SlideShare a Scribd company logo

Patch Tuesday Analysis - August 2015

Download as PPTX, PDF
Ivanti, profile picture
Ivanti

This document summarizes Microsoft's August 2015 Patch Tuesday updates. It describes 14 Microsoft security bulletins addressing 58 vulnerabilities, an Adobe Flash bulletin addressing 35 vulnerabilities, and updates from Google Chrome and Mozilla Firefox. The updates resolve issues including remote code execution, elevation of privilege, and information disclosure. It provides details on the affected products and recommends applying all updates.

Technology
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Chris Goettl Sr. Product Manager Minimizing the Impact of Patch Tuesday Wednesday, August 12th, 2015 Dial In: 1-855-749-4750 (US) Attendees: 925 200 425
Shavlik Confidential  Feel free to ask questions via the online Q&A link in the WebEx interface.  Questions may be answered during the presentation.  Unanswered questions will be resolved via email after the presentation is over.  A copy of this presentation will be available at http://www.shavlik.com/webinars/ after the webinar. 2 Logistics
Shavlik Confidential  August 2015 Patch Tuesday Overview  Review August 2015 Security Bulletins  Patch Recommendations  Other patches released since last Patch Tuesday 3 Agenda
Shavlik Confidential  14 Microsoft Security Bulletins / 58 Vulnerabilities Addressed  Adobe Flash Bulletin / 35 Vulnerabilities Addressed  Google Chrome Release / Support for latest Flash Plug-In  Affected Products:  All supported Windows operating systems (Including Windows 10)  Internet Explorer, Edge  SCOM  Microsoft Office 2010, 2013  .Net Framework  Microsoft Lync  Microsoft Silverlight  Adobe Flash  Google Chrome  Mozilla Firefox 4 Patch Tuesday Overview for August 2015
Shavlik Confidential  Security Bulletins:  4 bulletin is rated as Critical.  10 bulletins are rated as Important.  Vulnerability Impact:  6 bulletin addresses vulnerabilities that could allow Remote Code Execution.  5 bulletins address vulnerabilities that could allow Elevation of Privileges.  3 bulletins address vulnerabilities that could allow Information Disclosure. 5 Overview for Microsoft August 2015
Shavlik Confidential  Security Bulletins:  Adobe Flash update for Flash Player (Priority 1)  Google Chrome update for Chrome 44 (No rating by Google, Flash plug-in Priority 1)  Mozilla FireFox 40 (no rating, feature release)  Vulnerability Impact:  Adobe Flash resolves 35 vulnerabilities including Remote Code Execution.  Google Chrome support for latest Flash plug-in (35 vulnerabilities) 6 Overview for 3rd Party Vendors August 2015
Shavlik Confidential  Maximum Severity: Priority 1  Affected Products: Adobe Flash 18 and earlier, Flash plug-ins for IE, Chrome, and FireFox  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Code Execution  Fixes 35 vulnerabilities:  CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE- 2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015- 5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE- 2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015- 5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564  Replaces: All previous Flash 13 and 18 versions  Restart Required: 7 APSB15-19: Security updates available for Adobe Flash Player
Shavlik Confidential  Maximum Severity:  Affected Products: Google Chrome  Description: The stable channel has been updated to 44.0.2403.107 for Windows, Mac, and Linux.  Impact: Supports update for Flash Plug-in including 35 security fixes  Fixes ? vulnerabilities:  Replaces: All previous versions  Restart Required: 8 CHROME-144: Chrome 44.0.2403.107
Shavlik Confidential  Maximum Severity:  Affected Products: Mozilla FireFox • Description: What’s New: • - Support for Windows 10 • - Added protection against unwanted software downloads • - Various security fixes  .Lots of other stuff  Impact: Code Execution  Fixes 19 vulnerabilities:  CVE-2015-4492, CVE-2015-4490,  Replaces: All previous versions  Restart Required: 9 FF15-015:
