Advisories

MA-544.122015: MyCERT Advisory - Microsoft Releases December 2015 Security Bulletin

  • 09 Dec 2015
  • Advisory

1.0 Introduction

Microsoft has released 12 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS15-124 through MS15-135 and apply the necessary updates.

 

2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3116180) 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=699422

 

2.2    Cumulative Security Update for Microsoft Edge (3116184) 
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=699426

 

2.3   Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.
Patch: http://go.microsoft.com/fwlink/?LinkId=699421

 

2.4    Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
Patch: http://go.microsoft.com/fwlink/?LinkId=699414

 

2.5    Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
Patch: http://go.microsoft.com/fwlink/?LinkId=690559

 

2.6    Security Update for Silverlight to Address Remote Code Execution (3106614)
This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read- and write-access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.
Patch: http://go.microsoft.com/fwlink/?LinkId=691214

 

2.7    Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
Patch: http://go.microsoft.com/fwlink/?LinkId=690565

 

2.8    Security Update for Microsoft Office to Address Remote Code Execution (3116111)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=699410

 

2.9   Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=699415

 

2.10 Security Update for Windows PGM to Address Elevation of Privilege (3116130)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=699419

 

2.11 Security Update for Windows Media Center to Address Remote Code Execution (3108669) 
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=699419

 

2.12 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=708239

 

3.0    Recommendation

Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-533.112015: MyCERT Advisory - Microsoft Releases November 2015 Security Bulletin

  • 13 Nov 2015
  • Advisory

1.0 Introduction

Microsoft has released twelve updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS15-112 through MS15-123 and apply the necessary updates.

 

2.0 The list of the Important vulnerabilities is as below:


2.1    Cumulative Security Update for Internet Explorer (3104517) 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=690584

 

2.2    Cumulative Security Update for Microsoft Edge (3104519) 

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=690585
 

2.3   Security Update for Windows Journal to Address Remote Code Execution (3100213)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=690570

 

2.4    Security Update for Microsoft Windows to Address Remote Code Execution (3105864) 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
Patch: http://go.microsoft.com/fwlink/?LinkId=691032
 

2.5    Security Update for Microsoft Office to Address Remote Code Execution (3104540)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=690594
 

2.6    Security Update for NDIS to Address Elevation of Privilege (3101722)

This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=690723

 

2.7    Security Update for .NET Framework to Address Elevation of Privilege (3104507)

This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
Patch: http://go.microsoft.com/fwlink/?LinkId=690565

 

2.8    Security Update for Winsock to Address Elevation of Privilege (3104521)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.
Patch: http://go.microsoft.com/fwlink/?LinkId=690588

 

2.9   Security Update for IPSec to Address Denial of Service (3102939)

This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
Patch: http://go.microsoft.com/fwlink/?LinkId=690724

 

2.10  Security Update for Schannel to Address Spoofing (3081320)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
Patch: http://go.microsoft.com/fwlink/?LinkId=690884

 

2.11  Security Update for Kerberos to Address Security Feature Bypass (3105256)

This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
Patch: http://go.microsoft.com/fwlink/?LinkId=690720

 

2.12  Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)

This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.
Patch: http://go.microsoft.com/fwlink/?LinkId=691035

 

3.0    Recommendation

Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-529.102015: MyCERT Advisory - Microsoft Releases October 2015 Security Bulletin

  • 16 Oct 2015
  • Advisory

1.0 Introduction

Microsoft has released six updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS15-106 through MS15-111 and apply the necessary updates.

 

2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3096441
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=625089

2.2    Cumulative Security Update for Microsoft Edge (3096448) 
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=625091

2.3   Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.
Patch: http://go.microsoft.com/fwlink/?LinkId=623633

2.4    Security Update for Windows Shell to Address Remote Code Execution (3096443) 
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
Patch: http://go.microsoft.com/fwlink/?LinkId=625078

2.5    Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=625092

2.6    Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=625080

 

 

3.0    Recommendation

Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-518.092015: MyCERT Advisory - Microsoft Releases September 2015 Security Bulletin

  • 18 Sep 2015
  • Advisory

 1.0 Introduction

Microsoft has released 12 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS15-094 through MS15-105 and apply the necessary updates.
 

