Microsoft Security Bulletin Coverage (December 8, 2015)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December 8, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:
MS15-124 Cumulative Security Update for Internet Explorer
- CVE-2015-6083 Internet Explorer Memory Corruption Vulnerability
IPS: 11316 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 1” - CVE-2015-6134 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6135 Scripting Engine Information Disclosure Vulnerability
IPS: 11317 “Microsoft Scripting Engine Information Disclosure Vulnerability (MS15-124) “ - CVE-2015-6136 Scripting Engine Memory Corruption Vulnerability
IPS: 11324 “Microsoft Scripting Engine Memory Corruption Vulnerability (MS15-124) “ - CVE-2015-6138 Internet Explorer XSS Filter Bypass Vulnerability
There are no known exploits in the wild. - CVE-2015-6139 Microsoft Browser Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-6140 Microsoft Browser Memory Corruption Vulnerability
IPS: 11325 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 1 “ - CVE-2015-6141 Internet Explorer Memory Corruption Vulnerability
IPS: 7645 “HTTP Client Shellcode Exploit 88 “ - CVE-2015-6142 Microsoft Browser Memory Corruption Vulnerability
IPS: 11326 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 2” - CVE-2015-6143 Internet Explorer Memory Corruption Vulnerability
IPS: 11318 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 3” - CVE-2015-6144 Microsoft Browser XSS Filter Bypass Vulnerability
There are no known exploits in the wild. - CVE-2015-6145 Internet Explorer Memory Corruption Vulnerability
IPS: 3930 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 2” - CVE-2015-6146 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6147 Internet Explorer Memory Corruption Vulnerability
IPS: 11319 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 4” - CVE-2015-6148 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6149 Internet Explorer Memory Corruption Vulnerability
IPS: 7645 “HTTP Client Shellcode Exploit 88 “ - CVE-2015-6150 Internet Explorer Memory Corruption Vulnerability
IPS: 11320 “Internet Explorer Memory Corruption Vulnerability (MS15-112) 1” - CVE-2015-6151 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6152 Internet Explorer Memory Corruption Vulnerability
IPS: 11321 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 6” - CVE-2015-6153 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6154 Microsoft Browser Memory Corruption Vulnerability
GAV: “Malformed.html.TL.265” - CVE-2015-6155 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6156 Internet Explorer Memory Corruption Vulnerability
IPS: 11322 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 7” - CVE-2015-6157 Internet Explorer Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6159 Microsoft Browser Memory Corruption Vulnerability
IPS: 11330 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 3” - CVE-2015-6160 Internet Explorer Memory Corruption Vulnerability
IPS: 11323 “Internet Explorer Memory Corruption Vulnerability (MS15-124) 8” - CVE-2015-6161 Microsoft Browser ASLR Bypass
There are no known exploits in the wild. - CVE-2015-6162 Internet Explorer Memory Corruption V
ulnerability
There are no known exploits in the wild. - CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild.
MS15-125 Cumulative Security Update for Microsoft Edge
- CVE-2015-6139 Microsoft Browser Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2015-6140 Microsoft Browser Memory Corruption Vulnerability
IPS: 11325 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 1 “ - CVE-2015-6142 Microsoft Browser Memory Corruption Vulnerability
IPS: 11326 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 2” - CVE-2015-6148 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6151 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6153 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6154 Microsoft Browser Memory Corruption Vulnerability
GAV: “Malformed.html.TL.265” - CVE-2015-6155 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6158 Microsoft Browser Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6159 Microsoft Browser Memory Corruption Vulnerability
IPS: 11330 “Microsoft Browser Memory Corruption Vulnerability (MS15-124) 3” - CVE-2015-6168 Microsoft Edge Memory Corruption Vulnerability
IPS: 11328 “Microsoft Edge Memory Corruption Vulnerability (MS15-125) “ - CVE-2015-6169 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild. - CVE-2015-6170 Microsoft Edge Elevation of Privilege Vulnerability
IPS: 11329 “Microsoft Edge Elevation of Privilege Vulnerability (MS15-125) “ - CVE-2015-6176 Microsoft Edge XSS Filter Bypass Vulnerability
There are no known exploits in the wild.