Shavlik Confidential  Maximum Severity: Critical  Affected Products: Windows 10, Internet Explorer 11, Edge, .Net Framework,  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 37 vulnerabilities:  Public disclosure CVE-2015-2423, Public disclosure CVE-2015-2433, Exploits detected CVE-2015-1769  Replaces: 3076321 in MS15-065,  Restart Required: Requires Restart 10 CSWU-003: Cumulative update for Windows 10: August 11, 2015
Shavlik Confidential  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 13 vulnerabilities:  Public disclosure CVE-2015-2423, CVE-2015-2441, CVE-2015-2442, CVE-2015-2443, CVE-2015-2444, CVE- 2015-2445, CVE-2015-2446, CVE-2015-2447, CVE-2015-2448, CVE-2015-2449, CVE-2015-2450, CVE-2015- 2451, CVE-2015-2452  Replaces: 3076321 in MS15-065,  Restart Required: Requires Restart 11 MS15-079: Cumulative Security Update for Internet Explorer (3082442)
Shavlik Confidential  Maximum Severity: Critical  Affected Products: Windows (Graphics Component), .Net Framework, Office, Lync, Silverlight  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.  Impact: Remote Code Execution  Fixes 16 vulnerabilities:  CVE-2015-2431, CVE-2015-2432, Public disclosure CVE-2015-2433, CVE-2015-2435, CVE-2015-2453, CVE- 2015-2454, CVE-2015-2455, CVE-2015-2456, CVE-2015-2458, CVE-2015-2459, CVE-2015-2460, CVE-2015- 2461, CVE-2015-2462, CVE-2015-2463, CVE-2015-2464, CVE-2015-2465  Replaces: 3030403 in MS15-019,  Restart Required: May Require Restart 12 MS15-080: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
Shavlik Confidential  Maximum Severity: Critical  Affected Products: Microsoft Office  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 8 vulnerabilities:  Public Exploit CVE-2015-1642, CVE-2015-2423, CVE-2015-2466, CVE-2015-2467, CVE-2015-2468, CVE- 2015-2469, CVE-2015-2470, CVE-2015-2477  Replaces: 2596744 in MS12-046 , 3054971 in MS15-070, 3054973 in MS15-070 , 3054990 in MS15-070 , 3023055 in MS15-046,  Restart Required: may Require Restart 13 MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows (RDP)  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 2 vulnerabilities:  CVE-2015-2472, CVE-2015-2473  Replaces: 2813345 in MS13-029, 2813347 in MS13-029  Restart Required: Requires Restart 14 MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2015-2474  Replaces: 971468 in MS10-012  Restart Required: Require Restart 15 MS15-083: Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows, Office  Description: This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Information Disclosure  Fixes 3 vulnerabilities:  CVE-2015-2434, CVE-2015-2440, CVE-2015-2471  Replaces: 3046482 in MS15-039, 2939576 in MS14-033, 2687499 in MS13-002  Restart Required: May Require Restart 16 MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  Exploits detected CVE-2015-1769  Replaces: 3045999 in MS15-038, 3067505 in MS15-076,  Restart Required: Requires Restart 17 MS15-085: Vulnerability in Mount Manager Could Allow Elevation of Privileg (3082487)
Shavlik Confidential  Maximum Severity: Important  Affected Products: SCOM  Description: This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2015-2420  Replaces: none  Restart Required: Does not require reboot 18 MS15-086: Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows, Server Core, BizTalk Server  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2015-2475  Replaces: none,  Restart Required: Does not require restart 19 MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2015-2423  Replaces: 3039066 in MS15-020  Restart Required: May Require Restart 20 MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2015-2476  Replaces: None  Restart Required: May Require Restart 21 MS15-089: Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2015-2428, CVE-2015-2429, CVE-2015-2430  Replaces: 3045999 in MS15-038, 3067505 in MS15-076, 3050514 in MS15-052  Restart Required: Requires Restart 22 MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows, .Net Framework  Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2015-2479, CVE-2015-2480, CVE-2015-2481  Replaces: None  Restart Required: May Require Restart 23 MS15-092: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
