Scribd Logo
Carica

Benvenuto in Scribd!

  • Patch Tuesday

    Caricato da

    Chetan Soni
    13 visualizzazioni4 pagine
    report on microsoft security bulletins

    Copyright

    © © All Rights Reserved

    Formati disponibili

    ODT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    report on microsoft security bulletins

    Copyright:

    © All Rights Reserved
    Scarica in formato ODT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    13 visualizzazioni4 pagine

    Patch Tuesday

    Caricato da

    Chetan Soni
    report on microsoft security bulletins

    Copyright:

    © All Rights Reserved
    Scarica in formato ODT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    EXECUTIVE REPORT ON MICROSOFT SECURITY BULLETIN : SEP - 2015

    Patch Tuesday (a.k.a. Update Tuesday) is an unofficial term used to refer to when Microsoft
    regularly releases security patches for its software products. It is widely referred to in this way by the
    industry. Microsoft formalized Patch Tuesday in October 2003. The Microsoft security bulletin for
    month of Sep 15 was published on September 8, 2015. This bulletin summary lists security bulletins
    1.

    released for September 2015.


    2.
    Total 12 updates were released in this bulletin. The following table summarizes the security
    bulletins for this month in order of severity.
    Severity

    Number

    Critical

    Important

    3.
    The bulletins are classified according to their vulnerability impact. The following table
    summarizes the security bulletins for this month in order of Vulnerability impact.
    Vulnerability Impact

    Number

    Remote Code Execution

    Denial of Service

    Elevation of Privilege

    Information Disclosure

    Security Feature Bypass

    4.

    The Definition of Vulnerability Impact is Appended in table below.

    Rating
    Critical

    Definition
    A vulnerability whose exploitation could allow code execution without user interaction.
    These scenarios include self-propagating malware (e.g. network worms), or unavoidable
    common use scenarios where code execution occurs without warnings or prompts. This
    could mean browsing to a web page or opening email.
    Microsoft recommends that customers apply Critical updates immediately.

    Important A vulnerability whose exploitation could result in compromise of the confidentiality,


    integrity, or availability of user data, or of the integrity or availability of processing
    resources. These scenarios include common use scenarios where client is compromised
    with warnings or prompts regardless of the prompt's provenance, quality, or usability.
    Sequences of user actions that do not generate prompts or warnings are also covered.
    Microsoft recommends that customers apply Important updates at the earliest
    opportunity.

    5.
    Each security bulletin covers number of vulnerabilties in one or diffrent system across
    platforms. The following table provides an exploitability assessment of each of the vulnerabilities
    addressed this month.

    MS15-094

    Cumulative Security
    Update for Internet
    Explorer

    Remote Code Execution - Critical

    The most severe of the vulnerabilities could allow remote code execution if a user views a specially
    crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities
    could gain the same user rights as the current user.
    Software Affected Rating

    Critical to Moderate
    Versions of IE on affected Windows
    servers.

    Total Vulnerabilities Covered

    17

    MS15-095

    Cumulative Security
    Update for Microsoft
    Edge

    Remote Code Execution - Critical

    This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities
    could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
    Software Affected Rating

    Critical
    Microsoft Edge on Windows clients

    Total Vulnerabilities Covered

    04

    MS15-096

    Denial of Service - Important

    Vulnerability in Active
    Directory Service

    The most severe of the vulnerabilities could allow remote code execution if a user views a specially
    crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities
    could gain the same user rights as the current user.
    Software Affected Rating

    Important
    Win Server 2008 R2, 2012, 2012 R2

    Total Vulnerabilities Covered

    MS15-097

    Vulnerabilities in
    Microsoft Graphics
    Component

    Remote Code Execution - Critical

    The most severe of the vulnerabilities could allow remote code execution if a user views a specially
    crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities
    could gain the same user rights as the current user.
    Software Affected Rating

    Critical to Important
    All editions of Windows , Server 2008,
    Lync 2013, Lync 2010, Live Meeting 2007

    Office 2007, Office 2010


    Total Vulnerabilities Covered
    MS15-098

    11
    Vulnerabilities in
    Windows Journal

    Remote Code Execution - Critical

    This security update is rated Critical for all supported releases of Windows excluding Itanium
    editions, which are not affected.The security update addresses the vulnerabilities by modifying how
    Windows Journal parses Journal files.
    Software Affected Rating

    Critical
    Windows excluding Itanium editions

    Total Vulnerabilities Covered

    MS15-099

    Vulnerabilities in
    Microsoft Office

    Remote Code Execution - Critical

    The security update addresses the vulnerabilities by correcting how Microsoft Office handles files in
    memory and by modifying how SharePoint validates web requests.
    Software Affected Rating

    Critical to Important
    Microsoft Office and SharePoint

    Total Vulnerabilities Covered

    MS15-100

    Vulnerability in Windows
    Media Center

    Remote Code Execution - Important

    The security update addresses the vulnerability by correcting how Windows Media Center link files
    are handled.
    Software Affected Rating

    Important
    Windows Media Center

    Total Vulnerabilities Covered

    MS15-101

    Vulnerabilities in .NET
    Framework

    Elevation of Privilege - Important

    The security updates address the vulnerabilities by correcting how the .NET Framework copies
    objects in memory and by correcting how the .NET Framework handles specially crafted requests.
    Software Affected Rating

    Important
    Microsoft .NET

    Total Vulnerabilities Covered

    MS15-102

    Vulnerabilities in
    Windows Task
    Management

    Elevation of Privilege - Important

    The security update addresses the vulnerabilities by correcting how Windows validates

    impersonation events and how Task Scheduler verifies file system interactions.
    Software Affected Rating

    Important
    all supported releases of Microsoft
    Windows

    Total Vulnerabilities Covered

    MS15-103

    Vulnerabilities in
    Microsoft Exchange
    Server

    Information Disclosure - Important

    The security update addresses the vulnerabilities by correcting how Microsoft Exchange OWA
    handles web requests and by helping to ensure that OWA properly sanitizes user input and email
    content.
    Software Affected Rating

    Important
    Microsoft Exchange Server 2013

    Total Vulnerabilities Covered

    MS15-104

    Vulnerabilities in Skype
    for Business Server and
    Lync Server

    Elevation of Privilege - Important

    The security update addresses the vulnerabilities by updating jQuery in Skype for Business Server
    and in Lync Server to correctly sanitize user input and by correcting how Skype for Business Server
    and Lync Server sanitize user input.
    Software Affected Rating

    Important
    Skype for Business Server 2015 and
    Microsoft Lync Server 2013

    Total Vulnerabilities Covered

    MS15-105

    Vulnerability in Windows
    Hyper-V

    Security Feature Bypass - Important -

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow
    security feature bypass if an attacker runs a specially crafted application that could cause Windows
    Hyper-V to incorrectly apply access control list (ACL) configuration settings.
    Software Affected Rating

    Important
    Several version of Windows

    Total Vulnerabilities Covered

    Potrebbero piacerti anche