Microsoft fixed a dangerous vulnerability in Windows Server

    Microsoft has released a set of updates for its products, fixing 71 vulnerabilities in them. In total, eight Critical updates were released (the record number for one month) and four updates with the status Important. By updating MS15-127, the company fixed a dangerous vulnerability in Windows Server 2008+ with identifier CVE-2015-6125. The use-after-free vulnerability was present in the DNS server service component (Dns.exe) and allowed attackers to remotely execute high-code code on the system (LocalSystem) by sending a specially crafted DNS request to the server.



    Two vulnerabilities in the win32k.sys driver and Office package, which are under active exploitation by attackers, also underwent correction. The first CVE-2015-6175 is used by attackers to obtain SYSTEM rights in Windows, and the second CVE-2015-6175 for remote code execution using a specially crafted Office file.

    Update MS15-124 fixes thirty different vulnerabilities in Internet Explorer, most of these vulnerabilities are of the Remote Code Execution type and can be used by attackers to remotely execute code through a specially crafted web page. All versions of IE 7-11 are subject to updating. Critical.

    Update MS15-125fixes 15 vulnerabilities in the Edge web browser, which can also be used by attackers to remotely execute code on the system through the browser. One of the vulnerabilities CVE-2015-6161 could be used by attackers to bypass ASLR. Critical.

    The MS15-126 update fixes two vulnerabilities in the JScript (jscript.dll) and VBScript (vbscript.dll) engines on Windows Vista, which Internet Explorer uses to work with JavaScript and Visual Basic Scripting. Remote code execution is possible through a web page with special content, or through an Office document with malicious ActiveX content. Critical.

    Update MS15-128fixes three vulnerabilities in the win32k.sys driver, the system libraries Gdiplus.dll, Advapi32.dll, Kernel32.dll, Ole32.dll, as well as in the .NET Framework software for all Windows Vista + operating systems. Vulnerabilities allow attackers to remotely execute code on the system using special font files, as well as in products such as Skype for Business 2016, Microsoft Lync 2013, Microsoft Lync 2010, Office 2007, Office 2010. Critical.

    Update MS15-129 fixes three RCE and Information Disclosure vulnerabilities in Silverlight 5, a plugin for which works in modern web browsers to play multimedia content. Such content could be used by cybercriminals to execute malicious code using these vulnerabilities. Critical.

    Update MS15-130fixes one RCE vulnerability in the Uniscribe component (Usp10.dll) on Windows 7. The vulnerability allows attackers to remotely execute code on a system using a malicious font file located on a web page. Critical.

    The MS15-135 update fixes 4 vulnerabilities like Local Privilege Escalation in the win32k.sys driver and system libraries on all Windows Vista + operating systems. Vulnerabilities can be used by attackers to increase their privileges in the system to the SYSTEM level and unauthorized execution of kernel mode code. Important

    We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).

    technet.microsoft.com/library/security/ms15-dec

    image
    be secure.

    Also popular now: