DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 9, 2020 
Main Menu
News archives

Who's Online
There are currently 87 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Microsoft patches critical http.sys and RTF security flaws

Posted on Wednesday, April 15 2015 @ 11:24:26 CEST by

Microsoft logo
As part of the company's monthly Patch Tuesday update cycle, Microsoft released a bunch of security updates for Windows and Office. This month there are 11 bulletins, including four critical updates and seven market as important.

One of the critical updates plugs a gaping hole into http.sys that could allow attackers to remotely execute code on systems running the ISS webserver by manipulating http requests. Other than that, one of the other critical bulletins fixes ten security flaws in Internet Explorer while another fixes a critical hole that allowed code execution when opening manipulated RTF or Office documents.

The Register compiled a handy list over here:
  • MS15-032 Critical bulletin containing patches for 10 vulnerabilities in Internet Explorer. The bulletin is a cumulative update for Internet Explorer versions 6-11. Opening a malicious webpage that exploits one of these bugs to pull off a remote-code execution attack will compromise your computer unless you patch.

  • MS15-033 Critical bulletin addressing five CVE-listed vulnerabilities (CVE-2015-1641, CVE-2015-1649, CVE-2015-1650, CVE-2015-1651, CVE-2015-1639) in Office 2007-2013 as well as Office for Mac. Opening a dodgy rich text file or Office document could lead to code execution with the privileges of the logged-in user.

  • MS15-034 Critical fix for a remote code execution vulnerability (CVE-2015-1635) in HTTP.sys for Windows 7 and 8 as well as Server 2008 and Server 2012. Sending a malicious HTTP request to a Windows box running the IIS web server can fool the system into executing your malicious code.

  • MS15-035 Critical update for CVE-2015-1645, a flaw in the Microsoft Graphics Component in Windows Server 2003, 2008, Windows Vista and Windows 7. Windows 8 and Windows Server 2012 are not listed as vulnerable to the flaw. Opening an EMF file can trigger remote-code execution.

  • MS15-036 Important update for two SharePoint Server elevation of privilege vulnerabilities (CVE-2015-1640 and CVE-2015-1653). Applies to SharePoint Server 2010 and 2013.

  • MS15-037 Important bulletin for an elevation of privilege flaw (CVE-2015-0098) in Windows Task Scheduler. The fix applies to Windows 7 and Server 2008 R2.

  • MS15-038 Important fix for a elevation of privilege vulnerabilities (CVE-2015-1643 and CVE-2015-1644) in Windows Vista, 7, 8, 8.1, RT and Windows Server 2003, 2008 and 2012.

  • MS15-039 Important bulletin to address a security bypass hole (CVE-2015-1646) in XML Core Services on Windows Vista and Windows 7 as well as Server 2003 and Server 2008.

  • MS15-040 Important bulletin for an information disclosure flaw (CVE-2015-1638) in Active Directory for Windows Server 2012 R2.

  • MS15-041 Important information disclosure vulnerability (CVE-2015-1648) in .Net Framework on Windows Vista through Windows 8.1 and Server 2003-2012.

  • MS15-042 Important denial of service vulnerability ((CVE-2015-1647) in Hyper-V for Windows 8.1 and Windows Server 2012 R2.



    DV Hardware - Privacy statement
    All logos and trademarks are property of their respective owner.
    The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba