Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Patch Tuesday (a.k.a. Update Tuesday) is an unofficial term used to refer to when Microsoft
regularly releases security patches for its software products. It is widely referred to in this way by the
industry. Microsoft formalized Patch Tuesday in October 2003. The Microsoft security bulletin for
month of Sep 15 was published on September 8, 2015. This bulletin summary lists security bulletins
1.
Number
Critical
Important
3.
The bulletins are classified according to their vulnerability impact. The following table
summarizes the security bulletins for this month in order of Vulnerability impact.
Vulnerability Impact
Number
Denial of Service
Elevation of Privilege
Information Disclosure
4.
Rating
Critical
Definition
A vulnerability whose exploitation could allow code execution without user interaction.
These scenarios include self-propagating malware (e.g. network worms), or unavoidable
common use scenarios where code execution occurs without warnings or prompts. This
could mean browsing to a web page or opening email.
Microsoft recommends that customers apply Critical updates immediately.
5.
Each security bulletin covers number of vulnerabilties in one or diffrent system across
platforms. The following table provides an exploitability assessment of each of the vulnerabilities
addressed this month.
MS15-094
Cumulative Security
Update for Internet
Explorer
The most severe of the vulnerabilities could allow remote code execution if a user views a specially
crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities
could gain the same user rights as the current user.
Software Affected Rating
Critical to Moderate
Versions of IE on affected Windows
servers.
17
MS15-095
Cumulative Security
Update for Microsoft
Edge
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities
could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Software Affected Rating
Critical
Microsoft Edge on Windows clients
04
MS15-096
Vulnerability in Active
Directory Service
The most severe of the vulnerabilities could allow remote code execution if a user views a specially
crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities
could gain the same user rights as the current user.
Software Affected Rating
Important
Win Server 2008 R2, 2012, 2012 R2
MS15-097
Vulnerabilities in
Microsoft Graphics
Component
The most severe of the vulnerabilities could allow remote code execution if a user views a specially
crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities
could gain the same user rights as the current user.
Software Affected Rating
Critical to Important
All editions of Windows , Server 2008,
Lync 2013, Lync 2010, Live Meeting 2007
11
Vulnerabilities in
Windows Journal
This security update is rated Critical for all supported releases of Windows excluding Itanium
editions, which are not affected.The security update addresses the vulnerabilities by modifying how
Windows Journal parses Journal files.
Software Affected Rating
Critical
Windows excluding Itanium editions
MS15-099
Vulnerabilities in
Microsoft Office
The security update addresses the vulnerabilities by correcting how Microsoft Office handles files in
memory and by modifying how SharePoint validates web requests.
Software Affected Rating
Critical to Important
Microsoft Office and SharePoint
MS15-100
Vulnerability in Windows
Media Center
The security update addresses the vulnerability by correcting how Windows Media Center link files
are handled.
Software Affected Rating
Important
Windows Media Center
MS15-101
Vulnerabilities in .NET
Framework
The security updates address the vulnerabilities by correcting how the .NET Framework copies
objects in memory and by correcting how the .NET Framework handles specially crafted requests.
Software Affected Rating
Important
Microsoft .NET
MS15-102
Vulnerabilities in
Windows Task
Management
The security update addresses the vulnerabilities by correcting how Windows validates
impersonation events and how Task Scheduler verifies file system interactions.
Software Affected Rating
Important
all supported releases of Microsoft
Windows
MS15-103
Vulnerabilities in
Microsoft Exchange
Server
The security update addresses the vulnerabilities by correcting how Microsoft Exchange OWA
handles web requests and by helping to ensure that OWA properly sanitizes user input and email
content.
Software Affected Rating
Important
Microsoft Exchange Server 2013
MS15-104
Vulnerabilities in Skype
for Business Server and
Lync Server
The security update addresses the vulnerabilities by updating jQuery in Skype for Business Server
and in Lync Server to correctly sanitize user input and by correcting how Skype for Business Server
and Lync Server sanitize user input.
Software Affected Rating
Important
Skype for Business Server 2015 and
Microsoft Lync Server 2013
MS15-105
Vulnerability in Windows
Hyper-V
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow
security feature bypass if an attacker runs a specially crafted application that could cause Windows
Hyper-V to incorrectly apply access control list (ACL) configuration settings.
Software Affected Rating
Important
Several version of Windows