Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Patch Tuesday, December 2015

The December Microsoft Path Tuesday is upon us and it does not bring any happy tidings. It brings with it twelve bulletins with seven rated Critical and five rated Important. Across the board there are 58 individual CVEs, one of the largest releases all year. The large majority resides in Internet Explorer and Edge, which is probably to be expected at this point. This release also patches multiple remote code execution vulnerabilities in the Windows VBScript scripting engine, Microsoft Graphics Component (more font vulnerabilities), Microsoft Uniscribe, Microsoft Silverlight, Microsoft Office and Microsoft Windows DNS.

That last one should have caught your eye. While the other Critical vulnerabilities would typically be exploited on a client platform running Microsoft software, many installations of Windows DNS will be exposed publicly on the Internet. The vulnerability is a Use After Free memory bug that can give the attacker the ability to remotely execute arbitrary code in the context of the Local System Account. The vulnerability was responsibly disclosed to Microsoft by a third party, so it's likely that technical details and a Proof of Concept will be released after users are given time to apply the patch.

If there's a silver lining here, it's that January has historically been a very light on bulletins, so admins may get a break to recover next month. In the meantime put down the cookies and eggnog, you've got some critical patching to do.

MS15-124
CVE-2015-6083, CVE-2015-6134, CVE-2015-6135, CVE-2015-6136, CVE-2015-6138, CVE-2015-6139, CVE-2015-6140, CVE-2015-6141, CVE-2015-6142, CVE-2015-6143, CVE-2015-6144, CVE-2015-6145, CVE-2015-6146, CVE-2015-6147, CVE-2015-6148, CVE-2015-6149, CVE-2015-6150, CVE-2015-6151, CVE-2015-6152, CVE-2015-6153, CVE-2015-6154, CVE-2015-6155, CVE-2015-6156, CVE-2015-6157, CVE-2015-6158, CVE-2015-6159, CVE-2015-6160, CVE-2015-6161, CVE-2015-6162, CVE-2015-6164
Critical
Cumulative Security Update for Internet Explorer

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 7 (IE 7) through Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7) through Internet Explorer 11 (IE 11) on affected Windows servers.

MS15-125
CVE-2015-6139, CVE-2015-6140, CVE-2015-6142, CVE-2015-6148, CVE-2015-6151, CVE-2015-6153, CVE-2015-6154, CVE-2015-6155, CVE-2015-6158, CVE-2015-6159, CVE-2015-6161, CVE-2015-6168, CVE-2015-6169, CVE-2015-6170, CVE-2015-6176
Critical
Cumulative Security Update for Microsoft Edge

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for Microsoft Edge on Windows 10.

MS15-126
CVE-2015-6135, CVE-2015-6136
Critical
Security Update for Microsoft JScript and VBScript to Address Remote Code Execution

This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.

An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user and, if the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Critical for affected versions of the VBScript scripting engine on supported editions of Windows Vista, Windows Server 2008, and Server Core installations of Windows Server 2008 R2.

MS15-127
CVE-2015-6125
Critical
Security Update for Microsoft Windows DNS to Address Remote Code Execution

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

This security update is rated Critical for all supported releases of Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2012, and Windows Server 2012 R2.

MS15-128
CVE-2015-6106, CVE-2015-6107, CVE-2015-6108
Critical
Update for Microsoft Graphics Component to Address Remote Code Execution

This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.

This security update is rated Critical for:

  • All supported releases of Microsoft Windows
  • Affected versions of Microsoft .NET Framework on all supported releases of Microsoft Windows
  • Affected editions of Microsoft Lync 2013 and Microsoft Lync 2010
  • Affected editions of Microsoft Office 2007 and Microsoft Office 2010

MS15-129
CVE-2015-6114, CVE-2015-6165, CVE-2015-6166
Critical
Security Update for Silverlight to Address Remote Code Execution

This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read and write access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content that accept or host user-provided content or advertisements.

This security update is rated Critical for Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac or all supported releases of Microsoft Windows.

MS15-130
CVE-2015-6130
Critical
Security Update for Microsoft Uniscribe to Address Remote Code Execution

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.

This security update is rated Critical for all supported editions of Windows 7 and Windows Server 2008 R2.

MS15-131
CVE-2015-6040, CVE-2015-6118, CVE-2015-6122, CVE-2015-6124, CVE-2015-6172, CVE-2015-6177
Important
Security Update for Microsoft Office to Address Remote Code Execution

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Critical for specific versions of Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, Microsoft Office 2016, Microsoft Office 2013 RT, Microsoft Office for Mac 2011, and Microsoft Office for Mac 2016. See the full Microsoft Bulletin for details.

MS15-132
CVE-2015-6128, CVE-2015-6132, CVE-2015-6133
Important
Security Update for Windows to Address Elevation of Privilege

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.

This security update is rated Important all supported releases of Microsoft Windows.

MS15-133
CVE-2015-6126
Important
Security Update for Windows PGM to Address Elevation of Privilege

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed. Microsoft Message Queuing (MSMQ) must be installed and PGM specifically enabled for a system to be vulnerable. MSMQ is not present in default configurations and, if it is installed, the PGM protocol is available but disabled by default.

This security update is rated Important for all supported releases of Microsoft Windows.

MS15-134
CVE-2015-6127, CVE-2015-6131
Important
Security Update for Windows Media Center to Address Remote Code Execution

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update is rated Important for all supported editions of Windows Media Center when installed on Windows Vista, Windows 7, Windows 8, or Windows 8.1

MS15-135
CVE-2015-6171, CVE-2015-6173, CVE-2015-6175
Important
Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application.

This security update is rated Important for supported releases of Microsoft Windows.

Recent SpiderLabs Blog Posts

Jan 23, 2019

Living of the LAN