Operating System:

[Win]

Published:

11 March 2015

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0554
             Cumulative Security Update for Internet Explorer
                               11 March 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Internet Explorer
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-1634 CVE-2015-1627 CVE-2015-1626
                   CVE-2015-1625 CVE-2015-1624 CVE-2015-1623
                   CVE-2015-1622 CVE-2015-0100 CVE-2015-0099
                   CVE-2015-0072 CVE-2015-0056 CVE-2015-0032

Original Bulletin: 
   https://technet.microsoft.com/library/security/ms15-018

- --------------------------BEGIN INCLUDED TEXT--------------------

Bulletin Number: MS15-018

Bulletin Title: Cumulative Security Update for Internet Explorer

Severity: Critical

KB Article: 3032359

Version: 1.0

Published Date: March 10, 2015

Description: This security update resolves vulnerabilities in Internet 
Explorer. The most severe of the vulnerabilities could allow remote code 
execution if a user views a specially crafted webpage using Internet Explorer.
An attacker who successfully exploited these vulnerabilities could gain the 
same user rights as the current user.

Executive Summary

This security update resolves vulnerabilities in Internet Explorer. The most 
severe of the vulnerabilities could allow remote code execution if a user 
views a specially crafted webpage using Internet Explorer. An attacker who 
successfully exploited these vulnerabilities could gain the same user rights 
as the current user. Customers whose accounts are configured to have fewer 
user rights on the system could be less impacted than those who operate with 
administrative user rights.

This security update is rated Critical for Internet Explorer 6 (IE 6), 
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on 
affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), 
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on 
affected Windows servers. 

Affected Software

Internet Explorer 6

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems

Internet Explorer 7

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2

Internet Explorer 8

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Internet Explorer 9

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1

Internet Explorer 10

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows Server 2012
Windows RT

Internet Explorer 11

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 R2
Windows RT 8.1

Vulnerability Information

Multiple Memory Corruption Vulnerabilities in Internet Explorer

Remote code execution vulnerabilities exist when Internet Explorer improperly
accesses objects in memory. These vulnerabilities could corrupt memory in such
a way that an attacker could execute arbitrary code in the context of the 
current user. The update addresses the vulnerabilities by modifying the way 
that Internet Explorer handles objects in memory.

An attacker could host a specially crafted website that is designed to exploit
these vulnerabilities through Internet Explorer, and then convince a user to 
view the website. The attacker could also take advantage of compromised 
websites and websites that accept or host user-provided content or 
advertisements by adding specially crafted content that could exploit these 
vulnerabilities. In all cases, however, an attacker would have no way to force
users to view the attacker-controlled content. Instead, an attacker would have
to convince users to take action, typically by getting them to click a link in
an instant messenger or email message that takes users to the attacker's 
website, or by getting them to open an attachment sent through email.

An attacker who successfully exploited these vulnerabilities could gain the 
same user rights as the current user. If the current user is logged on with 
administrative user rights, an attacker who successfully exploited these 
vulnerabilities could take complete control of an affected system. An attacker
could then install programs; view, change, or delete data; or create new 
accounts with full user rights. Systems where Internet Explorer is used 
frequently, such as workstations or terminal servers, are at the most risk 
from these vulnerabilities.

Vulnerability title 		CVE number 	Publicly Disclosed 	Exploited

Internet Explorer Memory 	CVE-2015-0056	No 			No
Corruption Vulnerability 

Internet Explorer Memory 	CVE-2015-0099	No 			No
Corruption Vulnerability

Internet Explorer Memory  	CVE-2015-0100	No 			No
Corruption Vulnerability

Internet Explorer Memory	CVE-2015-1622	No 			No
Corruption Vulnerability 

Internet Explorer Memory  	CVE-2015-1623	No 			No
Corruption Vulnerability

Internet Explorer Memory  	CVE-2015-1624	No 			No
Corruption Vulnerability

Internet Explorer Memory  	CVE-2015-1625	Yes 			No
Corruption Vulnerability

Internet Explorer Memory  	CVE-2015-1626	No 			No
Corruption Vulnerability

Internet Explorer Memory 	CVE-2015-1634	No 			No
Corruption Vulnerability 


VBScript Memory Corruption Vulnerability CVE-2015-0032

A remote code execution vulnerability exists in the way that the VBScript 
engine, when rendered in Internet Explorer, handles objects in memory. The 
vulnerability may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.

