July 2015 Microsoft Patch Tuesday
Overview of the July 2015 Microsoft patches and their status.
| # | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
|---|---|---|---|---|---|---|
| clients | servers | |||||
| MS15-058 | Remote Code Execution Vulnerabilities in SQL Server (This bulletin was supposed to be part of the June 2015 patch Tuesday, but got delayed until today) |
|||||
| SQL Server CVE-2015-1761 CVE-2015-1762 CVE-2015-1763 |
KB 3065718 | no. | Severity:Important Exploitability: 2 |
N/A | Important | |
| MS15-065 | Internet Explorer Rollup Patch (Replaces MS15-056 ) | |||||
| Internet Explorer CVE-2015-1729 CVE-2015-1733 CVE-2015-1738 CVE-2015-1767 CVE-2015-2372 CVE-2015-2383 CVE-2015-2384 CVE-2015-2385 CVE-2015-2388 CVE-2015-2389 CVE-2015-2390 CVE-2015-2391 CVE-2015-2397 CVE-2015-2398 CVE-2015-2401 CVE-2015-2403 CVE-2015-2404 CVE-2015-2405 CVE-2015-2406 CVE-2015-2408 CVE-2015-2410 CVE-2015-2411 CVE-2015-2412 CVE-2015-2413 CVE-2015-2414 CVE-2015-2419 CVE-2015-2421 CVE-2015-2422 CVE-2015-2425 |
KB 3076321 | CVE-2015-2398 has been publicly disclosed.. | Severity:Critical Exploitability: 0 |
Critical | Important | |
| MS15-066 | Remote Code Execution Vulnerability in VBScript Scripting Engine (Replaces MS15-019 ) | |||||
| VBScript CVE-2015-2372 |
KB 3072604 | no. | Severity:Critical Exploitability: 1 |
Critical | Important | |
| MS15-067 | Remote Code Execution Vulnerability in RDP (Replaces MS15-030 ) | |||||
| RDP CVE-2015-2373 |
KB 3073094 | no. | Severity:Critical Exploitability: 3 |
Critical | Critical | |
| MS15-068 | Remote Code Execution Vulnerabilities in Hyper-V | |||||
| Hyper-V CVE-2015-2361 CVE-2015-2362 |
KB 3072000 | no. | Severity:Critical Exploitability: 2 |
N/A | Critical | |
| MS15-069 | Remote Code Execution Vulnerabilities in Windows | |||||
| Windows and Windows Media Device Manager CVE-2015-2368 CVE-2015-2369 |
KB 3072631 | unauthorized DLL loading is an ongoing issue. | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-070 | Remote Code Execution Vulnerabilities in Office (Replaces MS13-084 MS15-022 MS15-033 MS15-046 ) | |||||
| Microsoft Office (including Mac and Sharepoint) CVE-2015-2376 CVE-2015-2377 CVE-2015-2379 CVE-2015-2380 CVE-2015-2415 CVE-2015-2424 CVE-2015-2375 CVE-2015-2378 |
KB 3072620 | CVE-2015-2424 has been used in exploits.. | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-071 | Spoofing Vulnerability in Netlogon (Replaces MS15-027 ) | |||||
| Netlogon CVE-2015-2374 |
KB 3068457 | no. | Severity:Important Exploitability: 3 |
Important | Important | |
| MS15-072 | Elevation of Privilege Vulnerability in Windows Graphics Component (Replaces MS15-035 ) | |||||
| Windows Graphics component CVE-2015-2364 |
KB 3069392 | no. | Severity:Important Exploitability: 1 |
Important | Important | |
| MS15-073 | Elevation of Privilege Vulnerability in Kernel Mode Drivers (Replaces MS15-061 ) | |||||
| Kernel Mode Drivers CVE-2015-2363 CVE-2015-2365 CVE-2015-2366 CVE-2015-2367 CVE-2015-2381 CVE-2015-2382 |
KB 3070102 | no. | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-074 | Elevation of Privilege Vulnerability in Windows Installer Service (Replaces MS49-049 ) | |||||
| Windows Installer Service CVE-2015-2371 |
KB 3072630 | no. | Severity:Important Exploitability: 1 |
Important | Important | |
| MS15-075 | Elevation of Privilege Vulnerability in OLE (Replaces MS13-070 ) | |||||
| OLE CVE-2015-2416 CVE-2015-2417 |
KB 3072633 | no. | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-076 | Elevation of Privilege in Windows RPC (Replaces MS15-055 ) | |||||
| Windows RPC CVE-2015-2370 |
KB 3067505 | no. | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-077 | Elevationof Privilege Vulnerability in ATM Font Driver (Replaces MS15-021 ) | |||||
| ATM Font Driver (ATMFD.DLL) CVE-2015-2387 |
KB 3077657 | Exploits Detected. | Severity:Important Exploitability: 0 |
Important | Important | |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Important patches for servers that do not use outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threats.
Adobe Updates Flash Player, Shockwave and PDF Reader
In a warm up to patch Tuesday, it looks like we have a new version for Adobe Flash Player, Shockwave Player and PDF Reader. Given that some of the exploits against the vulnerabilities patched are public, you may want to expedite patching and review your Flash Player and browser configuration.
the latest (patched) versions are (thanks Dave!):
- Flash Player 18.0.0.209
- Flash Player EST 13.0.0.305
- Reader 10.1.15
- Reader 11.0.12
- Shockwave Player 12.1.9.159
Bulletins:
https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://helpx.adobe.com/security/products/reader/apsb15-15.html
You can get the latest version here: https://get.adobe.com/flashplayer/
Also note that many browsers now allow you to disable Flash by default. You can re-enable it for sites that require Flash. Here is a nice page that will explain how to have your browser ask for permission before running plugins:
http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/
ISC StormCast for Tuesday, July 14th 2015 http://isc.sans.edu/podcastdetail.html?id=4567
×
![modal content]()
Diary Archives
Comments