Microsoft fixes critical vulnerabilities affecting Windows and Office

According to Microsoft, none of the flaws recently patched are actively exploited in the wild by threat actors.

The Microsoft Security Bulletin MS15-109 resolves vulnerabilities in Microsoft Windows  that could allow remote code execution if a user opens a specially crafted toolbar object in Windows or the attackers convince a user to visit a website containing a specially crafted content.

The Microsoft Security Bulletin MS15-110 is another critical update that fixes vulnerabilities that could allow remote code execution if a user opens a specially crafted Microsoft Office file.

“This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.” states the Microsoft Security Bulletin MS15-110.

Microsoft also patched the JScript and VBScript scripting engines implemented in Microsoft Windows, also in this case some of the flaws could allow remote code execution when victims visit a website hosting a specially crafted content.

“The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website,” states the Microsoft Security Bulletin MS15-108. “An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user and, if the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

See you next month 😉

Pierluigi Paganini

(Security Affairs –  Microsoft, Enterprise Security)