Microsoft Security Bulletins For August 2015

Martin Brinkmann
Aug 11, 2015
Updated • Jan 4, 2018
Companies, Microsoft
|
0

This is the Microsoft patch overview for August, 2015.  It reviews all security and non-security patches that the company has made available for its Windows operating system and other company products.

The overview provides you with details and links to all patch notes and knowledge base articles that provide additional information about each update.

It begins with an executive summary listing the most important information about this month's patch day.

This is followed by operating system and Microsoft product distribution information listing severity information and security bulletins for each product.

The next three chapters, security bulletins, security advisories and updates, and non-security patches, list all patches with descriptions and links to Microsoft resources.

The last chapter lists download and deployment information, and links to important resources.

Executive Summary

  1. Microsoft released a total of 14 security bulletins on the August 2015 patch day.
  2. Three bulletins have been classified with the severity rating critical, the highest level.
  3. All client and server versions of Windows are affected by at least one bulletin with the highest severity rating of critical.
  4. Other Microsoft software affected by vulnerabilities this month includes Microsoft Office, Microsoft SharePoint, Silverlight and Lync.

Operating System Distribution

Windows 10, Microsoft's new operating system, is the only system affected by three critical vulnerabilities while the remaining systems are affected by one or two only.

The bulletin exclusive to Windows 10 is MS15-091, a cumulative security update for Microsoft Edge.

  • Windows Vista: 2 critical, 7 important (Ms15-079, MS15-080, MS15-082, MS15-083, MS15-085, MS15-088, MS15-089, MS15-090, MS15-092)
  • Windows 7: 2 critical, 6 important (Ms15-079, MS15-080, MS15-082, MS15-085, MS15-088, MS15-089, MS15-090, MS15-092)
  • Windows 8 and 8.1: 2 critical, 5 important (Ms15-079, MS15-080, MS15-082, MS15-085, MS15-088, MS15-089, MS15-090)
  • Windows RT and Windows RT 8.1: 2 critical, 6 important (Ms15-079, MS15-080, MS15-082, MS15-085, MS15-088, MS15-089, MS15-090, MS15-092)
  • Windows 10: 3 critical, 3 important ((Ms15-079, MS15-080, MS15-085, MS15-088, MS15-091, MS15-092)
  • Windows Server 2003: 1 critical, 2 important, 1 moderate (Ms15-079, MS15-080, MS15-082, MS15-083)
  • Windows Server 2008: 1 critical, 9 important, 1 moderate (MS15-065, MS15-072, MS15-073, MS15-066, MS15-085, MS15-087, MS15-088, MS15-089, MS15-090, MS15-092)
  • Windows Server 2008 R2:  1 critical, 6 important, 1 moderate (Ms15-079, MS15-080, MS15-082, MS15-085, MS15-088, MS15-089, MS15-090, MS15-092)
  • Windows Server 2012 and 2012 R2: 1 critical, 6 important, 1 moderate (Ms15-079, MS15-080, MS15-082, MS15-085, MS15-088, MS15-089, MS15-090, MS15-092)
  • Server Core: 1 critical, 7 important (MS15-080, MS15-082, MS15-083, MS15-085, MS15-087, MS15-088, MS15-090, MS15-092)

Other Microsoft Products

  • Microsoft System Center 2012 Operations Manager and Operations Manager R2: 1 important (MS15-086)
  • Microsoft BizTalk Server: 1 important (Ms15-086)
  • Microsoft Office 2007: 1 critical, 2 important (MS15-080, MS15-081, MS15-084)
  • Microsoft Office 2010: 1 critical, 1 important (MS15-080, MS15-081)
  • Microsoft Office 2013 and Office 2013 RT: 1 critical (MS15-081)
  • Microsoft Office for Mac: 1 critical (MS15-081)
  • Other Office Software (Compatibility Pack SP3, Word Viewer, InfoPath 2007 SP2): 2 important ( MS15-081, MS15-084)
  • Microsoft SharePoint Server 2010 and 2013: 1 important (MS15-081)
  • Microsoft Office Web Apps 2010 and 2013: 1 important (MS15-081)
  • Microsoft Live Meeting 2007: 1 critical (MS15-080)
  • Microsoft Lync 2010 and 2013: 1 critical (MS15-080)
  • Microsoft Silverlight: 1 critical (MS15-080)

