Vulnerability in Windows Journal Could Allow Remote Code Execution (MS15-045)

ITS Advisory Number: 
2015-054
Date(s) Issued: 
Tuesday, May 12, 2015
Subject: 
Vulnerability in Windows Journal Could Allow Remote Code Execution (MS15-045)
Overview: 

Vulnerabilities have been discovered in Windows Journal which could allow for remote code execution if a user opens a specially crafted Journal file. Windows Journal is a notetaking application.

An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Vulnerabilities have been discovered in Windows Journal which could allow for remote code execution if a user opens a specially crafted Journal file. The vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. [CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, CVE-2015-1699]

Successful exploitation of these vulnerabilities could result in the attacker gaining the same rights as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 

We recommend the following actions be taken:

  • Install the updates provided by Microsoft immediately after appropriate testing.
  • Do not open Windows Journal (.jnt) files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.
  • Do not open email attachments from unknown or untrusted sources or suspicious emails from trusted sources.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.
  • Limit user account privileges to those required only.