Software

Microsoft Security Updates August 2015

Microsoft releases a new batch of fourteen security updates patching over fifty vulnerabilities today, with one of them known to be abused in targeted attacks. A large number of the vulnerabilities were reported by researchers from Google and their Project Zero, and HP’s Zero Day initiative. Meanwhile, a reflective discussion about the value of these offensive teams is laid out on offsec mailing lists.

Currently being exploited in-the-wild, MS15-085 “Vulnerability in Mount Manager Could Allow Elevation of Privilege”, enables an attacker to write out an executable to disk and run it from usb disk insertion. Exploitation is in use as a part of limited targeted attacks. Update installation and maintenance seems to be a large order here, as Microsoft includes a unique recommendation with it: “If you install a language pack after you install this update, you must reinstall this update.” Not only is “Mountmgr.sys” listed a few hundred times in this related knowledge base article, but over a hundred other files are touched with this larger update. And not only is Microsoft shipping code to close up the vulnerability, they are also shipping a new event for the event log, to identify related exploit attempts, “As part of the update, we are also shipping an event log to help defenders detect attempts to use this vulnerability on their systems”. Event ID 100: MountMgr “CVE-2015-1769” will be logged by Windows for reference.

The new Edge web browser maintains three “memory corruption” vulnerabilities. Typically, when these arise in Microsoft’s web browsers, the flaws have been use-after-free problems. These memory corruption issues surprisingly enable remote code execution on Windows 10:
CVE-2015-2441
CVE-2015-2442
CVE-2015-2446
and one ASLR bypass issue. While the code base is smaller, faster, and newer than IE, these issues continue to crop up in their newest code.

More on Microsoft’s August 2015 Bulletins can be found here, please update your system asap.

Microsoft Security Updates August 2015

Your email address will not be published. Required fields are marked *

 

  1. gwem tonye nicolas

    not for now
    i don’t know about the service

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox