In this month’s Patch Tuesday, Adobe released updates for 79 vulnerabilities in its Flash Player, the most number of vulnerabilities patched for the said product this year. 56 of these are use-after free (UAF) vulnerabilities, which may allow attackers to remotely run arbitrary code on affected systems. Most of the other vulnerabilities relate to memory corruption and buffer overflow.
Meanwhile, Microsoft rolled out 12 security bulletins, 8 of which are considered critical. One of the notable ones is MS15-127, which resolves a vulnerability in Microsoft Windows which could allow remote code execution if an attacker sends specially crafted requests to a DNS server. On the other hand, MS15-130 resolves a font vulnerability in Windows that attackers could use to remotely execute code by getting users to open a specially crafted document or to visit a malicious page with these specially crafted fonts.
Two of the Microsoft updates address critical browser vulnerabilities. MS15-124 and MS15-125 are cumulative updates for Internet Explorer and Microsoft Edge, respectively. The most severe vulnerabilities addressed in both need the users to only visit a specially crafted webpage to eventually gain the same user rights as the current user, heavily impacting those holding administrative rights.
The other critical Microsoft updates address vulnerabilities in VBScript scripting engine (MS15-126), Microsoft graphics components (MS15-128), Silverlight (MS15-129), and Microsoft office (MS15-131). Should these flaws remain unpatched, these may lead to remote code execution on affected systems.
Updating software and systems with the latest patches from Adobe and Microsoft is strongly advised.
Trend Micro Solutions
Trend Micro Deep Security and Vulnerability Protection defend user systems from threats that may leverage these vulnerabilities following DPI rules:
- 1007224 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
- 1007225 – Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136)
- 1007227 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6140)
- 1007228 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6141)
- 1007229 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
- 1007230 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6143)
- 1007231 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6145)
- 1007232 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6146)
- 1007233 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6147)
- 1007234 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6148)
- 1007235 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6149)
- 1007236 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6150)
- 1007237 – Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CVE-2015-6151)
- 1007238 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6152)
- 1007239 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6153)
- 1007240 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6154)
- 1007241 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6155)
- 1007242 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6156)
- 1007243 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6158)
- 1007244 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
- 1007245 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6160)
- 1007246 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6162)
- 1007248 – Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
- 1007249 – Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6107)
- 1007250 – Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
- 1007251 – Microsoft Office Remote Code Execution Vulnerability (CVE-2015-6172)
- 1007273 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6134)
- 1007274 – Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135)
- 1007275 – Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6157)
- 1007276 – Microsoft Edge Elevation of Privilege Vulnerability (CVE-2015-6170)
- 1007277 – Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6106)
- 1007279 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6040)
- 1007280 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6118)
- 1007281 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6122)
- 1007282 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6124)
- 1007283 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-6177)
- 1007284 – Microsoft Windows Library Loading Elevation Of Privilege Vulnerability (CVE-2015-6133)
- 1007285 – Microsoft Windows Media Center Information Disclosure Vulnerability (CVE-2015-6127)
- 1007287 – Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6128)
- 1007288 – Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132)
