Print

Print


To all IT Professionals:

The following is our preliminary analysis of the 9 Microsoft security bulletins issued on June 9, 2015. This analysis is based only on the information Microsoft provided and therefore may be subject to change as more details emerge. As details are finalized, we may issue advisories for those vulnerabilities that should be addressed as soon as possible.

(MS15-056) - Cumulative Security Update for Internet Explorer
Severity: Critical
Primary Attack Vector: Specially Crafted Web Page
Publicly Disclosed: 1 of 24 (CVE-2015-1765)
Assumptions: None
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes

(MS15-057) - Vulnerability in Windows Media Player Could Allow Remote Code Execution
Severity: Critical
Primary Attack Vector: Specially Crafted file (data object) in Windows Media Player
Publicly Disclosed: No
Assumptions: None
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes

(MS15-058) - Content Placeholder - This bulletin has not been populated by Microsoft

(MS15-059) - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Severity: Important
Primary Attack Vector: Specially Crafted Office File
Publicly Disclosed: No
Assumptions: None
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes

(MS15-060) - Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution
Severity: Important
Primary Attack Vector: Specially crafted link, or a link to specially crafted content
Publicly Disclosed: Yes
Assumptions: None
Recommendations: Patch as soon as possible after appropriate testing
Advisory Candidate: No

(MS15-061) - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Severity: Important
Primary Attack Vector: Specially Crafted Application
Publicly Disclosed: No
Assumptions: Authentication required
Recommendations: Patch as soon as possible after appropriate testing
Advisory Candidate: No

(MS15-062) - Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege
Severity: Important
Primary Attack Vector: Specially Crafted URL
Publicly Disclosed: No
Assumptions: None
Recommendations: Patch as soon as possible after appropriate testing
Advisory Candidate: No

(MS15-063) - Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Severity: Important
Primary Attack Vector: Malicious DLL file
Publicly Disclosed: No
Assumptions: Authentication required
Recommendations: Patch as soon as possible after appropriate testing
Advisory Candidate: No

(MS15-064) - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege
Severity: Important
Primary Attack Vector: Specially crafted web page
Publicly Disclosed: No
Assumptions: None
Recommendations: Patch as soon as possible after appropriate testing
Advisory Candidate: No


Center for Internet Security (CIS)
Integrated Intelligence Center (IIC)
Multi-State Information and Analysis Center (MS-ISAC)
1-866-787-4722 (7x24 SOC)
Email: [log in to unmask]
www.cisecurity.org<http://www.cisecurity.org>
Follow us @CISecurity < collapse<javascript://>



Departments fully managed by ITS will have the updates automatically distributed.  Departments using SCCM and/or Casper to manage their own devices should enable the updates for distribution to their users.  For more information about how you can take advantage of the Enterprise Desktop Services provided by ITS, please visit http://its.unl.edu/desktop


Mike


Michael Rutt | Sr. Security Analyst | [log in to unmask]<mailto:[log in to unmask]> | 402-472-0933
[logo]