Microsoft Security Bulletin 9/8/2015

Microsoft Security Bulletin 9/8/2015

2 minute read

Microsoft just released their Security Bulletin for 9/8/2015. There are 4 critical vulnerabilities and 8 important vulnerabilities. I have a little break down for the critical ones, at the bottom of the page is the source.

  1. MS15-096: Vulnerability in Active Directory Service Could Allow Denial of Service
  2. MS15-099: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  3. MS15-100: Vulnerability in Windows Media Center Could Allow Remote Code Execution
  4. MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
  5. MS15-102: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege
  6. MS15-103: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure
  7. MS15-104: Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege
  8. MS15-105: Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass
MS15-094 covers IE9 to IE11 on Windows 7 through Windows 10 as long as that version of IE can be installed on that OS. This could lead to remote code execution, an attacker can corrupt parts of memory that would allow them to execute code on a victims system. The code would run as that user, but if the attacker also uses a privilege escalation vulnerability they can run as an administrator if the victim isn't already an administrator. Microsoft has a temporary workaround, restricting access to both: vbscript.dll and jscript.dll.

MS15-095 this covers Microsoft Edge on Windows 10 and like MS15-094, could lead to remote code execution. Microsoft has no workaround at this time. 

MS15-097 is a vulnerability for Windows (Vista and Server 2008), Microsoft Office, and Microsoft Lync. This is another remote code execution that could effect you if you visit a website that takes advantage of this attack, or view documents that utilizes this vulnerability. There's a temporary workaround, see the vulnerability details. 

MS15-098 is a vulnerability in Microsoft Windows' Journal while parsing journal files. This could lead to remote code execution. This affects Windows Vista through Windows 10.