Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0554
Cumulative Security Update for Internet Explorer
11 March 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Internet Explorer
Publisher: Microsoft
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-1634 CVE-2015-1627 CVE-2015-1626
CVE-2015-1625 CVE-2015-1624 CVE-2015-1623
CVE-2015-1622 CVE-2015-0100 CVE-2015-0099
CVE-2015-0072 CVE-2015-0056 CVE-2015-0032
Original Bulletin:
https://technet.microsoft.com/library/security/ms15-018
- --------------------------BEGIN INCLUDED TEXT--------------------
Bulletin Number: MS15-018
Bulletin Title: Cumulative Security Update for Internet Explorer
Severity: Critical
KB Article: 3032359
Version: 1.0
Published Date: March 10, 2015
Description: This security update resolves vulnerabilities in Internet
Explorer. The most severe of the vulnerabilities could allow remote code
execution if a user views a specially crafted webpage using Internet Explorer.
An attacker who successfully exploited these vulnerabilities could gain the
same user rights as the current user.
Executive Summary
This security update resolves vulnerabilities in Internet Explorer. The most
severe of the vulnerabilities could allow remote code execution if a user
views a specially crafted webpage using Internet Explorer. An attacker who
successfully exploited these vulnerabilities could gain the same user rights
as the current user. Customers whose accounts are configured to have fewer
user rights on the system could be less impacted than those who operate with
administrative user rights.
This security update is rated Critical for Internet Explorer 6 (IE 6),
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on
affected Windows clients, and Moderate for Internet Explorer 6 (IE 6),
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on
affected Windows servers.
Affected Software
Internet Explorer 6
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 8
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Internet Explorer 9
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows Server 2012
Windows RT
Internet Explorer 11
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 R2
Windows RT 8.1
Vulnerability Information
Multiple Memory Corruption Vulnerabilities in Internet Explorer
Remote code execution vulnerabilities exist when Internet Explorer improperly
accesses objects in memory. These vulnerabilities could corrupt memory in such
a way that an attacker could execute arbitrary code in the context of the
current user. The update addresses the vulnerabilities by modifying the way
that Internet Explorer handles objects in memory.
An attacker could host a specially crafted website that is designed to exploit
these vulnerabilities through Internet Explorer, and then convince a user to
view the website. The attacker could also take advantage of compromised
websites and websites that accept or host user-provided content or
advertisements by adding specially crafted content that could exploit these
vulnerabilities. In all cases, however, an attacker would have no way to force
users to view the attacker-controlled content. Instead, an attacker would have
to convince users to take action, typically by getting them to click a link in
an instant messenger or email message that takes users to the attacker's
website, or by getting them to open an attachment sent through email.
An attacker who successfully exploited these vulnerabilities could gain the
same user rights as the current user. If the current user is logged on with
administrative user rights, an attacker who successfully exploited these
vulnerabilities could take complete control of an affected system. An attacker
could then install programs; view, change, or delete data; or create new
accounts with full user rights. Systems where Internet Explorer is used
frequently, such as workstations or terminal servers, are at the most risk
from these vulnerabilities.
Vulnerability title CVE number Publicly Disclosed Exploited
Internet Explorer Memory CVE-2015-0056 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-0099 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-0100 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-1622 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-1623 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-1624 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-1625 Yes No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-1626 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2015-1634 No No
Corruption Vulnerability
VBScript Memory Corruption Vulnerability CVE-2015-0032
A remote code execution vulnerability exists in the way that the VBScript
engine, when rendered in Internet Explorer, handles objects in memory. The
vulnerability may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.
An attacker could host a specially crafted website that is designed to exploit
this vulnerability through Internet Explorer and then convince a user to view
the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the
IE rendering engine. The attacker could also take advantage of compromised
websites and websites that accept or host user-provided content or
advertisements by adding specially crafted content that could exploit this
vulnerability. In all cases, however, an attacker would have no way to force
users to view the attacker-controlled content. Instead, an attacker would have
to convince users to take action, typically by getting them to click a link in
an email message or in an Instant Messenger message that takes users to the
attacker's website, or by opening an attachment sent through email.