MS15-126 Cumulative Security Update for Jscript and VBScript to Address Remote Code Execution
- CVE-2015-6135 Scripting Engine Information Disclosure Vulnerability
IPS: 11317 “Microsoft Scripting Engine Information Disclosure Vulnerability (MS15-124) “ - CVE-2015-6136 Scripting Engine Memory Corruption Vulnerability
IPS: 11324 “Microsoft Scripting Engine Memory Corruption Vulnerability (MS15-124) “
MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution
- CVE-2015-6125 Windows DNS Use After Free Vulnerability
There are no known exploits in the wild.
MS15-128 Security Updates for Microsoft Graphics Component to Address Remote Code Execution
- CVE-2015-6106 Graphics Memory Corruption Vulnerability
There are no known exploits in the wild. - CVE-2015-6107 Graphics Memory Corruption vulnerability
SPY: 4276 “Malformed-File doc.MP.30” - CVE-2015-6108 Graphics Memory Corruption vulnerability
There are no known exploits in the wild.
MS15-129 Security Update for Silverlight to Address Remote Code Execution
- CVE-2015-6114 Microsoft Silverlight Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2015-6165 Microsoft Silverlight Information Disclosure Vulnerability
There are no known exploits in the wild. - CVE-2015-6166 Microsoft Silverlight RCE Vulnerability
There are no known exploits in the wild.
MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution
- CVE-2015-6130 Windows Integer Underflow Vulnerability
SPY: 3223 “Malformed-File ttf.MP.7”
MS15-131 Security Update for Microsoft Office to Address Remote Code Execution
- CVE-2015-6040 Microsoft Office Me
mory Corruption Vulnerability
SPY: 3226 “Malformed-File xls.MP.51” - CVE-2015-6118 Microsoft Office Memory Corruption Vulnerability
SPY: 1007 “Malformed-File doc.MP.33” - CVE-2015-6122 Microsoft Office Memory Corruption Vulnerability
SPY: 3224 “Malformed-File xls.MP.50” - CVE-2015-6124 Microsoft Office Memory Corruption Vulnerability
SPY: 3225 ” Malformed-File doc.MP.35″ - CVE-2015-6172 Microsoft Office RCE Vulnerability
SPY: 3863 ” KeywordFind.B Installer” - CVE-2015-6177 Microsoft Office Memory Corruption Vulnerability
SPY: 1008 ” Malformed-File xls.MP.49″
MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution
- CVE-2015-6128 Windows library loading elevation of privilege vulnerability
SPY: 1010 ” Malformed-File doc.MP.34″ - CVE-2015-6177 Windows library loading elevation of privilege vulnerability
SPY: 1011 ” Malformed-File ppsx.MP.1″ - CVE-2015-6177 Windows library loading elevation of privilege vulnerability
SPY: 2345 ” Malformed-File ppt.MP.4″
MS15-133 Security Update for Windows PGM to Address Elevation of Privilege
- CVE-2015-6126 Windows PGM UAF Elevation of Privilege Vulnerability
There are no known exploits in the wild.
MS15-134 Security Update for Windows Media Center to Address Remote Code Execution
- CVE-2015-6127 Windows Media Center Information Disclosure Vulnerability
IPS: 11327 ” Windows Media Center Information Disclosure Vulnerability” - CVE-2015-6131 Media Center Library parsing RCE vulnerability
There are no known exploits in the wild.
MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege
- CVE-2015-6171 Windows Kernel Memory Elevation of Privilege Vulnerability
This is a local Vulnerability - CVE-2015-6173 Windows Kernel Memory Elevation of Privilege Vulnerability
This is a local Vulnerability - CVE-2015-6174 Windows Kernel Memory Elevation of Privilege Vulnerability
This is a local Vulnerability - CVE-2015-6175 Windows Kernel Memory Elevation of Privilege Vulnerability
This is a local Vulnerability
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