Security Bulletins

MS15-079 - Cumulative Security Update for Internet Explorer (3082442) - This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. - Critical - Remote Code Execution

MS15-080 - Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) - This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. - Critical - Remote Code Execution

MS15-081 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) - This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. - Critical - Remote Code Execution

MS15-082 - Vulnerabilities in RDP Could Allow Remote Code Execution (3080348) - This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. -
Important - Remote Code Execution

MS15-083 - Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging. - Important - Remote Code Execution

MS15-084 - Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129) - This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message. - Important - Information Disclosure

MS15-085 - Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it. - Important - Elevation of Privilege

MS15-086 - Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158) - This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website. - Important - Elevation of Privilege

MS15-087 - Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed. - Important - Elevation of Privilege

MS15-088 - Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) - This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081. - Important - Information Disclosure

MS15-089 - Vulnerability in WebDAV Could Allow Information Disclosure (3076949) - This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. - Important - Information Disclosure

MS15-090 - Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) - This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox. - Important - Elevation of Privilege

MS15-091 - Cumulative Security Update for Microsoft Edge (3084525) - This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. - Critical - Remote Code Execution

MS15-092 - Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) - This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so. - Important - Elevation of Privilege

Security Advisories and updates

  • Microsoft Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Updated: July 29, 2015
  • Microsoft Security Advisory 3057154 - Update to Harden Use of DES Encryption - Published: July 14, 2015
  • Microsoft Security Advisory 3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege - Published: July 14, 2015
  • MS15-078: Security Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded (KB3079904) - MS15-078: Vulnerability in Microsoft font driver could allow remote code execution: July 16, 2015
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3079777) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer: July 15, 2015

Non-security related updates

  • Cumulative Update for Windows 10 August 5, 2015 (KB3081424)
  • Dynamic Update for Windows 10 (KB3081427) - Compatibility update for upgrading to Windows 10: August 5, 2015
  • Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
  • Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
  • Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
  • Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB3075851) - Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015
  • Update for Windows 8.1 and Windows RT 8.1 (KB3075853) - Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015
  • Update for Windows 8.1 (KB3083669) - Update to make sure that applications can self-update after Windows 8.1 OOBE first running
  • Update for Windows 8.1 (KB3072318) - Update for Windows 8.1 OOBE to upgrade to Windows 10
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3055343) - Stop error code 0xD1, 0x139, or 0x3B and random crashes in Windows Server 2012 R2
  • Update for Windows 8.1 and Windows RT 8.1 (KB3061493) - Update enables magstripe drivers to support new devices in Windows 8.1 or Windows RT 8.1
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3065013) - "0x0000007F" and "0x0000009F" Stop errors in Windows 8.1 or Windows Server 2012 R2
  • Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB3070071) - Updated APN database entry for SoftBank Mobile Corp for Windows 8.1 and Windows 8
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3071663) - Microsoft applications might crash in Windows
  • Update for Windows 8.1, Windows 8, and Windows 7 (KB3071740) - Hyper-V integration components update for Windows virtual machines that are running on a Windows 10-based host
  • Update for Windows 8.1 and Windows RT 8.1 (KB3072019) - "Try again" error occurs and Bluetooth device cannot connect to computer in Windows 8.1 or Windows RT 8.1

How to download and install the August 2015 security updates

microsoft patch day august 2015

All security updates are available via Windows Update. Most Windows users have automatic updates enabled which means that the operating system will pick them up automatically to install them on the system.

Since there is a delay between checks, it is advised to run a manual check for updates instead if updates need to be installed as soon as they become available.

  1. Tap on the Windows-key, type Windows Update and select the appropriate option from the search results.
  2. Locate "check for updates" and click on the link or button
  3. Windows will run a manual check for updates and display all that are compatible with the system.

All updates are also made available as individual downloads on Microsoft's Download Center website. From there you may download a monthly security ISO image also which contains all patches for the month for all supported systems.

If you prefer third-party tools to download patches, check out the Windows update guide in the additional information section below.

Additional information

Summary
Microsoft Security Bulletins For August 2015
Article Name
Microsoft Security Bulletins For August 2015
Description
This is a detailed overview of Microsoft's August 2015 patch day for Windows and other company products.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.