Last updated at Thu, 20 Jul 2017 20:47:34 GMT
Administrators and security teams are in for a busy couple days tackling 11 Microsoft security bulletins, 3 Adobe updates and Oracle updates for 43 of their product suites (including Java, Databases and Solaris).
Of the 11 Microsoft bulletins, 4 are rated as 'Critical' and affect virtually all supported desktop/server platforms and all supported installations of MS Office (including Office for Mac 2011). These 11 bulletins address 26 CVEs, with the exploitation of CVE-2015-1641 being detected in the wild, this bulletin is known as MS15-033 and addresses a publically disclosed Office memory corruption vulnerability. Exploitation of this vulnerability requires that a user open a specially crafted malicious office file, which grants the user the same permissions as the currently running user. As were all well aware, users are extremely susceptible to phishing attacks, now might be a good time to remind your users to be vigilant and focus your patching efforts on this actively exploited vulnerability.
Since the release of MS15-034 both attackers and whitehats have actively been working on finding detection and exploit paths for the IIS HTTP.sys vulnerability, a public exploit is imminent if not already available. A detection POC using curl can be found here: https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/
MS15-032 addresses 10 Internet Explorer CVEs and is rated as 'Critical' with exploitation being quite likely however not yet detected in the wild. Microsoft really need to get Spartan released so that their browser auto patches itself like all the other browser platforms.
The remaining bulletins are rated as important and include privilege elevation, security feature bypass and denial of service vulnerabilities affecting SharePoint, AD federation services, all versions of .Net and Hyper-V. The Hyper-V bulletin (MS15-042 - CVE-2015-1647) in particular could pose a challenge to administrators as it requires a restart, the downstream affects being that hosted VMs will need to be migrated or brought offline for this patching to occur. Administrators might want to hold off until a scheduled maintenance window for MS15-042, as the exploit only results in a denial of service (DoS) and exploitation is rated as 'less likely' by Microsoft.
Just to increase the fun factor for administrators, Adobe released APSB15-06 a high priority security update for Flash that addresses 22 CVEs that impacts all previous versions on both Windows and Mac operating systems. Other Adobe products receiving lower priority updates are ColdFusion and Flex.
Oracle has provided a hefty breakdown of the vulnerabilities being addressed by their major quarterly update, more details can be found here: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Enjoy the patching frenzy. ;)
