Microsoft Security Bulletin Coverage

December 8, 2015

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December 8, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-124 Cumulative Security Update for Internet Explorer

  • CVE-2015-6083 Internet Explorer Memory Corruption Vulnerability
    IPS: 11316 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 1”
  • CVE-2015-6134 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6135 Scripting Engine Information Disclosure Vulnerability
    IPS: 11317 “Microsoft Scripting Engine Information Disclosure Vulnerability (MS15-124) “
  • CVE-2015-6136 Scripting Engine Memory Corruption Vulnerability
    IPS: 11324 “Microsoft Scripting Engine Memory Corruption Vulnerability (MS15-124) “
  • CVE-2015-6138 Internet Explorer XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6139 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6140 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11325 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 1 “
  • CVE-2015-6141 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 88 “
  • CVE-2015-6142 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11326 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 2”
  • CVE-2015-6143 Internet Explorer Memory Corruption Vulnerability
    IPS: 11318 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 3”
  • CVE-2015-6144 Microsoft Browser XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6145 Internet Explorer Memory Corruption Vulnerability
    IPS: 3930 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 2”
  • CVE-2015-6146 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6147 Internet Explorer Memory Corruption Vulnerability
    IPS: 11319 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 4”
  • CVE-2015-6148 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6149 Internet Explorer Memory Corruption Vulnerability
    IPS: 7645 “HTTP Client Shellcode Exploit 88 “
  • CVE-2015-6150 Internet Explorer Memory Corruption Vulnerability
    IPS: 11320 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 1”
  • CVE-2015-6151 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6152 Internet Explorer Memory Corruption Vulnerability
    IPS: 11321 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 6”
  • CVE-2015-6153 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6154 Microsoft Browser Memory Corruption Vulnerability
    GAV: “Malformed.html.TL.265”
  • CVE-2015-6155 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6156 Internet Explorer Memory Corruption Vulnerability
    IPS: 11322 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 7”
  • CVE-2015-6157 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6159 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11330 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 3”
  • CVE-2015-6160 Internet Explorer Memory Corruption Vulnerability
    IPS: 11323 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 8”
  • CVE-2015-6161 Microsoft Browser ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2015-6162 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS15-125 Cumulative Security Update for Microsoft Edge

  • CVE-2015-6139 Microsoft Browser Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6140 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11325 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 1 “
  • CVE-2015-6142 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11326 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 2”
  • CVE-2015-6148 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6151 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6153 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6154 Microsoft Browser Memory Corruption Vulnerability
    GAV: “Malformed.html.TL.265”
  • CVE-2015-6155 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6159 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11330 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 3”
  • CVE-2015-6168 Microsoft Edge Memory Corruption Vulnerability
    IPS: 11328 “Microsoft Edge Memory Corruption Vulnerability (MS15-125) “
  • CVE-2015-6169 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6170 Microsoft Edge Elevation of Privilege Vulnerability
    IPS: 11329 “Microsoft Edge Elevation of Privilege Vulnerability (MS15-125) “
  • CVE-2015-6176 Microsoft Edge XSS Filter Bypass Vulnerability
    There are no known exploits in the wild.

MS15-126 Cumulative Security Update for Jscript and VBScript to Address Remote Code Execution

  • CVE-2015-6135 Scripting Engine Information Disclosure Vulnerability
    IPS: 11317 “Microsoft Scripting Engine Information Disclosure Vulnerability (MS15-124) “
  • CVE-2015-6136 Scripting Engine Memory Corruption Vulnerability
    IPS: 11324 “Microsoft Scripting Engine Memory Corruption Vulnerability (MS15-124) “

MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution

  • CVE-2015-6125 Windows DNS Use After Free Vulnerability
    There are no known exploits in the wild.

MS15-128 Security Updates for Microsoft Graphics Component to Address Remote Code Execution

  • CVE-2015-6106 Graphics Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6107 Graphics Memory Corruption vulnerability
    SPY: 4276 “Malformed-File doc.MP.30”
  • CVE-2015-6108 Graphics Memory Corruption vulnerability
    There are no known exploits in the wild.

MS15-129 Security Update for Silverlight to Address Remote Code Execution

  • CVE-2015-6114 Microsoft Silverlight Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6165 Microsoft Silverlight Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-6166 Microsoft Silverlight RCE Vulnerability
    There are no known exploits in the wild.

MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution

  • CVE-2015-6130 Windows Integer Underflow Vulnerability
    SPY: 3223 “Malformed-File ttf.MP.7”

MS15-131 Security Update for Microsoft Office to Address Remote Code Execution

  • CVE-2015-6040 Microsoft Office Memory Corruption Vulnerability
    SPY: 3226 “Malformed-File xls.MP.51”
  • CVE-2015-6118 Microsoft Office Memory Corruption Vulnerability
    SPY: 1007 “Malformed-File doc.MP.33”
  • CVE-2015-6122 Microsoft Office Memory Corruption Vulnerability
    SPY: 3224 “Malformed-File xls.MP.50”
  • CVE-2015-6124 Microsoft Office Memory Corruption Vulnerability
    SPY: 3225 ” Malformed-File doc.MP.35″
  • CVE-2015-6172 Microsoft Office RCE Vulnerability
    SPY: 3863 ” KeywordFind.B Installer”
  • CVE-2015-6177 Microsoft Office Memory Corruption Vulnerability
    SPY: 1008 ” Malformed-File xls.MP.49″

MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution

  • CVE-2015-6128 Windows library loading elevation of privilege vulnerability
    SPY: 1010 ” Malformed-File doc.MP.34″
  • CVE-2015-6177 Windows library loading elevation of privilege vulnerability
    SPY: 1011 ” Malformed-File ppsx.MP.1″
  • CVE-2015-6177 Windows library loading elevation of privilege vulnerability
    SPY: 2345 ” Malformed-File ppt.MP.4″

MS15-133 Security Update for Windows PGM to Address Elevation of Privilege

  • CVE-2015-6126 Windows PGM UAF Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS15-134 Security Update for Windows Media Center to Address Remote Code Execution

  • CVE-2015-6127 Windows Media Center Information Disclosure Vulnerability
    IPS: 11327 ” Windows Media Center Information Disclosure Vulnerability”
  • CVE-2015-6131 Media Center Library parsing RCE vulnerability
    There are no known exploits in the wild.

MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

  • CVE-2015-6171 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6173 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6174 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability
  • CVE-2015-6175 Windows Kernel Memory Elevation of Privilege Vulnerability
    This is a local Vulnerability