-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.1855
 Microsoft Security Bulletin MS15-068: Vulnerabilities in Windows Hyper-V
                Could Allow Remote Code Execution (3072000)
                               15 July 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows
Publisher:         Microsoft
Operating System:  Windows
                   Windows Server with Hyper-V
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-2362 CVE-2015-2361 

Original Bulletin: 
   https://technet.microsoft.com/en-us/library/security/MS15-068

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS15-068: Vulnerabilities in Windows Hyper-V Could
Allow Remote Code Execution (3072000)

Bulletin Number: MS15-068

Bulletin Title: Vulnerabilities in Windows Hyper-V Could Allow Remote Code 
Execution

Severity: Critical

KB Article: 3072000

Version: 1.0

Published Date: July 14, 2015

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows. The 
vulnerabilities could allow remote code execution in a host context if a 
specially crafted application is run by an authenticated and privileged user 
on a guest virtual machine hosted by Hyper-V. An an attacker must have valid 
logon credentials for a guest virtual machine to exploit this vulnerability.

This security update is rated Critical for Windows Hyper-V on Windows Server 
2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 
8.1 and Windows Server 2012 R2. For more information, see the Affected 
Software section.

Affected Software

Windows Server 2008

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows 8 and Windows 8.1

Windows 8 for x64-based Systems

Windows 8.1 for x64-based Systems

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core 
installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core 
installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Vulnerability Information

Hyper-V Buffer Overflow Vulnerability - CVE-2015-2361

A remote code execution vulnerability exists in Windows Hyper-V in a host 
context if an authenticated and privileged user on a guest virtual machine 
hosted by Hyper-V runs a specially crafted application.

To exploit this vulnerability, an attacker must have valid logon credentials 
for a guest virtual machine. Systems where Windows Hyper-V is installed are 
primarily at risk. The security update addresses the vulnerability by 
correcting how Hyper-V handles packet size memory initialization in guest 
virtual machines.

Microsoft received information about this vulnerability through coordinated 
vulnerability disclosure. When this security bulletin was originally issued 
Microsoft had not received any information to indicate that this vulnerability
had been publicly used to attack customers.

Hyper-V System Data Structure Vulnerability - CVE-2015-2362

A remote code execution vulnerability exists in Windows Hyper-V in a host 
context if an authenticated and privileged user on a guest virtual machine 
hosted by Hyper-V runs a specially crafted application.

To exploit this vulnerability, an attacker must have valid logon credentials 
for a guest virtual machine. Systems where Windows Hyper-V is installed are 
primarily at risk. The security update addresses the vulnerability by 
correcting how Hyper-V initializes system data structures in guest virtual 
machines.

Microsoft received information about this vulnerability through coordinated 
vulnerability disclosure. When this security bulletin was originally issued 
Microsoft had not received any information to indicate that this vulnerability
had been publicly used to attack customers.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVaWZyX6ZAP0PgtI9AQIVMw/7BXtkVyO8Xoen5KNgubccdOtLqUzXXrx7
tWuNIz/xsO4rHRlHOk+3E271s9OlGuMlkY5XcF28pca5edbKCdq/MHflfOxg6Ueu
nUS1R4pMQWen0YeE/AkXZrI9OhipJO0LLcYd5z+5I3IWxpcVeVSgWXYYs10dSIhh
okaNdtn00EbHrchbYCrTlS1nZOZT6/PsI1jFKsm/J91jPXUPx+lFCa2wmwzSeNsc
ZcHkLFsri1iIirKlxK7VRbFxKnD/YMUE+QfvH+pc5vZ/Tynb8veoloywo3a6aR4p
R1ibuPrkpIzd1XiQzvHEy2Hdmmc9nqVAGYc0+EVzIgp0OPzKLfbIaq9o8LJK/UAG
jqd2dOaPZqgAKVne4rrez+ssCqJ35N/ljdV3kCRexiGRFWgfLsaga4vvL94Gm2xy
t52Al5/mSWTCSk1y2Tzbofy2f3zTHl8HSXpHREVLWCY/9lYyyoiWPBmw0lKDElnK
DA4JSpXW+iidftONiQwYtiWNWUM9HAsRDMMFejqpFWfKSIUyfZW1YCRWRihHEM4S
38eaAMOEhTJ494kl/a/AfjpHqrbTLwIJpZo609rfHjaEoRSR9Iu4H0cQ8KDpQfz+
sgdO8gWj0jlz1DktAFaup7rt1CN9WIylu2DwwQMrpBsPXtpnYucirneXWg8MEKsi
Eb/v5P/FNY0=
=XgYW
-----END PGP SIGNATURE-----