An attacker who successfully exploited this vulnerability could gain the same
user rights as the current user. If the current user is logged on with
administrative user rights, an attacker who successfully exploited this
vulnerability could take complete control of an affected system. An attacker
could then install programs; view, change, or delete data; or create new
accounts with full user rights. Systems on which Internet Explorer is used
frequently, such as workstations or terminal servers, are at the most risk
from this vulnerability.
Vulnerability title CVE number Publicly Disclosed Exploited
VBScript Memory CVE-2015-0032 No No
Corruption Vulnerability
Internet Explorer Elevation of Privilege Vulnerability CVE-2015-0072
An elevation of privilege vulnerability exists when Internet Explorer does not
properly enforce cross-domain policies, which could allow an attacker to
access information from one domain and inject it into another domain. The
update addresses the vulnerability by helping to ensure that cross-domain
policies are properly enforced in Internet Explorer.
In a web-based attack scenario, an attacker could host a website that is used
to attempt to exploit this vulnerability. In addition, compromised websites
and websites that accept or host user-provided content could contain specially
crafted content that could exploit this vulnerability. In all cases, however,
an attacker would have no way to force users to view the attacker-controlled
content. Instead, an attacker would have to convince users to take action. For
example, an attacker could trick users into clicking a link that takes them to
the attacker's site. An attacker who successfully exploited this vulnerability
could elevate privileges in affected versions of Internet Explorer.
Vulnerability title CVE number Publicly Disclosed Exploited
Internet Explorer Elevation CVE-2015-0072 Yes No
of Privilege Vulnerability
Internet Explorer Elevation of Privilege Vulnerability CVE-2015-1627
An elevation of privilege vulnerability exists when Internet Explorer does not
properly validate permissions under specific conditions, potentially allowing
script to be run with elevated privileges. The update addresses the
vulnerability by adding additional permission validations to Internet
Explorer.
Vulnerability title CVE number Publicly Disclosed Exploited
Internet Explorer Elevation CVE-2015-1627 No No
of Privilege Vulnerability
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVP+XIBLndAQH1ShLAQIBuBAAqsg9Bm7VJ7VOlDzdIsHo+ZtFczwMCtuT
TtvjSo8YKn0vrEjkYzokf7lo0zgXD/RNkpr8nmj0gTelPI5SsQCnB6As9ih7LO5X
KPu0pnwLt4DjiBNGLXEXDBIaOo6krDY0HsvILztBXGSX9B9LUIfDze3WydewY2Mm
38tOB+mlA/CR+2xCRwY8fePG2vAUwgroWxoUr/l5kBmqic0KHSBx5VJLo45yp7+U
l4lLefAQ53oQ6qrLD6zfXvbLec84H7nBe/mXtmP0VPMXj24LrsgEciydMU0ttIbd
5rdb9VDZwgEDiDpkAOITZk/7CK78X7x6xA92Yb5fhjoVu8/mkPVWy1NadCqTTwm0
7vkRk0w7EZ3Ticch33XyVHXw/zbJklSKGW7BnKUPBYZjUJFphNDq9pHP5vqXeXEW
376R+mo8anK7VHtQLiQo3FrgZ9GXnkLJWWLTZa+4kAVa25SuJU3royiL0VOJB5i6
amMAe/TbbCg2NPvHpgO6jnJSTVLZvCZCI8M9qtbHnvSgoHxT6YHDghhPYuX02eoj
Q4eV2tg8y5KTFP0Rw38lym7ejeukB1qotuigEyQlSLEI40Hd5+z889+0J36SRH9m
Z+hRGTsDIGNyRKhIkEYqqdrcyZ2sQTtNm49fG3GPWdRU5dGwITslW3oau+o3pMur
J8vmoVXIZN8=
=3YRD
-----END PGP SIGNATURE-----