• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Vulnerabilities   »   August Patch Tuesday Includes Update for Microsoft Edge

August Patch Tuesday Includes Update for Microsoft Edge

  • Posted on:August 11, 2015 at 3:28 pm
  • Posted in:Vulnerabilities
  • Author:
    Abigail Pichel (Technical Communications)
0

When it was announced that Microsoft Edge would replace Internet Explorer in Windows 10, a lot of members in the tech industry took notice. Internet Explorer has been, admittedly, a well-known target for vulnerabilities for years. We noted that in 2014 alone, a total of 243 memory corruption vulnerabilities in Internet Explorer were disclosed and patched.

But weeks after its official release, it seems like Microsoft Edge is still working out some kinks, as one of the “Critical” security updates for this month applies to the new browser. MS15-091 is a cumulative security update for Microsoft Edge. According to the bulletin, the update addresses vulnerabilities, the most severe of which could “allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.”

This month’s Patch Tuesday brings another cumulative security update for Internet Explorer (MS15-079). Like that of Microsoft Edge’s, the patch addresses vulnerabilities that could allow remote code execution. The two other “Critical” updates also involve remote code execution: one for Microsoft Office (MS15-081) and the other for a Microsoft graphics component (MS15-080). Aside from the four “Critical” vulnerabilities, this month’s Patch Tuesday has ten “Important” updates, bringing the total to fourteen for August.

Adobe has also released a security update (APSB15-19), which addresses vulnerabilities for Adobe Flash Player. According to the bulletin, the updates “address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”

Users are strongly advised to update their software and systems with the latest patches from Microsoft and Adobe. For additional information on these security bulletins, visit our Threat Encyclopedia page.

Trend Micro solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities with the following DPI rules:

  • 1006624-Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
  • 1006928-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
  • 1006929-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
  • 1006930-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
  • 1006931-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
  • 1006932-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
  • 1006933-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
  • 1006934-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
  • 1006935-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)
  • 1006936-Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
  • 1006937-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
  • 1006938-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
  • 1006939-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
  • 1006940-Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
  • 1006941-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
  • 1006944-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
  • 1006945-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
  • 1006946-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
  • 1006947-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
  • 1006948-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
  • 1006949-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
  • 1006950-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
  • 1006951-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
  • 1006952-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)
  • 1006955-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
  • 1006956-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: AdobeAdobe Flash PlayerAugust 2015 Patch TuesdayMicrosoftmicrosoft edgePatch TuesdayVulnerabilitiesWindows

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.