Shavlik Confidential24 Other lower priority updates for August
Shavlik Confidential25 Review Patch Releases Since July Patch Tuesday • Microsoft: 47 (Non-Security), 1 (Security Advisories), 1 (Security Tool), 4 (Security) • Adobe Acrobat: 2 (Security) • Adobe Reader: 1 (Security) • Google Chrome: 4 (Security) • Picasa: 1 (Security) • Skype: 2 (Security) • Flash: 1 (Security) • Notepad++: 2 (Security) • FoxIt Reader: 1 (Security) • VMware Player: 1 (Security) • Shockwave: 1 (non-Security) • Ccleaner: 1 (Non-Security) • Splunk Universal Forwarder: 1 (Non-Security) • Horizon Client: 1 (Non-Security) • Opera: 1 (Security) • CDBurner XP: 2 (non-Security) • Dropbox: 3 (non-security) • WinSCP: 2 (Non-Security) • Google Drive: 1 (Non-Security) • Libre Office: 2 (Non-Security) • FireFox: 1 (Security) • RealTimes: 1 (Security) • Classic Shell: 1 (Non-Security) • KeePass Pro2: 1 (Non-Security)
Shavlik Confidential26 Patch Day SummaryCompany Bulletin Software Affected CVE Count Vulnerability Impact Vendor Severity Threat Risk Notes Microsoft CSWU-003 Windows 10, IE, Edge, .Net 37 Remote Code Execution, Elevation of Privilege, Information Disclosure Critical High This is a rollup of all previous Win 10 secuirty updates and includes vulnerabilities across multiple August bulletins (MS15-079, MS15- 080, MS15-085, MS15-088, MS15-091, MS15-092). Public disclosure CVE-2015-2423, Public disclosure CVE-2015-2433, Exploits detected CVE-2015-1769 Microsoft MS15-079 Internet Explorer 13Remote Code Execution Critical High Public disclosure CVE-2015-2423 Microsoft MS15-080 Windows, .Net Framework, Office, Lync, Silverlight 16Remote Code Execution Critical High Public disclosure CVE-2015-2433 Microsoft MS15-081 Microsoft Office 8Remote Code Execution Critical High Public Exploit CVE-2015-1642 Microsoft MS15-082 Windows (RDP) 2Remote Code Execution Important Low-Moderate Known Issues: https://support.microsoft.com/en-us/kb/3080348 Microsoft MS15-083 Windows 1Remote Code Execution Important Low-Moderate Microsoft MS15-084 Windows, Office 3Information Disclosure Important Low-Moderate Microsoft MS15-085 Windows 1Elevation of Privilege Important High Microsoft MS15-086 SCOM 1Elevation of Privilege Important Low-Moderate Microsoft MS15-087 Windows 1Elevation of Privilege Important Low-Moderate Microsoft MS15-088 Windows 1Information Disclosure Important Low-Moderate Microsoft MS15-089 Windows 1Information Disclosure Important Low-Moderate Microsoft MS15-090 Windows 3Elevation of Privilege Important Low-Moderate Microsoft MS15-092 Windows, .Net Framework 3Elevation of Privilege Important Low-Moderate Adobe APSB15-19 Flash Player 35Code Execution Priority 1 High Google Chrome-144 Chrome 0* Critical High Supports the latest Adobe Flash Player update. This update should be applied as soon as possible. Mozilla FF15-015 FireFox 19Code Execution Critical Moderate-High
Q&A
Shavlik Confidential • Server 2003 End of Life - http://blog.shavlik.com/server-2003-end-life-August-14-2015-whats- plan/ • We are looking for Protect 9.2 Field Test and Beta Test customers. If you are interested in a demo of what is coming and participating in the test process contact Beta@Shavlik.com. • Slide deck and video playback available here: www.shavlik.com/Webinars • Sign up for next months Patch Tuesday Webinar and view webinar playbacks: http://www.shavlik.com/webinars/ • Sign up for Content Announcements: • Email http://www.shavlik.com/support/xmlsubscribe/ • RSS http://protect7.shavlik.com/feed/ • Twitter @ShavlikXML • Follow us on: • Shavlik on LinkedIn • Twitter @ShavlikProtect • Shavlik blog -> www.shavlik.com/blog • Chris Goettl on LinkedIn • Twitter @ChrisGoettl 28 Resources and Webinars
Patch Tuesday Analysis - August 2015

