Patch Analysis for August 2015

Welcome to this August Patch Tuesday. This month delivers 14 patches, 4 critical, 10 important, and the first month to patch Windows 10. Begin this month with MS15-081 and MS15-079. These patches remediate a large quantity of vulnerabilities in Office and Internet Explorer. One of the Office vulnerabilities is being actively attacked so it is especially important. Follow up with the remaining critical vulnerabilities MS15-080 and MS15-091 that fix vulnerabilities in .NET, Lync, Office, Silverlight, and Edge. There is one patch rated important that is being actively attacked so it is important to patch MS15-085. This fixes an issue where an attacker could insert a USB stick into a target machine and execute a binary. The remaining important rated vulnerabilities will be applicable to most environments and should be applied as soon as patch testing is completed. With the release of the first patch Tuesday patches for Windows 10 it is important to start considering what is in your environment. Do you know what OS's and applications are running? It is hard to patch what you do not know about.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

Visit the Lumension Patch Tuesday Center

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS15-090

3060716
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Restart required, multiple vulnerabilitiesUpdate after testing
MS15-083

3073921
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Restart requiredUpdate after testing
MS15-086

3075158
Privilege elevation

/ Microsoft Server Software
Servers
No/NoNoImportant Sys Center 2012 Ops Mgr
Sys Center 2012 Ops Mgr R2
Does not require restartUpdate after testing
MS15-089

3076949
Information disclosure

/ Microsoft Windows
Workstations
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
May require restartUpdate after testing
MS15-080

3078662
Arbitrary code

/ .NET, Office, Lync, Silverlight
Workstations
Terminal Servers
Servers
No/NoYesCritical Vista
Office 2007
Server 2008
Server 2008 R2
Windows 7
Office 2010
Silverlight 5
Lync 2010
Windows 8
Server 2012
Windows RT
Lync 2013
Server 2012 R2
Windows 8.1
Windows RT 8.1
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 4
.NET Framework 4.5
.NET Framework 4.5.1
.NET Framework 3.0 SP2
.NET Framework 4.5.2
Windows 10
May require restart, multiple vulnerabilitiesUpdate immediately
MS15-084

3080129
Information disclosure

/ Microsoft Office
Workstations
Terminal Servers
No/NoNoImportant Vista
Office 2007
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
May require restart, multiple vulnerabilitiesUpdate after testing
MS15-082

3080348
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Restart required, multiple vulnerabilitiesUpdate after testing
MS15-081

3080790
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
No/YesYesCritical Office 2007
Office 2010
Office 2011 for MAC
Office 2013 RT
Office 2013
May require restart, multiple vulnerabilitiesUpdate immediately
MS15-079

3082442
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoYesCritical Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Requires restart, multiple vulnerabilitiesUpdate immediately
MS15-088

3082458
Information disclosure

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
May require restartUpdate after testing
MS15-087

3082459
Privilege elevation

/ Microsoft Server Software
Servers
No/NoYesImportant Server 2008
Does not require restartUpdate after testing
MS15-085

3082487
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/YesNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Restart requiredUpdate after testing
MS15-091

3084525
Arbitrary code

/ Microsoft Edge
Servers
No/NoNoCritical Microsoft Edge
Requires restart, multiple vulnerabilitiesUpdate immediately
MS15-092

3086251
Privilege elevation

/ .NET Framework
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
May require restart, multiple vulnerabilitiesUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.