Microsoft Security Bulletin Coverage (September 08, 2015)

Dell SonicWALL has analyzed and addressed Microsoft's security advisories for the month of September, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-094 Cumulative Security Update fro Internet Explorer

CVE-2015-2483 Information Disclosure Vulnerability
IPS: 11117 "Internet Explorer Information Disclosure Vulnerability (MS15-094) 3"
CVE-2015-2484 Tampering Vulnerability
This is a local vulnerability.
CVE-2015-2485 Memory Corruption Vulnerability
IPS: 11118 " Internet Explorer Information Disclosure Vulnerability (MS15-094) 4"
CVE-2015-2486 Memory Corruption Vulnerability
IPS: 11119 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 5"
CVE-2015-2487 Memory Corruption Vulnerability
IPS: 11120 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 7"
CVE-2015-2488 Memory Corruption Vulnerability
IPS: 11120 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 6"
CVE-2015-2489 Elevation of Privilege Vulnerability
This is a local vulnerability.
CVE-2015-2490 Memory Corruption Vulnerability
IPS: 11122 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 8"
CVE-2015-2491 Memory Corruption Vulnerability
IPS: 11123 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 9"
CVE-2015-2492 Memory Corruption Vulnerability
IPS: 11124 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 10"
CVE-2015-2493 Scripting Engine Memory Corruption Vulnerability
IPS: 11125 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 11"
CVE-2015-2494 Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2015-2498 Memory Corruption Vulnerability
IPS: 10728 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 18"
CVE-2015-2499 Memory Corruption Vulnerability
IPS: 11127 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 13"
CVE-2015-2500 Memory Corruption Vulnerability
IPS: 2239 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 1"
CVE-2015-2501 Memory Corruption Vulnerability
IPS: 2249 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 2"
CVE-2015-2541 Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2015-2542 Memory Corruption Vulnerability
There are no known exploits in the wild.

MS15-095 Cumulative Security Update for Microsoft Edge

CVE-2015-2485 Memory Corruption Vulnerability
IPS: 11118 " Internet Explorer Information Disclosure Vulnerability (MS15-094) 4"
CVE-2015-2486 Memory Corruption Vulnerability
IPS: 11119 "Internet Explorer Memory Corruption Vulnerability (MS15-094) 5"
CVE-2015-2494 Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2015-2542 Memory Corruption Vulnerability
There are no known exploits in the wild.

MS15-096 Vulnerabilities in Active Directory Service Could Allow Denial of Service

CVE-2015-2535 Active Directory Denial of Service Vulnerability
There are no known exploits in the wild.

MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution

CVE-2015-2506 OpenType Font Parsing Vulnerability
There are no known exploits in the wild.
CVE-2015-2507 Font Driver Elevation of Privilege Vulnerability
This is a local vulnerability.
CVE-2015-2508 Font Driver Elevation of Privilege Vulnerability
This is a local vulnerability.
CVE-2015-2510 Font Parsing Remote Code Execution Vulnerability
SPY: 3182 "Malformed-File xls.MP.45"
CVE-2015-2511 Win32k Memory Corruption Elevation of Privilege Vulnerability
SPY: 3183 "Malformed-File exe.MP.11"
CVE-2015-2512 Font Driver Elevation of Privilege Vulnerability
This is a local vulnerability.
CVE-2015-2517 Win32k Memory Corruption Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2015-2518 Win32k Memory Corruption Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2015-2527 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2015-2529 Kernel ASLR Bypass Vulnerability
This is a local vulnerability.
CVE-2015-2546 Win32k Memory Corruption Elevation of Privilege Vulnerability
There are no known exploits in the wild.

MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution

CVE-2015-2513 Windows Journal RCE Vulnerability
SPY: 3181 "Malformed-File jnt.MP.7"
CVE-2015-2514 Windows Journal RCE Vulnerability
There are no known exploits in the wild.
CVE-2015-2516 Windows Journal DoS Vulnerability
There are no known exploits in the wild.
CVE-2015-2519 Windows Journal Integer Overflow RCE Vulnerability
There are no known exploits in the wild.
CVE-2015-2530 Windows Journal RCE Vulnerability
There are no known exploits in the wild.

MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

CVE-2015-2520 Microsoft Office Memory Corruption Vulnerability
IPS: 3184 "Print Spooler Informational 3"
CVE-2015-2521 Microsoft Office Memory Corruption Vulnerability
IPS: 3185 "Web Application Remote Code Execution 14"
CVE-2015-2522 Microsoft SharePoint XSS Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2015-2523 Microsoft Office Memory Corruption Vulnerability
IPS: 3186 "EMC Captiva PDI ActiveX WriteToLog Method Invocation"
CVE-2015-2545 Microsoft Office Malformed EPS File Vulnerability
IPS: 3187 "Suspicious ActiveX Method Invocation 2"

MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution

CVE-2015-2509 Windows Media Center RCE Vulnerability
IPS: 11116 "Windows Media Center Remote Code Execution (MS15-100)"

MS15-101 Vulnerability in .Net Framework Could Allow Remote Code Execution

CVE-2015-2504 .NET Elevation of Privilege Vulnerability
This is a local Vulnerability
CVE-2015-2526 MVC Denial of Service Vulnerability
There are no known exploits in the wild.

MS15-102 Vulnerability in Windows Task Management Could Allow Elevation of Privilege

CVE-2015-2524 Windows Task Management Elevation of Privilege Vulnerability
This is a local vulnerability.
CVE-2015-2525 Windows Task File Deletion Elevation of Privilege Vulnerability
This is a local Vulnerability
CVE-2015-2528 Windows Task Management Elevation of Privilege Vulnerability
This is a local vulnerability.

MS15-103 Vulnerability in Microsoft Exchange Server Could Allow Elevation of Privilege

CVE-2015-2505 Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2015-2543 Exchange Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2015-2544 Exchange Spoofing Vulnerability
There are no known exploits in the wild.

MS15-104 Vulnerability in Skype for Business Server and Lync Server Could Allow Elevation of Privilege

CVE-2015-2531 Skype for Business and Lync Server XSS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2015-2532 Lync Server XSS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2015-2536 Skype for Business and Lync Server XSS Elevation of Privilege Vulnerability
There are no known exploits in th
e wild.

MS15-105 Vulnerability in Windows Hyper-V Could Allow Information Disclosure

CVE-2015-2534 Hyper-V Security Feature Bypass Vulnerability
There are no known exploits in the wild.

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.