More Related Content

PPTX
Patch Tuesday Analysis - October 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - September 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - July 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - December 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - November 2015
Ivanti
 
PPTX
August Patch Tuesday Analysis
Ivanti
 
PPTX
February 2018 Patch Tuesday Analysis
Ivanti
 
PPTX
October Patch Tuesday Analysis 2018
Ivanti
 
Patch Tuesday Analysis - October 2015
Ivanti
 
Patch Tuesday Analysis - September 2015
Ivanti
 
Patch Tuesday Analysis - July 2015
Ivanti
 
Patch Tuesday Analysis - December 2015
Ivanti
 
Patch Tuesday Analysis - November 2015
Ivanti
 
August Patch Tuesday Analysis
Ivanti
 
February 2018 Patch Tuesday Analysis
Ivanti
 
October Patch Tuesday Analysis 2018
Ivanti
 

What's hot (20)

PPTX
December 2018 Patch Tuesday Analysis
Ivanti
 
PPTX
January Patch Tuesday Webinar 2018
Ivanti
 
PPTX
August Patch Tuesday 2016
LANDESK
 
PPTX
Patch Tuesday Analysis - April 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - February 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - June 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - March 2016
Ivanti
 
PPTX
November Patch Tuesday Analysis
Ivanti
 
PPTX
There's more to third-party patching than SCCM 1806
Ivanti
 
PPTX
January Patch Tuesday 2019
Ivanti
 
PPTX
Patch Tuesday Analysis - January 2016
Ivanti
 
PPTX
July 2018 Patch Tuesday Analysis
Ivanti
 
PPTX
Patch Tuesday Analysis - May 2016
Ivanti
 
PPTX
April Patch Tuesday Analysis 2018
Ivanti
 
PPTX
December 2017 Patch Tuesday
Ivanti
 
PPTX
December2016 patchtuesdayshavlik
LANDESK
 
PPTX
March 2018 Patch Tuesday Ivanti
Ivanti
 
PPTX
November2016 patchtuesdayshavlik
LANDESK
 
PPTX
October2016 patchtuesdayshavlik
LANDESK
 
PPTX
Ivanti Patch Tuesday November 2017
Ivanti
 
December 2018 Patch Tuesday Analysis
Ivanti
 
January Patch Tuesday Webinar 2018
Ivanti
 
August Patch Tuesday 2016
LANDESK
 
Patch Tuesday Analysis - April 2016
Ivanti
 
Patch Tuesday Analysis - February 2016
Ivanti
 
Patch Tuesday Analysis - June 2016
Ivanti
 
Patch Tuesday Analysis - March 2016
Ivanti
 
November Patch Tuesday Analysis
Ivanti
 
There's more to third-party patching than SCCM 1806
Ivanti
 
January Patch Tuesday 2019
Ivanti
 
Patch Tuesday Analysis - January 2016
Ivanti
 
July 2018 Patch Tuesday Analysis
Ivanti
 
Patch Tuesday Analysis - May 2016
Ivanti
 
April Patch Tuesday Analysis 2018
Ivanti
 
December 2017 Patch Tuesday
Ivanti
 
December2016 patchtuesdayshavlik
LANDESK
 
March 2018 Patch Tuesday Ivanti
Ivanti
 
November2016 patchtuesdayshavlik
LANDESK
 
October2016 patchtuesdayshavlik
LANDESK
 
Ivanti Patch Tuesday November 2017
Ivanti
 
Ad

Viewers also liked (6)

PPTX
Patch Tuesday Analysis - August 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - September 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - July 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - November 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - October 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - December 2016
Ivanti
 
Patch Tuesday Analysis - August 2016
Ivanti
 
Patch Tuesday Analysis - September 2016
Ivanti
 
Patch Tuesday Analysis - July 2016
Ivanti
 
Patch Tuesday Analysis - November 2016
Ivanti
 
Patch Tuesday Analysis - October 2016
Ivanti
 
Patch Tuesday Analysis - December 2016
Ivanti
 
Ad

Similar to Patch Tuesday Analysis - August 2015 (10)

PPTX
January2017 patchtuesdayshavlik
LANDESK
 
PPTX
Patch Tuesday Analysis - January 2017
Ivanti
 
PPTX
Shavlik September Patch Tuesday 2016
LANDESK
 
PPTX
Patch Tuesday Analysis - March 2017
Ivanti
 
PPTX
April 2017 patch tuesday ivanti
Chris Goettl
 
PPTX
July 2017 Patch Tuesday - Ivanti
Ivanti
 
PPTX
September 2017 Patch Tuesday
Ivanti
 
PPTX
May 2017 Patch Tuesday Ivanti
Ivanti
 
PPTX
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
PPTX
May 2018 Patch Tuesday Analysis
Ivanti
 
January2017 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - January 2017
Ivanti
 
Shavlik September Patch Tuesday 2016
LANDESK
 
Patch Tuesday Analysis - March 2017
Ivanti
 
April 2017 patch tuesday ivanti
Chris Goettl
 
July 2017 Patch Tuesday - Ivanti
Ivanti
 
September 2017 Patch Tuesday
Ivanti
 
May 2017 Patch Tuesday Ivanti
Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
May 2018 Patch Tuesday Analysis
Ivanti
 

More from Ivanti (20)

PDF
August Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
July Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Juin
Ivanti
 
PDF
June Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Mai
Ivanti
 
PDF
May Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Avril
Ivanti
 
PDF
April Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Mars
Ivanti
 
PDF
March Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Février
Ivanti
 
PDF
February Patch Tuesday
Ivanti
 
PDF
Patch Tuesday de Diciembre
Ivanti
 
PDF
Français Patch Tuesday - Décembre
Ivanti
 
PDF
Patch Tuesday Italia Dicembre
Ivanti
 
PDF
December Patch Tuesday
Ivanti
 
PDF
Patch Tuesday de Noviembre
Ivanti
 
PDF
Français Patch Tuesday - Novembre
Ivanti
 
PDF
Patch Tuesday Italia Novembre
Ivanti
 
August Patch Tuesday
Ivanti
 
Français Patch Tuesday - Juillet
Ivanti
 
July Patch Tuesday
Ivanti
 
Français Patch Tuesday - Juin
Ivanti
 
June Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mai
Ivanti
 
May Patch Tuesday
Ivanti
 
Français Patch Tuesday - Avril
Ivanti
 
April Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mars
Ivanti
 
March Patch Tuesday
Ivanti
 
Français Patch Tuesday - Février
Ivanti
 
February Patch Tuesday
Ivanti
 
Patch Tuesday de Diciembre
Ivanti
 
Français Patch Tuesday - Décembre
Ivanti
 
Patch Tuesday Italia Dicembre
Ivanti
 
December Patch Tuesday
Ivanti
 
Patch Tuesday de Noviembre
Ivanti
 
Français Patch Tuesday - Novembre
Ivanti
 
Patch Tuesday Italia Novembre
Ivanti
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Teaching material agriculture food technology
LiaRayya
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Cloud computing and distributed systems.
kkkkkhan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KodekX | Application Modernization Development
KodekX
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 

