August 2015 Microsoft Patch Tuesday

Overview of the August 2015 Microsoft patches and their status.

#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	ISC rating(*)
#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	clients	servers
MS15-079	Cumulative Security Update for Internet Explorer (Replaces MS15-065 )
MS15-079	Internet Explorer CVE-2015-2423 CVE-2015-2441 CVE-2015-2442 CVE-2015-2443 CVE-2015-2444 CVE-2015-2445 CVE-2015-2446 CVE-2015-2447 CVE-2015-2448 CVE-2015-2449 CVE-2015-2450 CVE-2015-2451 CVE-2015-2452	KB 3082442	No.	Severity:Critical Exploitability: 1	Critical	Important
MS15-080	Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (Replaces MS15-078 )
MS15-080	Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, Microsoft Silverlight CVE-2015-2435 CVE-2015-2455 CVE-2015-2456 CVE-2015-2463 CVE-2015-2464	KB 3078662	No.	Severity:Critical Exploitability: 1	Critical	Important
MS15-081	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Replaces MS12-046 MS15-046 MS13-072 MS15-070 MS13-044 MS11-089 )
MS15-081	Microsoft Office CVE-2015-1642 CVE-2015-2423 CVE-2015-2466 CVE-2015-2467 CVE-2015-2468 CVE-2015-2469 CVE-2015-2470 CVE-2015-2477	KB 3080790	No.	Severity:Critical Exploitability: 1	Critical	Important
MS15-082	Vulnerabilities in RDP Could Allow Remote Code Execution (Replaces MS13-029 MS15-069 )
MS15-082	Microsoft Windows CVE-2015-2472 CVE-2015-2473	KB 3080348	No.	Severity:Important Exploitability: 1	Important	Important
MS15-083	Vulnerability in Server Message Block Could Allow Remote Code Execution (Replaces MS10-012 )
MS15-083	Microsoft Windows CVE-2015-2474	KB 3073921	No.	Severity:Important Exploitability: 2	Important	Important
MS15-084	Vulnerabilities in XML Core Services Could Allow Information Disclosure (Replaces MS15-039 MS14-033 MS13-002 )
MS15-084	Microsoft XML Core Services CVE-2015-2424 CVE-2015-2440 CVE-2015-2471	KB 3080129	No.	Severity:Important Exploitability: 3	Important	Important
MS15-085	Vulnerability in Mount Manager Could Allow Elevation of Privilege (Replaces MS15-038 MS15-076 MS15-025 MS15-052 )
MS15-085	Microsoft Windows Mount Manager CVE-2015-1769	KB 3082487	ExploitationDetected	Severity:Important Exploitability: 0	Important	Important
MS15-086	Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (Replaces none )
MS15-086	Microsoft System Center Operations Manager CVE-2015-2420	KB 3075158	No.	Severity:Important Exploitability: 2	Important	Important
MS15-087	Vulnerability in UDDI Services Could Allow Elevation of Privilege (Replaces none )
MS15-087	Microsoft Windows UDDI Services CVE-2015-2475	KB 3082459	No.	Severity:Important Exploitability: 2	Important	Important
MS15-088	Unsafe Command Line Parameter Passing Could Allow Information Disclosure (Replaces MS15-020 )
MS15-088	Microsoft Windows, Internet Explorer, and Microsoft Office CVE-2015-2423	KB 3082458	No.	Severity:Important Exploitability: 1	Important	Important
MS15-089	Vulnerability in WebDAV Could Allow Information Disclosure (Replaces none )
MS15-089	Microsoft Windows WebDAV Server CVE-2015-2476	KB 3076949	No.	Severity:Important Exploitability: 3	Important	Important
MS15-090	Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (Replaces MS15-038 MS15-025 MS15-076 MS15-052 )
MS15-090	Microsoft Windows CVE-2015-2428 CVE-2015-2429 CVE-2015-2430	KB 3060716	No.	Severity:Important Exploitability: 1	Important	Important
MS15-091	Cumulative Security Update for Microsoft Edge (Replaces none )
MS15-091	Microsoft Edge CVE-2015-2441 CVE-2015-2442 CVE-2015-2446 CVE-2015-2449	KB 3084525	No.	Severity:Critical Exploitability: 1	Critical	Important
MS15-092	Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (Replaces none )
MS15-092	Microsoft .NET Framework CVE-2015-2479 CVE-2015-2480 CVE-2015-2481	KB 3086251	No.	Severity:Important Exploitability: 3	Important	Important

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Important patches for servers that do not use outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threats.

Manuel Humberto Santander Pelaacuteez

195 Posts
ISC Handler

Aug 11th 2015

Thread locked Subscribe

Aug 11th 2015
6 years ago