2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3089548)  
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=623623
 

2.2    Cumulative Security Update for Microsoft Edge (3089665)  
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=623632

 

2.3   Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=623553


2.4    Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) 
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
Patch: http://go.microsoft.com/fwlink/?LinkId=623625
 

2.5    Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) 
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=623624
 

2.6    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=623627
 

2.7    Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=623232
 

2.8    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)  
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
Patch: http://go.microsoft.com/fwlink/?LinkId=623575


2.9 Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Patch : http://go.microsoft.com/fwlink/?LinkId=623626

 

2.10 Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Patch : http://go.microsoft.com/fwlink/?LinkId=623628

2.11 Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)

This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.
Patch :  http://go.microsoft.com/fwlink/?LinkId=623216

 

2.12 Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to incorrectly apply access control list (ACL) configuration settings. Customers who have not enabled the Hyper-V role are not affected.
Patch : http://go.microsoft.com/fwlink/?LinkId=623539

 

3.0    Recommendation
Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4
 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-509.082015: MyCERT Alert - Microsoft Releases Critical Security Update for Internet Explorer

  • 21 Aug 2015
  • Alert

1.0 Introduction

Microsoft has released a critical security update to address a vulnerability in Internet Explorer. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage.

 

2.0 Impact

The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

 

3.0 Affected Products

  • Internet Explorer 7, 8, 9, 10 and 11 on multiple Windows platform.

 

4.0 Recommendation

Affected users are recommended to perform the update immediately according to the following IE and Windows versions as per below:

Internet Explorer 7


Windows Vista Service Pack 2
https://www.microsoft.com/downloads/details.aspx?familyid=fdc9a2ff-11ba-4b3d-9cc4-d5e236eb62e6

Windows Vista x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?familyid=908bd2cf-630b-4715-84c4-c3cbd870d608

Windows Server 2008 for 32-bit Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?familyid=f40669c3-2a8d-4bbf-bb74-82aaac679b65

Windows Server 2008 for x64-based Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?familyid=6501aafb-a123-4956-b70c-7bf209695ddf

Windows Server 2008 for Itanium-based Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?familyid=77545ff7-ee00-4f73-9bb6-df8171a7a8fc

Internet Explorer 8


Windows Vista Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=4917a747-d4b5-4faa-b859-cb38ecd8dd3b

Windows Vista x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=fc37cccd-3909-4ba2-be82-0f44144ab3ba

Windows Server 2008 for 32-bit Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=578a2d2a-2d13-4588-8ca3-3149286960d8

Windows Server 2008 for x64-based Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=32b112fb-b6b5-4a61-9331-900ea3bf912f

Windows 7 for 32-bit Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=569bfacd-d612-4504-9bd4-7af42958cb9d

Windows 7 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=11de8d57-295a-41db-b179-f94979259e26

Windows Server 2008 R2 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=d528a684-df53-48d8-b1b8-1dbdf815782c

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=1d5e7c73-139a-4263-aef9-02fb2aba957f

Internet Explorer 9


Windows Vista Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=ea1a609d-10f8-4f78-a230-0a7892d24cf3

Windows Vista x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=4da928c7-c9c4-45c5-84f9-05cad38cc261

Windows Server 2008 for 32-bit Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=4e3c0593-dc45-4def-ae53-5d6b23bf47bc

Windows Server 2008 for x64-based Systems Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyID=4fdd0d5e-6929-4dfa-b0e5-160465d54e4a

Windows 7 for 32-bit Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=0baf2b37-bdb8-412d-a8ec-32b1d97343b8

Windows 7 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=607663a8-4b76-4c02-ba59-281352a78c29

Windows Server 2008 R2 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=7857857e-93ee-47aa-a14c-4d7b6d258187

Internet Explorer 10


Windows 7 for 32-bit Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=e9bc0f6d-308e-4094-8012-a2282158a599

Windows 7 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=150f2735-3a7d-4497-b2e4-698ec0b6af36

Windows Server 2008 R2 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=08d4be9b-7283-4718-9bb5-68755090146a

Windows 8 for 32-bit Systems
https://www.microsoft.com/downloads/details.aspx?FamilyID=47b4ec1c-2ca6-49b2-882e-c5262fef540d

Windows 8 for x64-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyID=b08a013a-9335-47eb-9f00-9d31b99184bc

Windows Server 2012
https://www.microsoft.com/downloads/details.aspx?FamilyID=825724a0-0b2f-4312-94e5-b52dc7367c29

Windows RT*

Internet Explorer 11


Windows 7 for 32-bit Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=77b5f5cd-efd5-4fb5-a01c-66b0b1c7f66d

Windows 7 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=4d5fb8a9-bb7c-4dc1-823e-3f2394cf3089

Windows Server 2008 R2 for x64-based Systems Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyID=114f134e-27d4-4998-9a27-fe678a201669

