| # | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
|---|---|---|---|---|---|---|
| clients | servers | |||||
| MS15-058 | Remote Code Execution Vulnerabilities in SQL Server (This bulletin was supposed to be part of the June 2015 patch Tuesday, but got delayed until today) |
|||||
| SQL Server CVE-2015-1761 CVE-2015-1762 CVE-2015-1763 |
KB 3065718 | no. | Severity:Important Exploitability: 2 |
N/A | Important | |
| MS15-065 | Internet Explorer Rollup Patch (Replaces MS15-056 ) | |||||
| Internet Explorer CVE-2015-1729 CVE-2015-1733 CVE-2015-1738 CVE-2015-1767 CVE-2015-2372 CVE-2015-2383 CVE-2015-2384 CVE-2015-2385 CVE-2015-2388 CVE-2015-2389 CVE-2015-2390 CVE-2015-2391 CVE-2015-2397 CVE-2015-2398 CVE-2015-2401 CVE-2015-2403 CVE-2015-2404 CVE-2015-2405 CVE-2015-2406 CVE-2015-2408 CVE-2015-2410 CVE-2015-2411 CVE-2015-2412 CVE-2015-2413 CVE-2015-2414 CVE-2015-2419 CVE-2015-2421 CVE-2015-2422 CVE-2015-2425 |
KB 3076321 | CVE-2015-2398 has been publicly disclosed.. | Severity:Critical Exploitability: 0 |
Critical | Important | |
| MS15-066 | Remote Code Execution Vulnerability in VBScript Scripting Engine (Replaces MS15-019 ) | |||||
| VBScript CVE-2015-2372 |
KB 3072604 | no. | Severity:Critical Exploitability: 1 |
Critical | Important | |
| MS15-067 | Remote Code Execution Vulnerability in RDP (Replaces MS15-030 ) | |||||
| RDP CVE-2015-2373 |
KB 3073094 | no. | Severity:Critical Exploitability: 3 |
Critical | Critical | |
| MS15-068 | Remote Code Execution Vulnerabilities in Hyper-V | |||||
| Hyper-V CVE-2015-2361 CVE-2015-2362 |
KB 3072000 | no. | Severity:Critical Exploitability: 2 |
N/A | Critical | |
| MS15-069 | Remote Code Execution Vulnerabilities in Windows | |||||
| Windows and Windows Media Device Manager CVE-2015-2368 CVE-2015-2369 |
KB 3072631 | unauthorized DLL loading is an ongoing issue. | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-070 | Remote Code Execution Vulnerabilities in Office (Replaces MS13-084 MS15-022 MS15-033 MS15-046 ) | |||||
| Microsoft Office (including Mac and Sharepoint) CVE-2015-2376 CVE-2015-2377 CVE-2015-2379 CVE-2015-2380 CVE-2015-2415 CVE-2015-2424 CVE-2015-2375 CVE-2015-2378 |
KB 3072620 | CVE-2015-2424 has been used in exploits.. | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-071 | Spoofing Vulnerability in Netlogon (Replaces MS15-027 ) | |||||
| Netlogon CVE-2015-2374 |
KB 3068457 | no. | Severity:Important Exploitability: 3 |
Important | Important | |
| MS15-072 | Elevation of Privilege Vulnerability in Windows Graphics Component (Replaces MS15-035 ) | |||||
| Windows Graphics component CVE-2015-2364 |
KB 3069392 | no. | Severity:Important Exploitability: 1 |
Important | Important | |
| MS15-073 | Elevation of Privilege Vulnerability in Kernel Mode Drivers (Replaces MS15-061 ) | |||||
| Kernel Mode Drivers CVE-2015-2363 CVE-2015-2365 CVE-2015-2366 CVE-2015-2367 CVE-2015-2381 CVE-2015-2382 |
KB 3070102 | no. | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-074 | Elevation of Privilege Vulnerability in Windows Installer Service (Replaces MS49-049 ) | |||||
| Windows Installer Service CVE-2015-2371 |
KB 3072630 | no. | Severity:Important Exploitability: 1 |
Important | Important | |
| MS15-075 | Elevation of Privilege Vulnerability in OLE (Replaces MS13-070 ) | |||||
| OLE CVE-2015-2416 CVE-2015-2417 |
KB 3072633 | no. | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-076 | Elevation of Privilege in Windows RPC (Replaces MS15-055 ) | |||||
| Windows RPC CVE-2015-2370 |
KB 3067505 | no. | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-077 | Elevationof Privilege Vulnerability in ATM Font Driver (Replaces MS15-021 ) | |||||
| ATM Font Driver (ATMFD.DLL) CVE-2015-2387 |
KB 3077657 | Exploits Detected. | Severity:Important Exploitability: 0 |
Important | Important | |
(*): ISC rating
- We use 4 levels:
- PATCH NOW Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important Things where more testing and other measures can help.
- Less Important patches for servers that do not use outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threats.