Patch Tuesday Analysis - August 2015

  • 1. Chris Goettl Sr. Product Manager Minimizing the Impact of Patch Tuesday Wednesday, August 12th, 2015 Dial In: 1-855-749-4750 (US) Attendees: 925 200 425
  • 2. Shavlik Confidential  Feel free to ask questions via the online Q&A link in the WebEx interface.  Questions may be answered during the presentation.  Unanswered questions will be resolved via email after the presentation is over.  A copy of this presentation will be available at http://www.shavlik.com/webinars/ after the webinar. 2 Logistics
  • 3. Shavlik Confidential  August 2015 Patch Tuesday Overview  Review August 2015 Security Bulletins  Patch Recommendations  Other patches released since last Patch Tuesday 3 Agenda
  • 4. Shavlik Confidential  14 Microsoft Security Bulletins / 58 Vulnerabilities Addressed  Adobe Flash Bulletin / 35 Vulnerabilities Addressed  Google Chrome Release / Support for latest Flash Plug-In  Affected Products:  All supported Windows operating systems (Including Windows 10)  Internet Explorer, Edge  SCOM  Microsoft Office 2010, 2013  .Net Framework  Microsoft Lync  Microsoft Silverlight  Adobe Flash  Google Chrome  Mozilla Firefox 4 Patch Tuesday Overview for August 2015
  • 5. Shavlik Confidential  Security Bulletins:  4 bulletin is rated as Critical.  10 bulletins are rated as Important.  Vulnerability Impact:  6 bulletin addresses vulnerabilities that could allow Remote Code Execution.  5 bulletins address vulnerabilities that could allow Elevation of Privileges.  3 bulletins address vulnerabilities that could allow Information Disclosure. 5 Overview for Microsoft August 2015
  • 6. Shavlik Confidential  Security Bulletins:  Adobe Flash update for Flash Player (Priority 1)  Google Chrome update for Chrome 44 (No rating by Google, Flash plug-in Priority 1)  Mozilla FireFox 40 (no rating, feature release)  Vulnerability Impact:  Adobe Flash resolves 35 vulnerabilities including Remote Code Execution.  Google Chrome support for latest Flash plug-in (35 vulnerabilities) 6 Overview for 3rd Party Vendors August 2015
  • 7. Shavlik Confidential  Maximum Severity: Priority 1  Affected Products: Adobe Flash 18 and earlier, Flash plug-ins for IE, Chrome, and FireFox  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Code Execution  Fixes 35 vulnerabilities:  CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE- 2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015- 5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE- 2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015- 5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564  Replaces: All previous Flash 13 and 18 versions  Restart Required: 7 APSB15-19: Security updates available for Adobe Flash Player
  • 8. Shavlik Confidential  Maximum Severity:  Affected Products: Google Chrome  Description: The stable channel has been updated to 44.0.2403.107 for Windows, Mac, and Linux.  Impact: Supports update for Flash Plug-in including 35 security fixes  Fixes ? vulnerabilities:  Replaces: All previous versions  Restart Required: 8 CHROME-144: Chrome 44.0.2403.107
  • 9. Shavlik Confidential  Maximum Severity:  Affected Products: Mozilla FireFox • Description: What’s New: • - Support for Windows 10 • - Added protection against unwanted software downloads • - Various security fixes  .Lots of other stuff  Impact: Code Execution  Fixes 19 vulnerabilities:  CVE-2015-4492, CVE-2015-4490,  Replaces: All previous versions  Restart Required: 9 FF15-015:
  • 10. Shavlik Confidential  Maximum Severity: Critical  Affected Products: Windows 10, Internet Explorer 11, Edge, .Net Framework,  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 37 vulnerabilities:  Public disclosure CVE-2015-2423, Public disclosure CVE-2015-2433, Exploits detected CVE-2015-1769  Replaces: 3076321 in MS15-065,  Restart Required: Requires Restart 10 CSWU-003: Cumulative update for Windows 10: August 11, 2015
