(Un)lucky 13: Thirteen Bulletins In May Patch Tuesday, Three Critical

This month’s Patch Tuesday release can be considered relatively light with only three Critical bulletins, with the remaining 10 bulletins rated as Important.

As is usually the case, the cumulative update for Internet Explorer (MS15-043) is one of those rated as Critical. MS15-044 addresses critical vulnerabilities in Microsoft Font driver, which could allow remote code execution if users open specially crafted documents or visits an untrusted webpage that contains embedded TrueType fonts. Lastly, MS15-045 addresses a critical vulnerability in Microsoft Journal that could allow for remote code execution if a user opens a specially crafted Microsoft Journal file.

The remaining ten other bulletins are rated as Important, and cover a wide range of software from Microsoft Office, SharePoint Server, the .NET Framework, and various Windows components.

We urge users to patch their endpoints and servers as soon as possible. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities with the following DPI rules:

  • 1006630 – NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
  • 1006662 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1658)
  • 1006663 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1675)
  • 1006664 – Microsoft Internet Explorer ASLR Bypass (CVE-2015-1685)
  • 1006665 – Microsoft Internet Explorer VBScript ASLR Bypass (CVE-2015-1686)
  • 1006666 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1689)
  • 1006667 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1691)
  • 1006668 – Microsoft Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2015-1692)
  • 1006669 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1695)
  • 1006670 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1696)
  • 1006671 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1697)
  • 1006672 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1698)
  • 1006673 – Microsoft Windows Journal Remote Code Execution Vulnerability (CVE-2015-1699)
  • 1006674 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1705)
  • 1006675 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1706)
  • 1006676 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1708)
  • 1006678 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1710)
  • 1006679 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1711)
  • 1006680 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1712)
  • 1006694 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1717)
  • 1006695 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1718)
  • 1006696 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-1682)
  • 1006697 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1714)
  • 1006698 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1709)

More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: May 2015 – Microsoft Releases 13 Security Advisories.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

(Un)lucky 13: Thirteen Bulletins In May Patch Tuesday, Three Critical

Read more: (Un)lucky 13: Thirteen Bulletins In May Patch Tuesday, Three Critical

Story added 13. May 2015, content source with full text you can find at link above.