Microsoft has released several security updates for Windows, Internet Explorer and Office on July 2015 patchday. Here's a summary.
Advertising
Details about all security updates MS15-058 till MS15-77 are covered on this Microsoft Technet site.
- MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
Important; Remote Code Execution; May require restart
Affected software- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3 - Microsoft SQL Server 2008 for x64-based Systems Service Pack 3 - Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3 - Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 - Microsoft SQL Server 2008 for x64-based Systems Service Pack 4 - Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2 - Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2 - Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2 - Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3 - Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3 Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1 - Microsoft SQL Server 2012 for x64-based Systems Service Pack 1 Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2 - Microsoft SQL Server 2012 for x64-based Systems Service Pack 2 - Microsoft SQL Server 2014 for 32-bit Systems Systems - Microsoft SQL Server 2014 for x64-based Systems - MS15-065: Security Update for Internet Explorer (3076321)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Critical; Remote Code Execution, Requires restart
Affected software
- Windows Server 2003 Service Pack 2: - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 x64 Edition Service Pack 2: - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 with SP2 for Itanium-based Systems: - Internet Explorer 6 - Internet Explorer 7 - Windows Vista Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 - Windows Vista x64 Edition Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 - Windows Server 2008 for 32-bit Systems Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for x64-based Systems Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2: - Internet Explorer 7 - Windows 7 for 32-bit Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Internet Explorer 11 - Windows 7 for x64-based Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Internet Explorer 11 - Windows Server 2008 R2 for x64-based Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Internet Explorer 11 (Windows Server 2008 R2 Server Core installation not affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1: - Internet Explorer 8 - Windows 8 for 32-bit Systems: - Internet Explorer 10 - Windows 8 for x64-based Systems: - Internet Explorer 10 - Windows Server 2012: - Internet Explorer 10 (Windows Server 2012 Server Core installation not affected) - Windows RT: - Internet Explorer 10 - Windows 8.1 for 32-bit Systems: - Internet Explorer 11 - Windows 8.1 for x64-based Systems: - Internet Explorer 11 - Windows Server 2012 R2: - Internet Explorer 11 (Windows Server 2012 R2 Server Core installation not affected) - Windows RT 8.1: - Internet Explorer 11 - MS15-066: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Critical; Remote Code Execution, Requires restart
Affected software- Windows Server 2003 Service Pack 2 - VBScript 5.6 - VBScript 5.7 - Windows Server 2003 x64 Edition Service Pack 2 - VBScript 5.6 - VBScript 5.7 - Windows Server 2003 with SP2 for Itanium-based Systems - VBScript 5.6 - VBScript 5.7 - Windows Vista Service Pack 2 - VBScript 5.7 - Windows Vista x64 Edition Service Pack 2 - VBScript 5.7 - Windows Server 2008 for 32-bit Systems Service Pack 2 - VBScript 5.7 (Windows Server 2008 for 32-bit Systems Service Pack 2 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 - VBScript 5.7 (Windows Server 2008 for x64-based Systems Service Pack 2 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2: - VBScript 5.7 - Windows Server R2 for x64-based Systems Service Pack 1 Server Core installations only - VBScript 5.9
Advertising
- MS15-067: Vulnerability in RDP Could Allow Remote Code Execution (3073094)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
Critical; Remote Code Execution, Requires restart
Affected software- Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - MS15-068: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.
Critical; Remote Code Execution, Requires restart
Affected software
- Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 for x64-based Systems Service Pack 2 Server Core installation affected) - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 for x64-based Systems Service Pack 1 Server Core installation affected) - Windows 8 for x64-based Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - MS15-069: Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user's current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker's specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Critical; Remote Code Execution, May require restart
Affected software
- Windows Server 2003 Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Media Format SDK 11 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Media Format SDK 11 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected) - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation not affected) - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation not affected) - Windows RT 8.1 - MS15-070: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Important, Remote Code Execution, May require restart
Affected software- Microsoft Office 2007 Service Pack 3 - Microsoft Excel 2007 Service Pack 3 - Microsoft PowerPoint 2007 Service Pack 3 - Microsoft Word 2007 Service Pack 3 - Microsoft Office 2010 Service Pack 2 (32-bit editions) - Microsoft Office 2010 Service Pack 2 (32-bit editions) - Microsoft Excel 2010 Service Pack 2 (32-bit editions) - Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) - Microsoft Word 2010 Service Pack 2 (32-bit editions) - Microsoft Office 2010 Service Pack 2 (64-bit editions) - Microsoft Office 2010 Service Pack 2 (64-bit editions) - Microsoft Excel 2010 Service Pack 2 (64-bit editions) - Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) - Microsoft Word 2010 Service Pack 2 (64-bit editions) - Microsoft Office 2013 Service Pack 1 (32-bit editions) - Microsoft Excel 2013 Service Pack 1 (32-bit editions) - Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) - Microsoft Word 2013 Service Pack 1 (32-bit editions) - Microsoft Office 2013 Service Pack 1 (64-bit editions) - Microsoft Excel 2013 Service Pack 1 (64-bit editions) - Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) - Microsoft Word 2013 Service Pack 1 (64-bit editions) - Microsoft Office 2013 RT Service Pack 1 - Microsoft Excel 2013 RT Service Pack 1 - Microsoft PowerPoint 2013 RT Service Pack 1 - Microsoft Word 2013 RT Service Pack 1 - Microsoft Office for Mac 2011 - Microsoft Excel for Mac 2011 - Microsoft Excel Viewer 2007 Service Pack 3 - Microsoft Office Compatibility Pack Service Pack 3 - Microsoft Word Viewer - Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions) - Excel Services - Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions) - Excel Services - Microsoft SharePoint Server 2010 Service Pack 2 - Excel Services - Microsoft SharePoint Server 2013 Service Pack 1 - Excel Services - MS15-071: Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC).
Important, Elevation of Privilege; Requires restart
Affected software- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 R2 Service Pack 2 - Windows Server 2003 R2 x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - MS15-072: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows Graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. An attacker must first log on to the system to exploit this vulnerability.
Important, Elevation of Privilege; Requires restart
Affected software
- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 R2 Service Pack 2 - Windows Server 2003 R2 x64 Edition Service Pack 2 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - MS15-073: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Important, Elevation of Privilege; Requires restart
Affected software- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 R2 Service Pack 2 - Windows Server 2003 R2 x64 Edition Service Pack 2 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - MS15-074: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Important, Elevation of Privilege; Requires restart
Affected software- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 R2 Service Pack 2 - Windows Server 2003 R2 x64 Edition Service Pack 2 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - MS15-075: Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run through Internet Explorer. Once the other vulnerability has been exploited, an attacker could then exploit the vulnerabilities addressed in this bulletin to cause arbitrary code to run at a medium integrity level.
Important, Elevation of Privilege; Requires restart
Affected software- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - MS15-076: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Important, Elevation of Privilege; Requires restart
Affected software- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 R2 Service Pack 2 - Windows Server 2003 R2 x64 Edition Service Pack 2 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - MS15-077: Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Important, Elevation of Privilege; Requires restart
Affected software- Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1
This web site contains also some informations, althought updates like MS15-058 isn't covered.
Advertising
