=====================================================================

                           CERT-Renater

               Note d'Information No. 2015/VULN070
_____________________________________________________________________

DATE                : 13/05/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Microsoft Windows,
                                     Microsoft Office,
                                     Microsoft Live Meeting
                                     Microsoft Lync
                                     Microsoft Silverlight
                                     Microsoft .NET Framework.

======================================================================
KB3057110
https://technet.microsoft.com/en-us/library/security/MS15-044
______________________________________________________________________

MS15-044: Vulnerabilities in GDI+ Could Allow Remote Code Execution
(3057110)

Bulletin Number: MS15-044

Bulletin Title: Vulnerabilities in GDI+ Could Allow Remote Code Execution

Severity: Critical

KB Article: 3057110

Version: 1.0

Published Date: May 12, 2015

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows,
Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and
Microsoft Silverlight.
The more severe of the vulnerabilities could allow remote code
execution if a user opens a specially crafted document or visits an
untrusted webpage that contains embedded TrueType fonts.

This security update is rated Critical for supported releases of
Microsoft Windows and all affected editions of Microsoft .NET
Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight.
For more information, see the Affected Software section.


Affected Software


Microsoft Windows

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8 for 32-bit Systems

Windows 8 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows Server 2012

Windows Server 2012 R2

Windows RT[2]

Windows RT 8.1[2]

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

[1].NET Framework 4 and .NET Framework 4 Client Profile affected.

[2]This update is available via Windows Update only.

Microsoft Office

Microsoft Office 2007 Service Pack 3

Microsoft Office 2010 Service Pack 2 (32-bit editions)

Microsoft Office 2010 Service Pack 2 (64-bit editions)

Microsoft Communications Platforms and Software

Microsoft Live Meeting 2007 Console[1]

Microsoft Lync 2010 (32-bit)

Microsoft Lync 2010 (64-bit)

Microsoft Lync 2010 Attendee[1] (user level install)

Microsoft Lync 2010 Attendee (admin level install)

Microsoft Lync 2013 Service Pack 1 (32-bit) (Skype for Business)

Microsoft Lync Basic 2013 Service Pack 1 (32-bit) (Skype for Business Basic)

Microsoft Lync 2013 Service Pack 1 (64-bit) (Skype for Business)

Microsoft Lync Basic 2013 Service Pack 1 (64-bit) (Skype for Business Basic)


[1]This update is available from the Microsoft Download Center only.

Microsoft Developer Tools and Software

Microsoft Silverlight 5 when installed on Mac

Microsoft Silverlight 5 Developer Runtime when installed on Mac

Microsoft Silverlight 5 when installed on all supported releases of
Microsoft Windows clients

Microsoft Silverlight 5 Developer Runtime when installed on all
supported releases of Microsoft Windows clients

Microsoft Silverlight 5 when installed on all supported releases of
Microsoft Windows servers

Microsoft Silverlight 5 Developer Runtime when installed on all
supported releases of Microsoft Windows servers


Vulnerability Information

OpenType Font Parsing Vulnerability - CVE-2015-1670

An information disclosure vulnerability exists in Microsoft Windows
when the Windows DirectWrite library improperly handles OpenType fonts.
An attacker who successfully exploited this vulnerability could
potentially read data which was not intended to be disclosed. Note that
this vulnerability would not allow an attacker to execute code or to
elevate their user rights directly, but it could be used to obtain
information that could be used to try to further compromise the
affected system.

To exploit the vulnerability an attacker could host a specially crafted
website that is designed to exploit the vulnerability and then convince
a user to view the website. This could also include compromised
websites and websites that accept or host user-provided content or
advertisements. In all cases, however, an attacker would have no way to
force users to visit such websites.
Instead, an attacker would have to convince users to visit a website,
typically by way of enticements in Instant Messenger or email messages.

The update addresses the vulnerability by correcting how the Windows
DirectWrite library handles OpenType fonts. Microsoft received
information about the vulnerability through coordinated vulnerability
disclosure. When this security bulletin was issued, Microsoft had not
received any information to indicate that this vulnerability had been
publicly used to attack customers.


TrueType Font Parsing Vulnerability - CVE-2015-1671

A remote code execution vulnerability exists when components of
Windows, .NET Framework, Office, Lync, and Silverlight fail to properly
handle TrueType fonts. An attacker who successfully exploited this
vulnerability could take complete control of the affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights.

There are multiple ways an attacker could exploit this vulnerability,
including by convincing a user to open a specially crafted document or
convincing them to visit an untrusted webpage that contains embedded
TrueType fonts.

The update addresses the vulnerability by correcting how the affected
software products handle TrueType fonts. Microsoft received information
about the vulnerability through coordinated vulnerability disclosure.
When this security bulletin was issued, Microsoft was aware of limited
attacks that attempt to exploit this vulnerability.


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================