Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - September 2015 Microsoft Patch Tuesday InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

September 2015 Microsoft Patch Tuesday

Published: 2015-09-08
Last Updated: 2015-09-09 01:03:57 UTC
by Johannes Ullrich (Version: 1)
14 comment(s)

Overview of the September 2015 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS15-094 Cumulative Security Update for Internet Explorer
(Replaces MS15-093)
CVE-2015-2483 , CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-2491, CVE-2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015-2501, CVE-2015-2541, CVE-2015-2542 KB 3089548 . Severity:Critical
Exploitability: 1
Critical Critical
MS15-095 Cumulative Security Update for Microsoft Edge
CVE-2015-2485
CVE-2015-2486
CVE-2015-2484
CVE-2015-2542
KB 3089665 . Severity:Critical
Exploitability: 1
Critical Critical
MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service
(Replaces MS14-016)
CVE-2015-2535 KB 3072595 . Severity:Important
Exploitability: 3
Important Important
MS15-097 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
CVE-2015-2506 CVE-2015-2507 CVE-2015-2508 CVE-2015-2510 CVE-2015-2511 CVE-2015-2512 CVE-2015-2517 CVE-2015-2518 CVE-2015-2527 CVE-2015-2529 CVE-2015-2546 KB 3089656 exploit detected for CVE-2015-2546 Severity:Critical
Exploitability: 0
Critical Critical
MS15-098 Vulnerabilities in Windows Journal Could Allow Remote Code Execution
(Replaces MS15-045)
CVE-2015-2513
CVE-2015-2514
CVE-2015-2516
CVE-2015-2519
CVE-2015-2530
KB 3089669 . Severity:Critical
Exploitability: 3
Critical Critical
MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(Replaces MS15-059 MS15-070 MS15-081)
CVE-2015-2520
CVE-2015-2521
CVE-2015-2522
CVE-2015-2523
CVE-2015-2545
KB 3089664 exploit in the wild Severity:Critical
Exploitability: 0
Critical Important
MS15-100 Vulnerability in Windows Media Center Could Allow Remote Code Execution
CVE-2015-2509 KB 3087918 no Severity:Important
Exploitability: 2
Critical Important
MS15-101 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
(Replaces MS12-025 )
CVE-2015-2504
CVE-2015-2526
KB 3089662   Severity:Important
Exploitability: 1
Important Important
MS15-102 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege
(Replaces MS14-054)
CVE-2015-2524
CVE-2015-2525
CVE-2015-2528
KB 3089657 . Severity:Important
Exploitability: 1
Important Important
MS15-103 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure
(Replaces MS15-064)
CVE-2015-2505
CVE-2015-2543
CVE-2015-2544
KB 3089250 . Severity:Important
Exploitability: 3
N/A Important
MS15-104 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege
(Replaces MS14-055)
CVE-2015-2531
CVE-2015-2532
CVE-2015-2536
KB 3089952 . Severity:Important
Exploitability: 3
N/A Important
MS15-105 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass
CVE-2015-2534 KB 3091287 . Severity:Important
Exploitability: 2
N/A Important
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

       

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: mspatchday
14 comment(s)
Diary Archives