2487)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2489 (to CVE-2015-2494)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2498 (to CVE-2015-2501)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2504 (to CVE-2015-2514)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2516 (to CVE-2015-2532)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2534 (to CVE-2015-2536)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2541 (to CVE-2015-2546)



Tag: Microsoft , Internet Explorer , Edge , Windows Server , Microsoft Office , SharePoint , Lync , Live Meeting , Skype , Exchange Server , Windows
Tags