Security Alert (A15-04-06): Multiple Vulnerabilities in Microsoft Products


 

Published on: 15 April 2015

  
  

Description:

Microsoft has released 11 security bulletins listed below addressing multiple vulnerabilities which affect several Microsoft products or components:

MS15-032    Cumulative Security Update for Internet Explorer
MS15-033    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
MS15-034    Vulnerability in HTTP.sys Could Allow Remote Code Execution
MS15-035    Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
MS15-036    Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege
MS15-037    Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege
MS15-038    Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege
MS15-039    Vulnerability in XML Core Services Could Allow Security Feature Bypass
MS15-040    Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
MS15-041    Vulnerability in .NET Framework Could Allow Information Disclosure
MS15-042    Vulnerability in Windows Hyper-V Could Allow Denial of Service

 

Affected Systems:

  • Microsoft .NET Framework 1.1, 2.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2
  • Microsoft Internet Explorer 6, 7, 8, 9, 10, 11
  • Microsoft Office 2007, 2010, 2013, 2013 RT, Office for Mac 2011
  • Microsoft Office Compatibility Pack, Word Viewer
  • Microsoft Office Web Apps 2010, 2013
  • Microsoft Outlook for Mac for Office 365
  • Microsoft Project Server 2010, 2013
  • Microsoft SharePoint Server 2010, 2013
  • Microsoft Windows Server 2003, 2008, 2012
  • Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to bypass of security restrictions, elevation of privilege, information disclosure, denial of service or arbitrary code execution.

 

Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

  • Microsoft Update
    http://update.microsoft.com/microsoftupdate

More Information:

https://technet.microsoft.com/library/security/ms15-Apr
https://technet.microsoft.com/library/security/MS15-032
https://technet.microsoft.com/library/security/MS15-033
https://technet.microsoft.com/library/security/MS15-034
https://technet.microsoft.com/library/security/MS15-035
https://technet.microsoft.com/library/security/MS15-036
https://technet.microsoft.com/library/security/MS15-037
https://technet.microsoft.com/library/security/MS15-038
https://technet.microsoft.com/library/security/MS15-039
https://technet.microsoft.com/library/security/MS15-040
https://technet.microsoft.com/library/security/MS15-041
https://technet.microsoft.com/library/security/MS15-042
https://www.hkcert.org/my_url/en/alert/15041501
https://www.hkcert.org/my_url/en/alert/15041502
https://www.hkcert.org/my_url/en/alert/15041503
https://www.hkcert.org/my_url/en/alert/15041504
https://www.hkcert.org/my_url/en/alert/15041505
https://www.hkcert.org/my_url/en/alert/15041506
https://www.hkcert.org/my_url/en/alert/15041507
https://www.hkcert.org/my_url/en/alert/15041508
https://www.hkcert.org/my_url/en/alert/15041509
https://www.hkcert.org/my_url/en/alert/15041510
https://www.hkcert.org/my_url/en/alert/15041511
https://www.us-cert.gov/ncas/current-activity/2015/04/14/Microsoft-Releases-April-2015-Security-Bulletin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1668
 



Tag: Microsoft , Internet Explorer , Windows , Windows Server , Microsoft Office , SharePoint , .NET Framework , Project Server , Outlook
Tags