Microsoft Patch Tuesday July 2015

July's Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 Important rated patches. All combined this month's release patches 59 vulnerabilities 29 of which are in the old stalwart Internet Explorer. This month also patches a remote code execution vulnerability in MS SQL that slipped from last months release. The four Critical patches fix vulnerabilities in Internet Explorer, a remote code execution vulnerabilities in the Windows VBScripting Engine, RDP remote desktop protocol, and Microsoft's Hyper-V platform.

The big news seems to be the end of life for Windows Server 2003, which means this will be the last batch of patches issued to the platform. This deadline has been known for years and yet according to a recent study approximately 61% of organizations have at least one installation of Windows Server 2003. This isn't terribly surprising. Upgrading can be complex and costly. Often not only does the hardware have to be upgraded, but extensive testing needs to be done to verify that existing applications will continue to work after the upgrade. Sometimes an organization faces regulations and compliance laws that make upgrading a difficult process. Overall though it seems like the general feeling is still "If it's still running, it's not broke and if it's not broke, why fix it?"

Windows Server 2003 is more than a decade old. It was released the same year that iTunes was unveiled for the public. When Server 2003 came out the most popular cell phone was the indestructible Nokia candybar. Most people were still carrying around a Palm Pilot as a separate PDA. In other words, Windows Server 2003 is old. Newer OSes like Windows Server 2012 have new features, optimizations and security protections that just don't exist for Server 2003.

The best thing that businesses with Server 2003 installed can do is upgrade. Even if you can't upgrade all the way to Server 2012, a half step to Server 2008 will at least get you security patches until it is end-of-life'd in 2020. If you are forced to stick with Server 2003, it's important to start adding specific security controls to help address the risk.

Segmenting those systems to their own network will help in creating access control rules specific to them as well as isolating any breach that may occur. It's also important to sure up your preventive security controls like anti-malware filters and IPS systems. Anti-malware gateways can filter exploits before they even reach your servers. This concept is generally known as "virtual patching". By blocking an exploit with a gateway device like a WAF or a Secure Email Gateway, you're not as dependent on the physical patches that Server 2003 will be missing. Finally, monitoring your network for anomalous or strange traffic via IDS or router logs can be a crucial tool for identifying and containing a breach.

By not upgrading Server 2003, your organization will be taking on more risk with every vulnerability that goes unpatched, but the platform won't be made immediately vulnerable tomorrow. Despite the end-of-life there is still time to address these issues, but that window is quickly closing. For more information on the Windows Server 2003 End-of-Life check out this Q&A with Trustwave's Dan Kaplan.

MS15-058
Vulnerabilities in SQL Server Could Allow Remote Code Execution
Important
CVE-2015-1761, CVE-2015-1762, CVE-2015-1763

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

This security update is rated Important for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2, Microsoft SQL Server 2012, and Microsoft SQL Server 2014.

MS15-065
Security Update for Internet Explorer
Critical
CVE-2015-1729, CVE-2015-1733, CVE-2015-1738, CVE-2015-1767, CVE-2015-2372, CVE-2015-2383, CVE-2015-2384, CVE-2015-2385, CVE-2015-2388, CVE-2015-2389, CVE-2015-2390, CVE-2015-2391, CVE-2015-2397, CVE-2015-2398, CVE-2015-2401, CVE-2015-2402, CVE-2015-2403, CVE-2015-2404, CVE-2015-2406, CVE-2015-2408, CVE-2015-2410, CVE-2015-2411, CVE-2015-2412, CVE-2015-2413, CVE-2015-2414, CVE-2015-2419, CVE-2015-2421, CVE-2015-2422, CVE-2015-2425

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6 (IE 6) through Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6) through Internet Explorer 11 (IE 11) on affected Windows servers.

MS15-066
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
Critical
CVE-2015-2372

This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Critical for affected versions of the VBScript scripting engine on affected Windows clients, and Moderate for affected versions of the VBScript scripting engine on affected Windows servers.

MS15-067
Vulnerability in RDP Could Allow Remote Code Execution
Critical
CVE-2015-2373

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk.

This security update is rated Critical for Windows 7 for 32-bit Systems and Windows 8 for 32-bit Systems.

MS15-068
Vulnerabilities in Windows Server Hyper-V Could Allow Remote Code Execution
Critical
CVE-2015-2361, CVE-2015-2362

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An an attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

This security update is rated Critical for Windows Hyper-V on Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2

MS15-069
Vulnerabilities in Windows Could Allow Remote Code Execution
Important
CVE-2015-2368, CVE-2015-2369

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user's current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker's specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system.

This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 (excluding Itanium), Windows 8.1, Windows 2012 R2, and Windows RT 8.1.

MS15-070
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Important
CVE-2015-2375, CVE-2015-2376, CVE-2015-2377, CVE-2015-2378, CVE-2015-2379, CVE-2015-2380, CVE-2015-2415, CVE-2015-2424

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Important for all supported editions of the following software:

  • Microsoft Excel 2007, Microsoft PowerPoint 2007, Microsoft Word 2007
  • Microsoft Office 2010, Microsoft Excel 2010, Microsoft PowerPoint 2010, Microsoft Word 2010
  • Microsoft Excel 2013, Microsoft PowerPoint 2013, Microsoft Word 2013
  • Microsoft Excel 2013 RT, Microsoft PowerPoint 2013 RT, Microsoft Word 2013 RT
  • Microsoft Excel for Mac 2011
  • Microsoft Excel Viewer, Microsoft Office Compatibility Pack, Microsoft Word Viewer
  • Excel Services on Microsoft SharePoint Server 2007
  • Excel Services on Microsoft SharePoint Server 2010
  • Excel Services on Microsoft SharePoint Server 2013

MS15-071
Vulnerability in NETLOGON Could Allow Spoofing
Important
CVE-2015-2374

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.

This security update is rated Important for all supported editions of Windows

MS15-072
Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege
Important
CVE-2015-2364

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. An attacker must first log on to the system to exploit this vulnerability.

This security update is rated Important for all supported releases of Windows.

MS15-073
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
Important
CVE-2015-2363, CVE-2015-2365, CVE-2015-2366, CVE-2015-2367, CVE-2015-2381, CVE-2015-2382

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

This security update is rated Important for all supported releases of Microsoft Windows.

MS15-074
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege
Important

CVE-2015-2371

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability.

This security update is rated Important for all supported editions of Microsoft Windows.

MS15-075
Vulnerabilities in OLE Could Allow Elevation of Privilege
Important
CVE-2015-2416, CVE-2015-2417

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker convinces a user to open a file that contains a specially crafted OLE component.

This security update is rated Important for all supported releases of Microsoft Windows

MS15-076
Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege
Important
CVE-2015-2370

This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system.

This security update is rated Important for all supported releases of Windows

MS15-077
Vulnerability in ATM Font Driver Could Allow Elevation of Privilege
Important
CVE-2015-2387

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.

This security update is rated Important for all supported releases of Microsoft Window

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.