  • 11. Shavlik Confidential  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 13 vulnerabilities:  Public disclosure CVE-2015-2423, CVE-2015-2441, CVE-2015-2442, CVE-2015-2443, CVE-2015-2444, CVE- 2015-2445, CVE-2015-2446, CVE-2015-2447, CVE-2015-2448, CVE-2015-2449, CVE-2015-2450, CVE-2015- 2451, CVE-2015-2452  Replaces: 3076321 in MS15-065,  Restart Required: Requires Restart 11 MS15-079: Cumulative Security Update for Internet Explorer (3082442)
  • 12. Shavlik Confidential  Maximum Severity: Critical  Affected Products: Windows (Graphics Component), .Net Framework, Office, Lync, Silverlight  Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.  Impact: Remote Code Execution  Fixes 16 vulnerabilities:  CVE-2015-2431, CVE-2015-2432, Public disclosure CVE-2015-2433, CVE-2015-2435, CVE-2015-2453, CVE- 2015-2454, CVE-2015-2455, CVE-2015-2456, CVE-2015-2458, CVE-2015-2459, CVE-2015-2460, CVE-2015- 2461, CVE-2015-2462, CVE-2015-2463, CVE-2015-2464, CVE-2015-2465  Replaces: 3030403 in MS15-019,  Restart Required: May Require Restart 12 MS15-080: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
  • 13. Shavlik Confidential  Maximum Severity: Critical  Affected Products: Microsoft Office  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 8 vulnerabilities:  Public Exploit CVE-2015-1642, CVE-2015-2423, CVE-2015-2466, CVE-2015-2467, CVE-2015-2468, CVE- 2015-2469, CVE-2015-2470, CVE-2015-2477  Replaces: 2596744 in MS12-046 , 3054971 in MS15-070, 3054973 in MS15-070 , 3054990 in MS15-070 , 3023055 in MS15-046,  Restart Required: may Require Restart 13 MS15-081: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
  • 14. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows (RDP)  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 2 vulnerabilities:  CVE-2015-2472, CVE-2015-2473  Replaces: 2813345 in MS13-029, 2813347 in MS13-029  Restart Required: Requires Restart 14 MS15-082: Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
  • 15. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2015-2474  Replaces: 971468 in MS10-012  Restart Required: Require Restart 15 MS15-083: Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
  • 16. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows, Office  Description: This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.  Impact: Information Disclosure  Fixes 3 vulnerabilities:  CVE-2015-2434, CVE-2015-2440, CVE-2015-2471  Replaces: 3046482 in MS15-039, 2939576 in MS14-033, 2687499 in MS13-002  Restart Required: May Require Restart 16 MS15-084: Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
  • 17. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  Exploits detected CVE-2015-1769  Replaces: 3045999 in MS15-038, 3067505 in MS15-076,  Restart Required: Requires Restart 17 MS15-085: Vulnerability in Mount Manager Could Allow Elevation of Privileg (3082487)
  • 18. Shavlik Confidential  Maximum Severity: Important  Affected Products: SCOM  Description: This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2015-2420  Replaces: none  Restart Required: Does not require reboot 18 MS15-086: Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
  • 19. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows, Server Core, BizTalk Server  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2015-2475  Replaces: none,  Restart Required: Does not require restart 19 MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
  • 20. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2015-2423  Replaces: 3039066 in MS15-020  Restart Required: May Require Restart 20 MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
  • 21. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2015-2476  Replaces: None  Restart Required: May Require Restart 21 MS15-089: Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
  • 22. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2015-2428, CVE-2015-2429, CVE-2015-2430  Replaces: 3045999 in MS15-038, 3067505 in MS15-076, 3050514 in MS15-052  Restart Required: Requires Restart 22 MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
