Security Alert (A15-07-07): Multiple Vulnerabilities in Microsoft Products (July 2015)


 

Published on: 15 July 2015

  
  

Description:

Microsoft has released 14 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS15-058    Vulnerabilities in SQL Server Could Allow Remote Code Execution
MS15-065    Security Update for Internet Explorer
MS15-066    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
MS15-067    Vulnerability in RDP Could Allow Remote Code Execution
MS15-068    Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution
MS15-069    Vulnerabilities in Windows Could Allow Remote Code Execution
MS15-070    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
MS15-071    Vulnerability in Netlogon Could Allow Elevation of Privilege
MS15-072    Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege
MS15-073    Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
MS15-074    Vulnerability in Windows Installer Service Could Allow Elevation of Privilege
MS15-075    Vulnerabilities in OLE Could Allow Elevation of Privilege
MS15-076    Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege
MS15-077    Vulnerability in ATM Font Driver Could Allow Elevation of Privilege


Affected Systems:

  • Microsoft Internet Explorer 6, 7, 8, 9, 10, 11
  • Microsoft Office 2007, 2010, 2013, 2013 RT, Office for Mac 2011
  • Microsoft Office Compatibility Pack, Excel Viewer, Word Viewer
  • Microsoft SharePoint Server 2007, 2010, 2013
  • Microsoft SQL Server 2008, 2012, 2014
  • Microsoft Windows Server 2003, 2008, 2012
  • Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1

A complete list of the affected products can be found in the section "Affected Software" in the Microsoft security bulletin summary available at:

https://technet.microsoft.com/library/security/ms15-jul


Impact:

Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege or arbitrary code execution.


Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate


More Information:

https://technet.microsoft.com/library/security/ms15-jul
https://technet.microsoft.com/library/security/MS15-058
https://technet.microsoft.com/library/security/MS15-065
https://technet.microsoft.com/library/security/MS15-066
https://technet.microsoft.com/library/security/MS15-067
https://technet.microsoft.com/library/security/MS15-068
https://technet.microsoft.com/library/security/MS15-069
https://technet.microsoft.com/library/security/MS15-070
https://technet.microsoft.com/library/security/MS15-071
https://technet.microsoft.com/library/security/MS15-072
https://technet.microsoft.com/library/security/MS15-073
https://technet.microsoft.com/library/security/MS15-074
https://technet.microsoft.com/library/security/MS15-075
https://technet.microsoft.com/library/security/MS15-076
https://technet.microsoft.com/library/security/MS15-077
https://www.hkcert.org/my_url/en/alert/15071501
https://www.hkcert.org/my_url/en/alert/15071502
https://www.hkcert.org/my_url/en/alert/15071503
https://www.hkcert.org/my_url/en/alert/15071504
https://www.hkcert.org/my_url/en/alert/15071505
https://www.hkcert.org/my_url/en/alert/15071506
https://www.hkcert.org/my_url/en/alert/15071507
https://www.hkcert.org/my_url/en/alert/15071508
https://www.hkcert.org/my_url/en/alert/15071509
https://www.hkcert.org/my_url/en/alert/15071510
https://www.hkcert.org/my_url/en/alert/15071511
https://www.hkcert.org/my_url/en/alert/15071512
https://www.hkcert.org/my_url/en/alert/15071513
https://www.hkcert.org/my_url/en/alert/15071514
https://www.us-cert.gov/ncas/current-activity/2015/07/14/Microsoft-Releases-July-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1761 (to CVE-2015-1763)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361 (to CVE-2015-2385)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387 (to CVE-2015-2391)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2397 (to CVE-2015-2398)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2401 (to CVE-2015-2404)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2410 (to CVE-2015-2417)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2421 (to CVE-2015-2422)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2424 (to CVE-2015-2425)



Tag: Microsoft , Internet Explorer , Windows , Windows Server , Microsoft Office , SharePoint , SQL Server
Tags