==================================================================== CERT-Renater Note d'Information No. 2015/VULN176 _____________________________________________________________________ DATE : 09/09/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft Office , Microsoft Excel Viewer, Microsoft SharePoint Foundation version 2013. ====================================================================== KB3089664 https://technet.microsoft.com/en-us/library/security/MS15-099 ______________________________________________________________________ Microsoft Security Bulletin MS15-099 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Important (3089664) Bulletin Number: MS15-099 Bulletin Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Severity: Important KB Article: 3089664 Version: 1.0 Published Date: September 8, 2015 Executive Summary This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Important for all supported editions of the following software: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2013 RT Microsoft Excel for Mac 2011 Microsoft Excel for Mac 2016 Microsoft SharePoint Foundation 2013, Microsoft SharePoint Server 2013 For more information, see the Affected Software section. Affected Software Microsoft Office Software Microsoft Excel 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 [1] Microsoft Office for Mac 2011 Microsoft Excel for Mac 2011 Microsoft Office for Mac 2016 Microsoft Excel for Mac 2016 Other Office Software Microsoft Office Compatibility Pack Service Pack 3 Microsoft Excel Viewer [1]This update is available via Windows Update. [2]The 3088502 update is not yet available for Microsoft Office for Mac 2016. The update will be released as soon as it is available and users will be notified via a bulletin revision. Microsoft Server Software Microsoft SharePoint Foundation 2013 Service Pack 1 Vulnerability Information Multiple Microsoft Office Memory Corruption Vulnerabilities Remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerabilities by correcting how Microsoft Office handles files in memory. The following tables contain links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly Disclosed Exploited Microsoft Office Memory CVE-2015-2520 No No Corruption Vulnerability Microsoft Office Memory CVE-2015-2521 No No Corruption Vulnerability Microsoft Office Memory CVE-2015-2523 No No Corruption Vulnerability Microsoft SharePoint XSS Spoofing Vulnerability - CVE-2015-2522 A cross-site scripting (XSS) vulnerability, which could result in spoofing, exists when SharePoint fails to properly sanitize user-supplied web requests. An attacker who successfully exploited this vulnerability could perform persistent cross-site scripting attacks and run script (in the security context of the logged-on user) with malicious content that appears authentic. This could allow the attacker to steal sensitive information, including authentication cookies and recently submitted data. To exploit this vulnerability, an attacker must have the ability to submit a specially crafted content to a target site. Because of the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script to be run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur. For instance, after an attacker has successfully submitted a specially crafted web request to a target site, any webpage on that site that contains the specially crafted content is a potential vector for cross-site scripting attacks. When a user visits a webpage that contains the specially crafted content, the script could be run in the security context of the user. The security update addresses the vulnerability by modifying how SharePoint validates web requests. Microsoft received information about the vulnerabilities through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that these vulnerabilities had been publicly used to attack customers. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================