Security Alert (A15-08-02): Multiple Vulnerabilities in Microsoft Products (August 2015)

Description:

Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS15-079    Cumulative Security Update for Internet Explorer
MS15-080    Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
MS15-081    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
MS15-082    Vulnerabilities in RDP Could Allow Remote Code Execution
MS15-083    Vulnerability in Server Message Block Could Allow Remote Code Execution
MS15-084    Vulnerabilities in XML Core Services Could Allow Information Disclosure
MS15-085    Vulnerability in Mount Manager Could Allow Elevation of Privilege
MS15-086    Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege
MS15-087    Vulnerability in UDDI Services Could Allow Elevation of Privilege
MS15-088    Unsafe Command Line Parameter Passing Could Allow Information Disclosure
MS15-089    Vulnerability in WebDAV Could Allow Information Disclosure
MS15-090    Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege
MS15-091    Cumulative Security Update for Microsoft Edge
MS15-092    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

Affected Systems:

• Microsoft .NET Framework 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6
• Microsoft BizTalk Server 2010, 2013, 2013 R2
• Microsoft Edge
• Microsoft Internet Explorer 7, 8, 9, 10, 11
• Microsoft Live Meeting 2007
• Microsoft Lync 2010, 2013
• Microsoft Office 2007, 2010, 2013, 2013 RT, Office for Mac 2011 & 2016
• Microsoft Office Compatibility Pack, InfoPath 2007, Word Viewer
• Microsoft Office Web Apps 2010, 2013
• Microsoft SharePoint Server 2010, 2013
• Microsoft Silverlight 5
• Microsoft System Center 2012 Operations Manager R2
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2
• Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1, 10

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:

https://technet.microsoft.com/library/security/ms15-aug

Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, elevation of privilege or information disclosure.

Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

• Microsoft Update
  http://update.microsoft.com/microsoftupdate

More Information:

https://technet.microsoft.com/library/security/ms15-aug
https://technet.microsoft.com/library/security/MS15-079 (to MS15-092)
https://www.hkcert.org/my_url/en/alert/15081202 (to 15081214)
https://www.us-cert.gov/ncas/current-activity/2015/08/11/Microsoft-Releases-August-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428 (to CVE-2015-2435)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440 (to CVE-2015-2456)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458 (to CVE-2015-2477)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2479 (to CVE-2015-2481)