October 2015 Patch Tuesday: Higher User Rights At Risk
Microsoft released six patches this month, which included three rated as critical and the remaining as important. The vulnerabilities found in October’s patch update targeted computer accounts with higher access rights and was done in multiple online and offline platforms. This means computers or laptops with overlapping users or have multiple access to admin accounts are susceptible to attacks leveraging these vulnerabilities.
MS-15-106 to MS15-109 patches bugs that may allow remote code execution when a user views a well-crafted webpage, site, or online content. These include cumulative security updates for Internet Explorer (MS15-106) and Windows Edge (MS15-107), Microsoft’s two browsers.
While exploiting browsers and office tools never seem to go out of style, attackers are finding more convincing ways to get into systems. MS15-108 addresses potential attacks that involve embedding an Active X control marked “safe for initialization” in an application that uses MS Office or the IE rendering engine that diverts users to a malicious website.
Updating software and systems with the latest patches from Microsoft is strongly advised. For additional information on these security bulletins, visit our Threat Encyclopedia page.
Trend Micro Solutions
Trend Micro Deep Security and Vulnerability Protection defend systems from threats that anchor on vulnerabilities with the following DPI rules:
- 1007103-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6055)
- 1007101-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6050)
- 1007111-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2557)
- 1007104-Microsoft Windows Shell Toolbar Use After Free Vulnerability (CVE-2015-2515)
- 1007112-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2558)
- 1007110-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2555)
- 1007097-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6042)
- 1007105-Microsoft Windows Shell Tablet Input Band Use After Free Vulnerability (CVE-2015-2548)
- 1007108-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6059)
- 1007107-Microsoft Internet Explorer VBScript And JScript ASLR Bypass Vulnerability (CVE-2015-6052)
- 1007106-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6046)
- 1007099-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6048)
- 1007102-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6053)
- 1007096-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-2482)
- 1007100-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6049)
Incoming search terms