An attacker could host a specially crafted website that is designed to exploit
this vulnerability through Internet Explorer and then convince a user to view
the website. An attacker could also embed an ActiveX control marked "safe for
initialization" in an application or Microsoft Office document that hosts the
IE rendering engine. The attacker could also take advantage of compromised 
websites and websites that accept or host user-provided content or 
advertisements by adding specially crafted content that could exploit this 
vulnerability. In all cases, however, an attacker would have no way to force 
users to view the attacker-controlled content. Instead, an attacker would have
to convince users to take action, typically by getting them to click a link in
an email message or in an Instant Messenger message that takes users to the 
attacker's website, or by opening an attachment sent through email.

An attacker who successfully exploited this vulnerability could gain the same
user rights as the current user. If the current user is logged on with 
administrative user rights, an attacker who successfully exploited this 
vulnerability could take complete control of an affected system. An attacker 
could then install programs; view, change, or delete data; or create new 
accounts with full user rights. Systems on which Internet Explorer is used 
frequently, such as workstations or terminal servers, are at the most risk 
from this vulnerability.

Vulnerability title 		CVE number 	Publicly Disclosed 	Exploited

VBScript Memory  		CVE-2015-0032	No 			No
Corruption Vulnerability


Internet Explorer Elevation of Privilege Vulnerability CVE-2015-0072

An elevation of privilege vulnerability exists when Internet Explorer does not
properly enforce cross-domain policies, which could allow an attacker to 
access information from one domain and inject it into another domain. The 
update addresses the vulnerability by helping to ensure that cross-domain 
policies are properly enforced in Internet Explorer.

In a web-based attack scenario, an attacker could host a website that is used
to attempt to exploit this vulnerability. In addition, compromised websites 
and websites that accept or host user-provided content could contain specially
crafted content that could exploit this vulnerability. In all cases, however,
an attacker would have no way to force users to view the attacker-controlled 
content. Instead, an attacker would have to convince users to take action. For
example, an attacker could trick users into clicking a link that takes them to
the attacker's site. An attacker who successfully exploited this vulnerability
could elevate privileges in affected versions of Internet Explorer.

Vulnerability title 		CVE number 	Publicly Disclosed 	Exploited

Internet Explorer Elevation  	CVE-2015-0072 	Yes 			No
of Privilege Vulnerability


Internet Explorer Elevation of Privilege Vulnerability CVE-2015-1627

An elevation of privilege vulnerability exists when Internet Explorer does not
properly validate permissions under specific conditions, potentially allowing
script to be run with elevated privileges. The update addresses the 
vulnerability by adding additional permission validations to Internet 
Explorer.

Vulnerability title 		CVE number 	Publicly Disclosed 	Exploited

Internet Explorer Elevation  	CVE-2015-1627	No 			No
of Privilege Vulnerability

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVP+XIBLndAQH1ShLAQIBuBAAqsg9Bm7VJ7VOlDzdIsHo+ZtFczwMCtuT
TtvjSo8YKn0vrEjkYzokf7lo0zgXD/RNkpr8nmj0gTelPI5SsQCnB6As9ih7LO5X
KPu0pnwLt4DjiBNGLXEXDBIaOo6krDY0HsvILztBXGSX9B9LUIfDze3WydewY2Mm
38tOB+mlA/CR+2xCRwY8fePG2vAUwgroWxoUr/l5kBmqic0KHSBx5VJLo45yp7+U
l4lLefAQ53oQ6qrLD6zfXvbLec84H7nBe/mXtmP0VPMXj24LrsgEciydMU0ttIbd
5rdb9VDZwgEDiDpkAOITZk/7CK78X7x6xA92Yb5fhjoVu8/mkPVWy1NadCqTTwm0
7vkRk0w7EZ3Ticch33XyVHXw/zbJklSKGW7BnKUPBYZjUJFphNDq9pHP5vqXeXEW
376R+mo8anK7VHtQLiQo3FrgZ9GXnkLJWWLTZa+4kAVa25SuJU3royiL0VOJB5i6
amMAe/TbbCg2NPvHpgO6jnJSTVLZvCZCI8M9qtbHnvSgoHxT6YHDghhPYuX02eoj
Q4eV2tg8y5KTFP0Rw38lym7ejeukB1qotuigEyQlSLEI40Hd5+z889+0J36SRH9m
Z+hRGTsDIGNyRKhIkEYqqdrcyZ2sQTtNm49fG3GPWdRU5dGwITslW3oau+o3pMur
J8vmoVXIZN8=
=3YRD
-----END PGP SIGNATURE-----