Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0976 Microsoft Security Bulletin MS15-035 - Critical 15 April 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Publisher: Microsoft Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-1645 Original Bulletin: https://technet.microsoft.com/en-us/library/security/MS15-035 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Bulletin MS15-035 - Critical Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) Published: April 14, 2015 Version: 1.0 Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages. This security update is rated Critical for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. For more information, see the Affected Software section. Affected Software Windows Server 2003 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Server Core installation option Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Vulnerability Information EMF Processing Remote Code Execution Vulnerability - CVE-2015-1645 A remote code execution vulnerability exists in the way that Microsoft Windows improperly processes certain, specially crafted Enhanced Metafile (EMF) image format files. An attacker who successfully exploited the vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince users to view the website. This could also include compromised websites or websites that accept or host user-provided content or banner advertisements; such websites could contain specially crafted content that is designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to do so, typically by getting them to click a link in an email or Instant Messenger request. In an email attack scenario, an attacker could exploit the vulnerability by sending Outlook users a specially crafted email, or sending them a specially crafted Office document as an attachment, and convincing the user to read the message or open the file. An attacker could also exploit this vulnerability by hosting a malicious image file on a network share and convincing users to navigate to the folder in Windows Explorer. The security update addresses the vulnerability by correcting how Windows processes EMF files. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVS2t3xLndAQH1ShLAQJAvRAAjJE11WlFsRdB/+r7fwVGgoiCpHWcziXp /TaUECJRqmm3q6ItURI7BLHadGS2AAclPFqdXk0UTTEHv7SBoMfinOU3RTpXbwhS 4VAwwjE7vUAJKYAFFUS15rXb9UmXy6J8YWQlxKP2MLprtj2y+Ii6hZD7w84f7XDa KRILWezZRcvE5LjQx8DTk8j4kEVfC5PWNwUF/iMduU7OQkSmVGNyxPPXPRQQddgb rqzZ5uu4pUqI5Ik6HOMa24VBEEzslP5RdzxeJNoAPNsS0S8v14/9UWG26raVaqku 9sLyY/BG8lxn6OdX5vqRov3RtnMTNYIUGB9W9/SWnZFjwj6zeAb2/4jarqEQuzJS BFlRrmoroYaZtnki3lCeli0RbSJJPVjvCvdsuvA7Q1vxaI5nEBkyltQaGWCnRPnV OcqyYAzXTle6E67ldwWpY2zc/Z190bqjUjQXyEVqRdgfI9NvKNbO1EnkuC9NeFZ4 tvn0Je5FqyFUd9sF4ZL1MWxTYJB/ayik07IJXdkgI3K/4UcgGEOHNCFQXylHWvDo 8wcFfwq8wfnsu7Gpgmf+ByidkHX+yiYQ3vtF5FWY4MvY7ykoYhbnp6sPgirGv3ea tj+i1Ons5CXs7VXoLZ/RxMv1BTy4lQpeSofZmBWeyPaGXPi6EGC690ljwXilmDo6 nMKu2iA64Uk= =ESum -----END PGP SIGNATURE-----