  • 23. Shavlik Confidential  Maximum Severity: Important  Affected Products: Windows, .Net Framework  Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2015-2479, CVE-2015-2480, CVE-2015-2481  Replaces: None  Restart Required: May Require Restart 23 MS15-092: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
  • 24. Shavlik Confidential24 Other lower priority updates for August
  • 25. Shavlik Confidential25 Review Patch Releases Since July Patch Tuesday • Microsoft: 47 (Non-Security), 1 (Security Advisories), 1 (Security Tool), 4 (Security) • Adobe Acrobat: 2 (Security) • Adobe Reader: 1 (Security) • Google Chrome: 4 (Security) • Picasa: 1 (Security) • Skype: 2 (Security) • Flash: 1 (Security) • Notepad++: 2 (Security) • FoxIt Reader: 1 (Security) • VMware Player: 1 (Security) • Shockwave: 1 (non-Security) • Ccleaner: 1 (Non-Security) • Splunk Universal Forwarder: 1 (Non-Security) • Horizon Client: 1 (Non-Security) • Opera: 1 (Security) • CDBurner XP: 2 (non-Security) • Dropbox: 3 (non-security) • WinSCP: 2 (Non-Security) • Google Drive: 1 (Non-Security) • Libre Office: 2 (Non-Security) • FireFox: 1 (Security) • RealTimes: 1 (Security) • Classic Shell: 1 (Non-Security) • KeePass Pro2: 1 (Non-Security)
  • 26. Shavlik Confidential26 Patch Day SummaryCompany Bulletin Software Affected CVE Count Vulnerability Impact Vendor Severity Threat Risk Notes Microsoft CSWU-003 Windows 10, IE, Edge, .Net 37 Remote Code Execution, Elevation of Privilege, Information Disclosure Critical High This is a rollup of all previous Win 10 secuirty updates and includes vulnerabilities across multiple August bulletins (MS15-079, MS15- 080, MS15-085, MS15-088, MS15-091, MS15-092). Public disclosure CVE-2015-2423, Public disclosure CVE-2015-2433, Exploits detected CVE-2015-1769 Microsoft MS15-079 Internet Explorer 13Remote Code Execution Critical High Public disclosure CVE-2015-2423 Microsoft MS15-080 Windows, .Net Framework, Office, Lync, Silverlight 16Remote Code Execution Critical High Public disclosure CVE-2015-2433 Microsoft MS15-081 Microsoft Office 8Remote Code Execution Critical High Public Exploit CVE-2015-1642 Microsoft MS15-082 Windows (RDP) 2Remote Code Execution Important Low-Moderate Known Issues: https://support.microsoft.com/en-us/kb/3080348 Microsoft MS15-083 Windows 1Remote Code Execution Important Low-Moderate Microsoft MS15-084 Windows, Office 3Information Disclosure Important Low-Moderate Microsoft MS15-085 Windows 1Elevation of Privilege Important High Microsoft MS15-086 SCOM 1Elevation of Privilege Important Low-Moderate Microsoft MS15-087 Windows 1Elevation of Privilege Important Low-Moderate Microsoft MS15-088 Windows 1Information Disclosure Important Low-Moderate Microsoft MS15-089 Windows 1Information Disclosure Important Low-Moderate Microsoft MS15-090 Windows 3Elevation of Privilege Important Low-Moderate Microsoft MS15-092 Windows, .Net Framework 3Elevation of Privilege Important Low-Moderate Adobe APSB15-19 Flash Player 35Code Execution Priority 1 High Google Chrome-144 Chrome 0* Critical High Supports the latest Adobe Flash Player update. This update should be applied as soon as possible. Mozilla FF15-015 FireFox 19Code Execution Critical Moderate-High
  • 27. Q&A
  • 28. Shavlik Confidential • Server 2003 End of Life - http://blog.shavlik.com/server-2003-end-life-August-14-2015-whats- plan/ • We are looking for Protect 9.2 Field Test and Beta Test customers. If you are interested in a demo of what is coming and participating in the test process contact Beta@Shavlik.com. • Slide deck and video playback available here: www.shavlik.com/Webinars • Sign up for next months Patch Tuesday Webinar and view webinar playbacks: http://www.shavlik.com/webinars/ • Sign up for Content Announcements: • Email http://www.shavlik.com/support/xmlsubscribe/ • RSS http://protect7.shavlik.com/feed/ • Twitter @ShavlikXML • Follow us on: • Shavlik on LinkedIn • Twitter @ShavlikProtect • Shavlik blog -> www.shavlik.com/blog • Chris Goettl on LinkedIn • Twitter @ChrisGoettl 28 Resources and Webinars

