Microsoft Security Bulletin Coverage (August 11, 2015)

ဩဂုတ်လအတွက် Security Advisories တွေကို Microsoft က ထုံးစံအတိုင်း ထုတ်ပြန်ထားပါတယ်။

အောက်က CVE ID တွေကို သင့် IPS/IDS, Firewall စတဲ့ Security Device တွေ၊ Operating System တွေနဲ့ Application တွေက prevent လုပ်နိုင်ဖို့လိုပါတယ်။

Dell SonicWall Security Device တွေကတော့ fix လုပ်ထားပြီးပါပြီတဲ့ဗျာ။

MS15-079 Cumulative Security Update fro Internet Explorer

• CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
  This is a local vulnerability.
• CVE-2015-2441 Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2442 Memory Corruption Vulnerability
  IPS: 11076 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 1"
• CVE-2015-2443 Memory Corruption Vulnerability
  IPS: 11077 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 2"
• CVE-2015-2444 Memory Corruption Vulnerability
  IPS: 11078 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 3"
• CVE-2015-2445 ASLR Bypass
  There are no known exploits in the wild.
• CVE-2015-2446 Memory Corruption Vulnerability
  IPS: 11079 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 4"
• CVE-2015-2447 Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2448 Memory Corruption Vulnerability
  IPS: 11080 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 5"
• CVE-2015-2449 ASLR Bypass
  There are no known exploits in the wild.
• CVE-2015-2450 Memory Corruption Vulnerability
  IPS: 11081 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 6"
• CVE-2015-2451 Memory Corruption Vulnerability
  IPS: 11083 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 8"
• CVE-2015-2452 Memory Corruption Vulnerability
  IPS: 11082 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 7"

MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution

• CVE-2015-2431 Microsoft Office Graphics Component Remote Code Execution Vulnerability
  SPY: 4276 "Malformed-File doc.MP.30"
• CVE-2015-2432 OpenType Font Parsing Vulnerability
  SPY: 3148 "Malformed-File otf.MP.12"
• CVE-2015-2433 Kernel ASLR Bypass Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2435 TrueType Font Parsing Vulnerability
  SPY: 4232 "Malformed-File ttf.MP.4"
• CVE-2015-2453 Windows CSRSS Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2454 Windows KMD Security Feature Bypass Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2455 TrueType Font Parsing Vulnerability
  SPY: 4209 "Malformed-File ttf.MP.3"
• CVE-2015-2456 TrueType Font Parsing Vulnerability
  SPY: 3149 " Malformed-File otf.MP.13 "
• CVE-2015-2458 OpenType Font Parsing Vulnerability
  SPY: 3150 " Malformed-File otf.MP.14 "
• CVE-2015-2459 OpenType Font Parsing Vulnerability
  SPY: 3151 " Malformed-File otf.MP.15 "
• CVE-2015-2460 OpenType Font Parsing Vulnerability
  SPY: 3152 " Malformed-File otf.MP.16 "
• CVE-2015-2461 OpenType Font Parsing Vulnerability
  SPY: 3153 " Malformed-File otf.MP.17 "
• CVE-2015-2462 OpenType Font Parsing Vulnerability
  SPY: 3157 " Malformed-File otf.MP.20 "
• CVE-2015-2463 TrueType Font Parsing Vulnerability
  SPY: 3155 " Malformed-File otf.MP.18 "
• CVE-2015-2464 TrueType Font Parsing Vulnerability
  SPY: 3156 " Malformed-File otf.MP.19 "
• CVE-2015-2465 Windows Shell Security Feature Bypass Vulnerability
  There are no known exploits in the wild.

MS15-081 Vulnerability in Microsoft Office Could Allow Remote Code Execution

• CVE-2015-1642 Microsoft Office Memory Corruption Vulnerability
  SPY: 4366 "Malformed-File docx.MP.5"
• CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2466 Microsoft Office Remote Code Execution Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2467 Microsoft Office Memory Corruption Vulnerability
  SPY: 3159 "Malformed-File doc.MP.25"
• CVE-2015-2468 Microsoft Office Memory Corruption Vulnerability
  SPY: 3160 "Malformed-File doc.MP.26"
• CVE-2015-2469 Microsoft Office Memory Corruption Vulnerability
  SPY: 3365 "Malformed-File doc.MP.27"
• CVE-2015-2470 Microsoft Office Integer Underflow Vulnerability
  SPY: 4193 " Malformed-File doc.MP.28"
• CVE-2015-2477 Microsoft Office Memory Corruption Vulnerability
  SPY: 4195 "Malformed-File doc.MP.29"

MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution 

• CVE-2015-2472 Remote Desktop Session Host Spoofing Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2473 Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability
  There are no known exploits in the wild.

MS15-083 Vulnerabilities in Server Message Block Could Allow Remote Code Execution 

• CVE-2015-2474 Server Message Block Memory Corruption Vulnerability
  There are no known exploits in the wild.

MS15-084 Vulnerability in XML Core Services Could Allow Elevation of Privilege 

• CVE-2015-2434 MSXML Information Disclosure Vulnerability
  IPS: 5770 "Downgraded TLS Traffic"
• CVE-2015-2440 MSXML Information Disclosure Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2471 MSXML Information Disclosure Vulnerability
  IPS: 5770 "Downgraded TLS Traffic"

MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege 

• CVE-2015-1769 Mount Manager Elevation of Privilege Vulnerability
  This is a local vulnerability.

MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege 

• CVE-2015-2420 System Center Operations Manager Web Console XSS Vulnerability
  There are no known exploits in the wild.

MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege 

• CVE-2015-2475 UDDI Services Could Allow Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure 

• CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
  This is a local vulnerability.

MS15-089 Vulnerabilities in WebDAV Could Allow Information Disclosure 

• CVE-2015-2476 WebDAV Client Information Disclosure Vulnerability
  IPS: 5770 "Downgraded TLS Traffic"

MS15-090 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege 

• CVE-2015-2428 Windows Object Manager Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2429 Windows Registry Elevation of Privilege Vulnerability
  This is a local vulnerability.
• CVE-2015-2430 Windows Filesystem Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS15-091 Cumulative Security Update for Microsoft Edge 

• CVE-2015-2441 Memory Corruption Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2442 Memory Corruption Vulnerability
  IPS: 11076 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 1"
• CVE-2015-2446 Memory Corruption Vulnerability
  IPS: 11079 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 4"
• CVE-2015-2449 ASLR Bypass
  There are no known exploits in the wild.

MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege 

• CVE-2015-2479 RyuJIT Optimization Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2480 RyuJIT Optimization Elevation of Privilege Vulnerability
  There are no known exploits in the wild.
• CVE-2015-2481 RyuJIT Optimization Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

ပျော်ရွှင်ပါစေဗျာ။
(Be knowledgeable, pass it on then)