Security Update for Microsoft Windows to Address Remote Code Execution (MS15-115)

ITS Advisory Number: 
2015-139
Date(s) Issued: 
Tuesday, November 10, 2015
Subject: 
Security Update for Microsoft Windows to Address Remote Code Execution (MS15-115)
Overview: 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.

Systems Affected: 
  • Windows Vista Service Pack 2 
  • Windows Vista x64 Edition Service Pack 2 
  • Windows Server 2008 for 32-bit Systems Service Pack 2 
  • Windows Server 2008 for x64-based Systems Service Pack 2 
  • Windows Server 2008 for Itanium-based Systems Service Pack 2 
  • Windows 7 for 32-bit Systems Service Pack 1 
  • Windows 7 for x64-based Systems Service Pack 1 
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 
  • Windows 8 for 32-bit Systems 
  • Windows 8 for x64-based Systems 
  • Windows 8.1 for 32-bit Systems 
  • Windows 8.1 for x64-based Systems 
  • Windows Server 2012 
  • Windows Server 2012 R2 
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1511 for 32-bit Systems
  • Windows 10 Version 1511 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 
  • Windows Server 2012 (Server Core installation) 
  • Windows Server 2012 R2 (Server Core installation) 
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 
  • Multiple elevation of privilege vulnerabilities exist in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2015-6100, CVE-2015-6101
  • Multiple information disclosure vulnerabilities exist when Windows fails to properly initialize memory addresses, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited the vulnerabilities could retrieve the base address of the Kernel driver from a compromised process. CVE-2015-6102, CVE-2015-6109
  • Multiple remote code execution vulnerabilities exist when the Adobe Type Manager Library in Windows improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2015-6103, CVE-2015-6104
  • A security feature bypass vulnerability exists when the Windows kernel fails to properly validate permissions, allowing an attacker to inappropriately interact with the filesystem from low integrity level user-mode applications. An attacker who successfully exploited this vulnerability could potentially modify files outside a low integrity level application. CVE-2015-6113
Actions: 
  • After appropriate testing, apply appropriate patches provided by Microsoft to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.