March’s Microsoft Patch Tuesday bulletin has just been released and David Picotte, manager of security engineering at Rapid7, has the following thoughts to share:
“This month Microsoft has released 14 new bulletins, 5 of which are rated as “Critical” and another 9 as “Important”. As a déjà vu from last month, a critical remote code execution vulnerability (MS15-018) affecting all supported Internet Explorer versions (6-11) is being patched, which addresses 12 CVEs. The patch addresses issues with Internet Explorer’s memory management that could allow the remote corruption of memory and result in the execution of malicious code as the current user. As always users should be mindful of phishing campaigns that may attempt to leverage this vulnerability.
Also released this month is MS15-022, a remote execution vulnerability in a cross platform component of office. This affects all supported versions of MS Office, docx/xls viewers, SharePoint and Office Web Apps. Bundled into this bulletin is a fix for a set of cross site scripting (XSS) vulnerabilities, namely CVE-2015-1633 and CVE-2015-1636, applying these fixes will likely be the most time consuming patch for administrators as it may require a restart of critical SharePoint infrastructure systems.
MS15-026 is a XSS vulnerability in OWA enabling a privilege escalation attack and affects all editions of Exchange Server 2013; its severity is listed as “Important” and doesn’t require a system restart. Hopefully this will translate to a quick win for administrators as this patch contains only fixes for the issue being addressed and doesn’t bundle in additional enhancements.
Microsoft has released update 3044132 as an enhancement to security advisory 2755801 which further addresses issues in Adobe Flash affecting Internet Explorer 10 and 11, further details will be provided in Adobe’s Security bulletin APSB15-05 which in scheduled for release on March 12th.”
Rapid7’s mission is to develop simple, innovative solutions for security’s complex challenges. The company understands the attacker better than anyone and builds that insight into its security software and services. Rapid7’s IT security analytics solutions collect, contextualize, and analyze the security data users need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so customers can halt threats and clean up systems fast. Unlike traditional vulnerability assessment or incident management, Rapid7 provides insight into the security state of your assets and users, across virtual, mobile, private and public cloud networks.
The company offers advanced capabilities for vulnerability management, penetration testing, endpoint controls assessment, and incident detection and investigation. Its attacker intelligence is informed by more than 200,000 members of the Metasploit community, the industry-leading Rapid7 Research Labs, and its experienced security services team. Rapid7 is trusted by more than 3,000 organizations across 78 countries, including more than 250 of the Fortune 1000.