Microsoft Security Bulletin Coverage

June 9, 2015

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2015. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS15-056 Cumulative Security Update for Internet Explorer (3058515)

  • CVE-2015-1765 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1739 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-1743 Internet Explorer Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-1748 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 10988 “Internet Explorer Elevation of Privilege Vulnerability (MS15-056) 1”
  • CVE-2015-1687 Internet Explorer Memory Corruption Vulnerability
    IPS: 10977 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 1”
  • CVE-2015-1730 Internet Explorer Memory Corruption Vulnerability
    IPS: 10978 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 2”
  • CVE-2015-1731 Internet Explorer Memory Corruption Vulnerability
    IPS: 10979 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 3”
  • CVE-2015-1732 Internet Explorer Memory Corruption Vulnerability
    IPS: 10980 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 7”
  • CVE-2015-1735 Internet Explorer Memory Corruption Vulnerability
    IPS: 10981 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 10”
  • CVE-2015-1736 Internet Explorer Memory Corruption Vulnerability
    IPS: 10982 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 8”
  • CVE-2015-1737 Internet Explorer Memory Corruption Vulnerability
    IPS: 10983 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 9”
  • CVE-2015-1740 Internet Explorer Memory Corruption Vulnerability
    IPS: 10984 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 12”
  • CVE-2015-1741 Internet Explorer Memory Corruption Vulnerability
    IPS: 10985 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 14”
  • CVE-2015-1742 Internet Explorer Memory Corruption Vulnerability
    IPS: 10986 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 15”
  • CVE-2015-1744 Internet Explorer Memory Corruption Vulnerability
    IPS: 10987 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 19”
  • CVE-2015-1745 Internet Explorer Memory Corruption Vulnerability
    IPS: 2144 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 4”
  • CVE-2015-1747 Internet Explorer Memory Corruption Vulnerability
    IPS: 2145 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 6”
  • CVE-2015-1750 Internet Explorer Memory Corruption Vulnerability
    IPS: 2147 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 11”
  • CVE-2015-1751 Internet Explorer Memory Corruption Vulnerability
    IPS: 2151 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 13”
  • CVE-2015-1752 Internet Explorer Memory Corruption Vulnerability
    IPS: 2153 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 18”
  • CVE-2015-1753 Internet Explorer Memory Corruption Vulnerability
    IPS: 2168 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 22”
  • CVE-2015-1754 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1755 Internet Explorer Memory Corruption Vulnerability
    IPS: 2156 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 20”
  • CVE-2015-1766 Internet Explorer Memory Corruption Vulnerability
    IPS: 2167 “Internet Explorer Memory Corruption Vulnerability (MS15-056) 21”

MS15-057 Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)

  • CVE-2015-1728 Windows Media Player RCE via DataObject Vulnerability
    This is a local vulnerability.

MS15-059 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)

  • CVE-2015-1759 Microsoft Office Memory Corruption Vulnerability
    ASPY: 1021 “Malformed-File doc.MP.21”
  • CVE-2015-1760 Microsoft Office Memory Corruption Vulnerability
    ASPY: 1037 “Malformed-File doc.MP.22”
  • CVE-2015-1770 Microsoft Office Uninitialized Memory Use Vulnerability
    ASPY: 1038 “Malformed-File docx.MP.6”

MS15-060 Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)

  • CVE-2015-1756 Microsoft Common Control Use After Free Vulnerability
    There are no known exploits in the wild.

MS15-061 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)

  • CVE-2015-1719 Microsoft Windows Kernel Information Disclosure Vulnerability
    This is a local vulnerability.
  • CVE-2015-1720 Microsoft Windows Kernel Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1721 Win32k Null Pointer Dereference Vulnerability
    This is a local vulnerability.
  • CVE-2015-1722 Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1723 Microsoft Windows Station Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1724 Microsoft Windows Kernel Object Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1725 Win32k Buffer Overflow Vulnerability
    This is a local vulnerability.
  • CVE-2015-1726 Microsoft Windows Kernel Brush Object Use After Free Vulnerability
    This is a local vulnerability.
  • CVE-2015-1727 Win32k Pool Buffer Overflow Vulnerability
    This is a local vulnerability.
  • CVE-2015-1768 Win32k Memory Corruption Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-2360 Win32k Elevation of Privilege Vulnerability
    This is a local vulnerability.

MS15-062 Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)

  • CVE-2015-1757 ADFS XSS Elevation of Privilege Vulnerability
    IPS: 10892 “Cross-Site Scripting (XSS) Attack 49”

MS15-063 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)

  • CVE-2015-1758 Windows LoadLibrary EoP Vulnerability
    This is a local vulnerability.

MS15-064 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

  • CVE-2015-1764 Exchange Server-Side Request Forgery Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-1771 Exchange Cross-Site Request Forgery Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2359 Exchange HTML Injection Vulnerability
    There are no known exploits in the wild.