September 2015 Microsoft Patch Tuesday
Overview of the September 2015 Microsoft patches and their status.
| # | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
|---|---|---|---|---|---|---|
| clients | servers | |||||
| MS15-094 | Cumulative Security Update for Internet Explorer (Replaces MS15-093) |
|||||
| CVE-2015-2483 , CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-2491, CVE-2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015-2501, CVE-2015-2541, CVE-2015-2542 | KB 3089548 | . | Severity:Critical Exploitability: 1 |
Critical | Critical | |
| MS15-095 | Cumulative Security Update for Microsoft Edge | |||||
| CVE-2015-2485 CVE-2015-2486 CVE-2015-2484 CVE-2015-2542 |
KB 3089665 | . | Severity:Critical Exploitability: 1 |
Critical | Critical | |
| MS15-096 | Vulnerability in Active Directory Service Could Allow Denial of Service (Replaces MS14-016) |
|||||
| CVE-2015-2535 | KB 3072595 | . | Severity:Important Exploitability: 3 |
Important | Important | |
| MS15-097 | Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution | |||||
| CVE-2015-2506 CVE-2015-2507 CVE-2015-2508 CVE-2015-2510 CVE-2015-2511 CVE-2015-2512 CVE-2015-2517 CVE-2015-2518 CVE-2015-2527 CVE-2015-2529 CVE-2015-2546 | KB 3089656 | exploit detected for CVE-2015-2546 | Severity:Critical Exploitability: 0 |
Critical | Critical | |
| MS15-098 | Vulnerabilities in Windows Journal Could Allow Remote Code Execution (Replaces MS15-045) |
|||||
| CVE-2015-2513 CVE-2015-2514 CVE-2015-2516 CVE-2015-2519 CVE-2015-2530 |
KB 3089669 | . | Severity:Critical Exploitability: 3 |
Critical | Critical | |
| MS15-099 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Replaces MS15-059 MS15-070 MS15-081) |
|||||
| CVE-2015-2520 CVE-2015-2521 CVE-2015-2522 CVE-2015-2523 CVE-2015-2545 |
KB 3089664 | exploit in the wild | Severity:Critical Exploitability: 0 |
Critical | Important | |
| MS15-100 | Vulnerability in Windows Media Center Could Allow Remote Code Execution | |||||
| CVE-2015-2509 | KB 3087918 | no | Severity:Important Exploitability: 2 |
Critical | Important | |
| MS15-101 | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (Replaces MS12-025 ) |
|||||
| CVE-2015-2504 CVE-2015-2526 |
KB 3089662 | Severity:Important Exploitability: 1 |
Important | Important | ||
| MS15-102 | Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (Replaces MS14-054) |
|||||
| CVE-2015-2524 CVE-2015-2525 CVE-2015-2528 |
KB 3089657 | . | Severity:Important Exploitability: 1 |
Important | Important | |
| MS15-103 | Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (Replaces MS15-064) |
|||||
| CVE-2015-2505 CVE-2015-2543 CVE-2015-2544 |
KB 3089250 | . | Severity:Important Exploitability: 3 |
N/A | Important | |
| MS15-104 | Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (Replaces MS14-055) |
|||||
| CVE-2015-2531 CVE-2015-2532 CVE-2015-2536 |
KB 3089952 | . | Severity:Important Exploitability: 3 |
N/A | Important | |
| MS15-105 | Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass | |||||
| CVE-2015-2534 | KB 3091287 | . | Severity:Important Exploitability: 2 |
N/A | Important | |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
Keywords: mspatchday
14 comment(s)
Join us at SANS!
Attend with Johannes Ullrich in starting
×
![]()
Diary Archives
