blog-software-update This month’s Patch Tuesday is on the lighter side, offering up six bulletins and 33 vulnerabilities in total. Updating Edge is proving to be a recurring theme, however its vulnerability count remains low, which can be interpreted as a good thing. The critical bulletins to watch out for involve IE, JScript/VBScript, and Windows Shell. MS15-106 - Cumulative Security Update for Internet Explorer (3096441) Internet Explorer steals the cake with its total number of vulnerabilities reaching 14 this month, all of which are remote code execution vulnerabilities with the exception of one ALSR bypass and three elevation of privilege vulnerabilities. The VBScripting engine is responsible for a good portion of these vulnerabilities, however as previously mentioned, this bulletin resolves these for systems running IE8 and above. For IE7 and below, MS15-108 addresses these issues. MS15-107 - Cumulative Security Update for Microsoft Edge (3096448) Microsoft Edge is proving to be faithful to its ‘hardened security’ claim, clocking in with only two vulnerabilities. The more interesting of the two allows a remote attacker to bypass Edge’s Cross-Site Scripting (XSS) filter, which disables HTML attributes on a specially crafted page, creating a condition that could allow malicious scripts to run in the wrong security context. The other vulnerability addresses an information disclosure issue which leaks the memory contents of Edge, aiding an attacker to compromise a system further. MS15-108 - Security Update for JScript and VBScript to Address Remote Code Execution (3089659) Microsoft’s VBScripting engine is back this month and is patched for four vulnerabilities – two memory corruptions leading to remote code execution, an ALSR bypass, and an information disclosure. Internet Explorer is used as the attack vector in which an attacker convinces the victim to visit a specially crafted webpage in order to exploit these vulnerabilities. MS15-109 - Security Update for Windows Shell to Address Remote Code Execution (3096443) This bulletin resolves two Use-After-Free vulnerabilities within Windows Shell. Windows does not properly handle Toolbar and Tablet Input Band objects in memory, allowing a remote attacker to execute arbitrary code on the affected system. MS15-110 - Security Updates for Microsoft Office to Address Remote Code Execution (3096440) This bulletin resolves three memory corruption vulnerabilities within Office itself, leading to remote code execution. Additionally, an information disclosure vulnerability is patched due to Sharepoint InfoPath Forms Services improperly parsing Document Type Definitions within an XML file and finally, two Cross-Site Scripting (XSS) vulnerabilities are resolved within Office Web Apps and Sharepoint. The Web App attack vector is through a web request, suggesting a simple reflected XSS attack, while Sharepoint’s, is thought to be a persistent XSS attack that is caused when Office Marketplace is allowed to inject JavaScript code that persists onto a SharePoint page. MS15-111 - Security Update for Windows Kernel to Address Elevation of Privilege (3096447) Topping off the month with Kernel vulnerabilities, this bulletin addresses three memory corruptions resulting in elevation of privileges. Additionally, the Trusted Boot security feature can be bypassed allowing test-signed executables and drivers to be loaded on a target device, which can be used to bypass BitLocker and Device Encryption security features. This vulnerability was publically disclosed prior to this bulletin’s release and has been assigned the vulnerability identifier CVE-2015-2552. Finally, another elevation of privilege vulnerability, discovered by James Forshaw of Google’s Project Zero, exists when mount points are created, allowing an attacker to run in the context of the user.