Windows 8.1 for 32-bit Systems
https://www.microsoft.com/downloads/details.aspx?FamilyID=5fb74b22-3fc7-413d-b913-4425acc616be

Windows 8.1 for x64-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyID=74577736-ce17-4722-96b2-831a890309e7

Windows Server 2012 R2
https://www.microsoft.com/downloads/details.aspx?FamilyID=8df9eae6-bd91-4df8-bf51-4117056b6983

Windows RT 8.1*

Windows 10 for 32-bit Systems **
https://support.microsoft.com/en-us/kb/3081444

Windows 10 for x64-based Systems **
https://support.microsoft.com/en-us/kb/3081444

* Available via Windows Update.
** The Windows 10 update is cumulative.

 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my 
Cyber999 Mobile Apps: IOS Users or Android Users

 

5.0 References

Read More

MA-498.072015: MyCERT Alert - Microsoft Releases July 2015 Security Bulletin

  • 22 Jul 2015
  • Alert

1.0 Introduction

Microsoft has released a security update to address a critical vulnerability in Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
 
 
2.0 The list of the Important vulnerability are as below:
 
2.1 Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts. The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
 
 
 
3.0 Recommendation
 
Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.
The how-to perform of the Windows Update is available at the following URL:
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Cyber999 Mobile Apps: IOS Users or Android Users
 
 
4.0 References
 
• Microsoft Security Bulletin MS15-078 – Critical, https://technet.microsoft.com/en-us/library/security/MS15-078
Read More

MA-495.072015: MyCERT Advisory - Microsoft Releases July 2015 Security Bulletin

  • 16 Jul 2015
  • Advisory

1.0 Introduction

 
Microsoft has released fourteen updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. MyCERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065 through MS15-077 and apply the necessary updates.
 
2.0 The list of the Important vulnerabilities are as below:
 
2.1 Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
 
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
 
 
2.2 Security Update for Internet Explorer (3076321)
 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
 
 
2.3 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
 
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
2.4 Vulnerability in RDP Could Allow Remote Code Execution (3073094)
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
 
 
2.5 Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
 
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.
 
 
2.6 Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
 
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user's current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker's specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
2.7 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
 
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
 
 
2.8 Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC).
 
 
2.9 Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows Graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. An attacker must first log on to the system to exploit this vulnerability.
 
 
2.10 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
 
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
 
 
2.11 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
 
 
2.12 Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
 
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run. Once the other vulnerability has been exploited, an attacker could then exploit the vulnerabilities addressed in this bulletin to cause arbitrary code to run at a medium integrity level.
 
 
2.13 Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
2.14 Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
3.0 Recommendation
 
Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.
 
The how-to perform of the Windows Update is available at the following URL:
 
 
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
 
For further enquiries, please contact MyCERT through the following channels:
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users
 
4.0 References
 
 
Read More

MA-493.072015: MyCERT Advisory - Adobe Flash and Microsoft Windows Vulnerabilities

  • 15 Jul 2015
  • Advisory

1.0 Introduction

 
Adobe has released security updates for Adobe Flash Player for Windows. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
 
2.0 Impact
 
The Adobe Flash vulnerabilities can allow a remote attacker to execute arbitrary code. Exploitation of the Adobe Type Manager vulnerability could then allow the attacker to execute code with system https://www.microsoft.com/en-us/download/details.aspx?id=46366 privileges.
 
3.0 Affected Products
 
Windows and Macintosh:
 
  • Adobe Flash Player Desktop Runtime 18.0.0.194 and earlier
  • Adobe Flash Player Extended Support Release 13.0.0.296 and earlier
  • AIR Desktop Runtime 18.0.0.144 and earlier 
 
Windows, Macintosh and Linux: 
 
  • Adobe Flash Player for Google Chrome 18.0.0.194 and earlier 
 
Windows 8.0 and 8.1:
 
  • Adobe Flash Player for Internet Explorer 10 and 11, 18.0.0.194 and earlier
 
Linux:
 
  • Adobe Flash player 11.2.202.468 and earlier
 
Windows, Macintosh, Android and IOS:
 
  • AIR SDK 18.0.0.144 and earlier
  • AIR SDK & Compiler 18.0.0.144 and earlier
 
4.0 Recommendation
 
Users must apply the security updates immediately to fix the vulnerabilities, as below:
 
The Adobe Flash 
  • https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
 
The Microsoft Windows Adobe Type Manager 
  • https://technet.microsoft.com/en-us/library/security/MS15-077
 
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
 
For further enquiries, please contact MyCERT through the following channels:
 
Phone: 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my 
Twitter: http://www.twitter.com/mycert 
Cyber999 Mobile Apps: IOS Users or Android Users
 
5.0 References
 
US-CERT: Adobe Releases Security Updates for Flash Player,
  • https://www.us-cert.gov/ncas/alerts/TA15-195A
 
Adobe Security Bulletin: Security updates available for Adobe Flash Player,
  • https://helpx.adobe.com/security/products/flash-player/apsb15-18.html 
 
Additional information regarding the vulnerabilities in Vulnerability Notes
  • http://www.kb.cert.org/vuls/id/561288
  • http://www.kb.cert.org/vuls/id/338736
  • http://www.kb.cert.org/vuls/id/918568
  • http://www.kb.cert.org/vuls/id/103336
Read More

MA-482.062015: MyCERT Advisory - Microsoft Releases June 2015 Security Bulletin

  • 12 Jun 2015
  • Advisory

1.0 Introduction 


Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. Users and administrators are encouraged to review Microsoft Security Bulletins MS15-056 through - MS15-064 and apply the necessary updates.



2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3058515) 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkID=614953

2.2    Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkID=614954

2.3   Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949) 
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkID=614957

2.4    Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.
Patch: http://go.microsoft.com/fwlink/?LinkID=614958

2.5    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkID=614959

2.6    Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577) 
This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur.
Patch: http://go.microsoft.com/fwlink/?LinkID=614960
 
2.7    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share. An attacker would then have to wait for a user to run a program that can load a malicious .dll file, resulting in elevation of privilege. However, in all cases an attacker would have no way to force a user to visit such a network share or website.
Patch: http://go.microsoft.com/fwlink/?LinkID=614961

2.8    Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)  
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.
Patch: http://go.microsoft.com/fwlink/?LinkID=614962

 

3.0    Recommendation
Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

 4.0     References

Read More

MA-477.052015: MyCERT Advisory - Microsoft Security Bulletin Summary for May 2015

  • 13 May 2015
  • Advisory
1.0 Introduction

Microsoft has released thirteen updates to address vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft SharePoint Server, Microsoft .NET, and Microsoft Office. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass. Users and administrators are encouraged to review Microsoft Security Bulletin Summary MS15-043 - MS15-055 and apply the necessary updates.



2.0 The list of the Important vulnerabilities is as below:

2.1    Cumulative Security Update for Internet Explorer (3049563)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=533730

2.2    Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts.
Patch: http://go.microsoft.com/fwlink/?LinkId=533715

2.3   Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=533722

2.4    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Patch: http://go.microsoft.com/fwlink/?LinkId=533724

2.5    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
This security update resolves vulnerabilities in Microsoft Office server software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
Patch: http://go.microsoft.com/fwlink/?LinkId=534002

2.6    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application.
Patch: http://go.microsoft.com/fwlink/?LinkId=533716
 
2.7    Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system. To exploit the vulnerability an attacker would first have to log on to the system or convince a logged on user to execute the specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=534625

2.8    Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)
This security update resolves a vulnerability in Windows Service Control Manager (SCM), which is caused when SCM improperly verifies impersonation levels. The vulnerability could allow elevation of privilege if an attacker first logs on to the system and then runs a specially crafted application designed to increase privileges.
Patch: http://go.microsoft.com/fwlink/?LinkId=534268

2.9   Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on locally and runs arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited remotely or by anonymous users.
Patch: http://go.microsoft.com/fwlink/?LinkId=533726

2.10    Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application.
Patch: http://go.microsoft.com/fwlink/?LinkId=533731

2.11    Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263)
This security update resolves ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these ASLR bypasses in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.
Patch: http://go.microsoft.com/fwlink/?LinkId=533729

2.12    Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to open a share containing a specially crafted .msc file. However, an attacker would have no way of forcing a user to visit the share or view the file.
Patch: http://go.microsoft.com/fwlink/?LinkId=533727

2.13    Vulnerability in Schannel Could Allow Information Disclosure (3061518)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. A server needs to support 512-bit DHE key lengths for an attack to be successful; the minimum allowable DHE key length in default configurations of Windows servers is 1024 bits.
Patch: http://go.microsoft.com/fwlink/?LinkId=536690
 

3.0    Recommendation
Users and administrators are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:
https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4
 

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected] 
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442 
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT
Web : https://www.mycert.org.my
Twitter : http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps:  IOS Users or Android Users

 

4.0     References

Read More
Showing 71-80 of 165 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
Popular Advisories
Archives