Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft releases Critical Updates for Internet Explorer and Media Player


  • Please log in to reply
3 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:45 PM

Posted 09 June 2015 - 12:58 PM

Time to get updating! Today Microsoft released 8 security updates, 2 of which are critical.  These security updates resolve vulnerabilities in Windows, Internet Explorer, Windows Media Player, Microsoft Office, and Microsoft Exchange.  One of these updates, MS15-057, is severe as it could allow a remotely hosted media file to exploit a vulnerability in Windows Media Player that would allow full control over the vulnerable system.  It is strongly advised that everyone download and install these security updates.
 

A description of each security update can be found below:
 
Critical:Remote Code Execution
 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
 
 
Critical: Remote Code Execution
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
 
 
Important: Remote Code Execution
 
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
 
 
Important: Remote Code Execution
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.
 
 
Important: Elevation of Privilege
 
This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
 
 
Important: Elevation of Privilege
 
This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur.
 
 
Important: Elevation of Privilege
 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share. An attacker would then have to wait for a user to run a program that can load a malicious .dll file, resulting in elevation of privilege. However, in all cases an attacker would have no way to force a user to visit such a network share or website.
 
 
Important: Elevation of Privilege
 
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.
 


BC AdBot (Login to Remove)

 


#2 Beenthere

Beenthere

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 09 June 2015 - 01:15 PM

Thanks.

Firing up windows update right now.



#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:01:45 AM

Posted 10 June 2015 - 09:57 AM

Tons of updates for me, 22 for MS office and 17 for Windows.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:45 PM

Posted 10 June 2015 - 02:17 PM

On my windows 8 machine all the security ones being offere for it, and all the security ones for ms office programs, installed without problems. None of them caused any crashing or slowness. However it should be noted that some of the ones described above were not offered to me, and won't be offered to a lot of other users either, as some of them only apply to servers, and the windows media player update does not apply to windows 8 users.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users