Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: September 2015 Microsoft Patch Tuesday - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
September 2015 Microsoft Patch Tuesday

Overview of the September 2015 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS15-094 Cumulative Security Update for Internet Explorer
(Replaces MS15-093)
CVE-2015-2483 , CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-2491, CVE-2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015-2501, CVE-2015-2541, CVE-2015-2542 KB 3089548 . Severity:Critical
Exploitability: 1
Critical Critical
MS15-095 Cumulative Security Update for Microsoft Edge
CVE-2015-2485
CVE-2015-2486
CVE-2015-2484
CVE-2015-2542
KB 3089665 . Severity:Critical
Exploitability: 1
Critical Critical
MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service
(Replaces MS14-016)
CVE-2015-2535 KB 3072595 . Severity:Important
Exploitability: 3
Important Important
MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
CVE-2015-2506 CVE-2015-2507 CVE-2015-2508 CVE-2015-2510 CVE-2015-2511 CVE-2015-2512 CVE-2015-2517 CVE-2015-2518 CVE-2015-2527 CVE-2015-2529 CVE-2015-2546 KB 3089656 exploit detected for CVE-2015-2546 Severity:Critical
Exploitability: 0
Critical Critical
MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution
(Replaces MS15-045)
CVE-2015-2513
CVE-2015-2514
CVE-2015-2516
CVE-2015-2519
CVE-2015-2530
KB 3089669 . Severity:Critical
Exploitability: 3
Critical Critical
MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(Replaces MS15-059 MS15-070 MS15-081)
CVE-2015-2520
CVE-2015-2521
CVE-2015-2522
CVE-2015-2523
CVE-2015-2545
KB 3089664 exploit in the wild Severity:Critical
Exploitability: 0
Critical Important
MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution
CVE-2015-2509 KB 3087918 no Severity:Important
Exploitability: 2
Critical Important
MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
(Replaces MS12-025 )
CVE-2015-2504
CVE-2015-2526
KB 3089662   Severity:Important
Exploitability: 1
Important Important
MS15-102 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege
(Replaces MS14-054)
CVE-2015-2524
CVE-2015-2525
CVE-2015-2528
KB 3089657 . Severity:Important
Exploitability: 1
Important Important
MS15-103 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure
(Replaces MS15-064)
CVE-2015-2505
CVE-2015-2543
CVE-2015-2544
KB 3089250 . Severity:Important
Exploitability: 3
N/A Important
MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege
(Replaces MS14-055)
CVE-2015-2531
CVE-2015-2532
CVE-2015-2536
KB 3089952 . Severity:Important
Exploitability: 3
N/A Important
MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass
CVE-2015-2534 KB 3091287 . Severity:Important
Exploitability: 2
N/A Important
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

       

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3605 Posts
ISC Handler
Just for clarification: MS15-100 rated Critical for clients, but color-coded as Important?
Anonymous
Thanks for noticing the typo. Fixed it now.
Lenny

216 Posts
ISC Handler
I fixed a couple other typos. Should be clearer now. Also changed the "client" rating for the last 3 as "N/A" (Not Applicable) as these affect servers only.
Johannes

3605 Posts
ISC Handler
Thanks, Lenny & Johannes. Greatly appreciate the update. :)
Anonymous
Anything to be added regarding KB3075249 and KB3080149 which supposedly backport some of the tracking/spying features from Win10 back to Win7+8 and probably should be labelled as "AVOID"?
Visi

41 Posts
In addition to many of the updates listed above, KB3083992 was installed on my W7 X64 PC.
According to https://support.microsoft.com/en-us/kb/3083992 this is:
Microsoft security advisory: Update to improve AppLocker certificate handling: September 8, 2015
Currently the section "Additional information about this security update" of the webpage is empty, so it's not clear what was wrong.

@Visi: KB3075249 and KB3080149 were distributed earlier (end of August), see for example http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/
Erik van Straten

122 Posts
@ VISI et al.

From what I have deduced from this site and others, you are correct. MS nazi attempt to run talk back to MS. No interest here, though a PITA, I go through each update as needed. The greasy haired mongrel (BG) has more than enough data.... IMHO.

Regards.
ICI2I

63 Posts
See

http://www.infoworld.com/article/2981947/microsoft-windows/the-truth-about-windows-7-and-81-spy-patches-kb-3068708-3022345-3075249-and-3080149.html

I think the "backporting Windows 10 spying to Win7/8.1" argument is way overblown - or did I miss something?

- Woody Leonhard
WoodyLeonhard

8 Posts
Quoting WoodyLeonhard:See

argument is way overblown - or did I miss something?

- Woody Leonhard


Well, maybe? I am sure you meant IMHO or some other acronym? Does not one decide their next move like a game of chess? I can find NO, repeat NO legit reason why MS or some other "puffing" software wishes to track my data that benefits me. Choice is a grand thing! And for the record, no I do not have a "smart phone" BYODesruction and move away for the "virtual world". But that is me!

I will concede putting links up to reference is a lack of security judgement. Hopefully those reading this tested and opened each link by protocol, I know I did.

Cheers...

IC
ICI2I

63 Posts
FYI...

MS15-097: Description of the security update for the graphics component in Windows
- https://support.microsoft.com/en-us/kb/3086255
Last Review: 09/08/2015 17:38:00 - Rev: 2.0
"... Known issues in this security update:
After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.
Note: When you no longer require the service to be running, we recommend that you turn off the service again.
Warning: This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk..."
___

Another candidate for 'HIDE' ... :-(
PC.Tech

34 Posts
Just a question to color coding of the isc rating of the patch :
you defined Patch now with text "Patch now" as white font on red background...
and Critical with text "Critical" as Black Font on red background...

what do you mean with Critical as white font on red background ? If its really just critical, shouldn't it be Black Font on red background ?
PC.Tech
1 Posts
MS15-098 KB3069114 fails to install in Windows 8.0 x64.

WU returns error 0x80073712 and manual install of
Windows8-RT-KB3069114-x64.msu runs and then
states "update not installed".

running

DISM.exe /Online /Cleanup-image /Restorehealth
sfc /scannow

cleaned up some issues with 100% success but
did not enable KB3069114 install.

Machine very clean, barely used Sandy Bridge
with Intel SSD.
Starlight

34 Posts
Just curious if you installed this update and found any applications that "don't work"

Thanks,
Andrew
Andrew

2 Posts
Quoting PC.Tech:FYI...

MS15-097: Description of the security update for the graphics component in Windows
- https://support.microsoft.com/en-us/kb/3086255
Last Review: 09/08/2015 17:38:00 - Rev: 2.0
"... Known issues in this security update:
After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry.
Note: When you no longer require the service to be running, we recommend that you turn off the service again.
Warning: This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk..."
___

Another candidate for 'HIDE' ... :-(


This is the one that I was talking about.
Andrew

2 Posts

Sign Up for Free or Log In to start participating in the conversation!