Editor's Notes

  • #5: 2 public disclosures (across 4 bulletins) and two exploited in wild in Microsoft release
  • #8: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully resolve Flash vulnerabilities you need to update all versions of Flash and Plug-ins on machines. This includes Flash for the OS, Flash plug-in for IE, Chrome, and for FireFox. Flash has seen multiple exploits in the wild this year. Consider this urgent on all systems. Remove or update without question.
  • #9: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. This update is required to resolve the latest Flash 18 plug-in update which has 35 vulnerabilities. The update likely includes additional security fixes, but specific count and CVE numbers were not yet available.
  • #10: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
  • #11: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. The security update for Windows 10 that is dated August 11, 2015, includes improvements to improve the functionality of Windows 10 and resolves the following vulnerabilities in Windows: 3086251 MS15-092: Vulnerabilities in the .NET Framework could allow elevation of privilege: August 11, 2015 3084525 MS15-091: Cumulative security update for Microsoft Edge: August 11, 2015 3082458 MS15-088: Unsafe command-line parameter passing could allow information disclosure: August 11, 2015 3082487 MS15-085: Vulnerability in Mount Manager could allow elevation of privilege: August 11, 2015 3078662 MS15-080: Vulnerabilities in Microsoft graphics component could allow remote code execution: August 11, 2015 3082442 MS15-079: Cumulative security update for Internet Explorer: August 11, 2015 Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes.
  • #12: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: CVE-2015-2423 To exploit this vulnerability, an attacker would first need to leverage another vulnerability and execute code in Internet Explorer with EPM, and then execute Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter. The update addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer.
  • #13: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Disclosure: CVE-2015-2433 A security feature bypass vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. This issue affects all supported Windows operating systems and is considered to be an Important-class Security Feature Bypass (SFB).  An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. 
  • #14: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Public Exploit: CVE-2015-1642 In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file. Public Disclosure: CVE-2015-2423 To exploit this vulnerability, an attacker would first need to leverage another vulnerability and execute code in Internet Explorer with EPM, and then execute Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter. The update addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer. Known Issues: https://support.microsoft.com/en-us/kb/3080790 Starting on August 12, 2015, users of the 2007 Microsoft Office system who do not have the update installed will no longer be able to access online templates. Instead, when they try to access online templates, a single template thumbnail appears together with text that tells them to update Office to regain access to templates. For more information, see http://aka.ms/2007. Be aware that 2007 Microsoft Office system users who do not have this update installed are still vulnerable. This is true even when it seems that they do not have access to online templates. Many Nonsecurity-related fixes included in this update as well. See the complete list on the KB link above.
  • #15: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Known Issues: https://support.microsoft.com/en-us/kb/3080348 If you install a language pack after installing this update you will need to reinstall this update. Known issues in security update 3075222: After you install or uninstall this security update, you may have to restart the computer two times. (Win 7 and Server 2008 R2 systems)
  • #16: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing..
  • #17: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. CVE-2015-2434 and CVE-2015-2471 In a man-in-the-middle (MiTM) attack scenario, an attacker could force an encrypted SSL 2.0 session and then decrypt portions of encrypted network information traffic. This update resolves the issue by configuring MSXML to use more secure network protocols by default instead of SSL 2.0. CVE-2015-2440 To exploit the vulnerability, an attacker could host a specially-crafted website that is designed to invoke MSXML through Internet Explorer. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or a link in an Instant Messenger request that would then take the user to the website. The update addresses the vulnerability by modifying how Microsoft XML Core Services returns data requests.
  • #18: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means you should apply this update to systems within 30 days. Exploit Detected CVE-2015-1769 To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. The security update addresses this vulnerability by removing the vulnerable code from the component. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers.
  • #19: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. An attacker could exploit this vulnerability by convincing a user to visit an affected website by way of a specially crafted URL. This can be done through any medium that can contain URL web links that are controlled by the attacker, such as a link in an email, a link on a website, or a redirect on a website. Additionally, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email or Instant Messenger message that directs them to the affected website by way of a specially crafted URL. Users who are authorized to access System Center Operations Manager web consoles are primarily at risk from this vulnerability. The update addresses the vulnerability by modifying the way that System Center Operations Manager accepts input.
  • #20: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. To exploit the vulnerability, an attacker could engineer a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. When a user visits the specially crafted webpage the malicious script is executed. This update addresses the vulnerability by correcting how the UDDI Services encode and validate the parameter.
  • #21: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Public Disclosure: CVE-2015-2423 To exploit this vulnerability, an attacker would first need to leverage another vulnerability and execute code in Internet Explorer with EPM, and then execute Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter. The update addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer.
  • #22: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. To exploit the vulnerability, an attacker could force an encrypted SSL 2.0 session with a WebDAV server that has SSL 2.0 enabled and use a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. The security update addresses the vulnerability by ensuring that the Microsoft WebDAV client defaults to more secure protocols than SSL 2.0.
  • #23: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. CVE-2015-2428 In order to exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability by itself does not allow arbitrary code execution; however, an attacker could use this vulnerability in conjunction with another vulnerability to effect arbitrary code execution. The update addresses the vulnerability by correcting how Windows Object Manager handles object symbolic links created by a sandbox process., CVE-2015-2429 To exploit the vulnerability, an attacker would have to convince the user to open a specially crafted file that would invoke a vulnerable sandboxed application, resulting in a compromise of the sandbox. The attacker could then run programs with the privileges of the logged on user. The update addresses the vulnerability by preventing improper interaction with the registry by sandboxed applications. CVE-2015-2430 To exploit the vulnerability, an attacker would have to convince the user to open a specially crafted file that would invoke a vulnerable sandboxed application, allowing an attacker to escape the sandbox. The update addresses the vulnerability by preventing improper interaction with the filesystem by sandboxed applications.
  • #24: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. To exploit these vulnerabilities, an attacker would need to host a specially crafted .NET application and convince users to run the application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so. The security update addresses the vulnerabilities by correcting RyuJIT compiler optimization for .NET Framework.
  • #25: Shavlik Priority: Shavlik rates this bulletin as a Priority 3. Consider this update for testing and rollout when convenient. Note: Some 3rd party updates may be non-security, but are still classified in Protect as Security. This is due to the fact that the step from current to this version August include security fixes based on the version currently on a machine. It would only be considered non-security if you were up to the latest version before the non-security release was made available.
  • #26: MS15-078 out of band release Added support for products: Adobe Acrobat DC, .Net Framework 4.6, WinSCP 4\5, Windows 10, VMware Horizon Client 2\3