• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search
  • Personal Preparedness
    • Keeping data safe
    • Email & phishing scams
    • Secure data removal
    • IU passphrases
    • Using social media
    • Web privacy
    • Account privileges
    • Remote Desktop
    • Cybersecurity while traveling
    • Identity verification
    • Hardware & software security
      • Laptop & mobile device security
      • Malware, scareware, & ransomware
      • Storage drives
      • Wearable technologies
      • Protecting data in copiers and multifunction devices
      • Use of survey software
      • Solid State Drives
    • File sharing & copyright
      • Contesting copyright infringement notices
      • Disabling peer-to-peer file sharing
      • Copyright tutorial
      • Copyright infringement incident resolution
  • Information & IT Policies
    • The Policy Hierarchy explained
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • Federal & international regulations
    • Indiana Data Protection laws FAQ
    • IT-12.1 Mobile Device Security Standard
  • Information Security & Privacy Program
    • Safeguards
      • Risk assessment and treatment
      • Policy administration
      • Organization
      • Asset management
      • Human resources
      • Physical & environmental security
      • Communications & operations management
      • Identity & access control
      • Information systems acquisition, development, and maintenance
      • Incident management
      • Business continuity management
      • Compliance
    • Governance
    • Principles
  • Protecting Data & Privacy
    • Privacy matters
      • Privacy harms
      • Privacy principles
      • Understanding and protecting privacy
    • Sensitive data
      • Guidelines
    • Sharing institutional data with third parties
  • Resources for IT Professionals
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Benchmarks
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
      • Privacy Notice Generator
      • Training & awareness
      • Incident Response Webservice
      • Penetration test
      • SSL/TLS certificates
      • Vulnerability scanners
  • About
    • Glossary of Terms
    • Trustees Resolution
  • Contact
  • Report an Incident
    • Report Privacy Incident or Request Assistance
    • Emergency IT Incidents
    • Managing Incidents
    • Identity Theft
    • Reporting Suspected Sensitive Data Exposures

Information Security & Policy

  • Home
  • Personal Preparedness
    • Keeping data safe
    • Email & phishing scams
    • Secure data removal
    • IU passphrases
    • Using social media
    • Web privacy
    • Account privileges
    • Remote Desktop
    • Cybersecurity while traveling
    • Identity verification
    • Hardware & software security
    • File sharing & copyright
  • Information & IT Policies
    • The Policy Hierarchy explained
    • Privacy policies & FAQ
    • Acceptable Use Agreement
    • Information & IT Policy Process
    • Cyber Risk Review
    • Federal & international regulations
    • Indiana Data Protection laws FAQ
    • IT-12.1 Mobile Device Security Standard
  • Information Security & Privacy Program
    • Safeguards
    • Governance
    • Principles
  • Protecting Data & Privacy
    • Privacy matters
    • Sensitive data
    • Sharing institutional data with third parties
  • Resources for IT Professionals
    • Information Risk Assessments
    • SecureMyResearch
    • Cloud computing
    • Audits & requirements
    • Data encryption
    • Back up data
    • Information security best practices
    • CIS Benchmarks
    • Disaster recovery planning
    • Managing employee data
    • Medical device security
    • Transferring data securely
    • Using SSH
    • Additional resources
  • Search
  • About
  • Contact
  • Report an Incident
  • Home
  • Security Bulletins
  • Microsoft updates MS15-131 and MS15-135 address multiple critical, important and one actively exploited vulnerabilities

Microsoft updates MS15-131 and MS15-135 address critical, important and one actively exploited vulnerabilities

Friday, December 11, 2015

Microsoft released security advisory MS15-131 on Dec. 8, documenting critical vulnerabilities in some Office products. In addition to five memory corruption flaws, a remote code execution vulnerability exists that can be exploited by attackers without the user taking any action other than previewing an email in Outlook.

A fix is available for all Windows and Windows-based software; the Global Configman service is working to push these updates as soon as possible. Microsoft Office for Mac 2011 and 2016 fixes are not yet available; they will be released as soon as possible. The current suggested workaround is to disable previewing messages in Outlook.

Additionally, Microsoft released security advisory MS15-135 documenting a critical vulnerability in Windows Kernel-Mode drivers. If successfully exploited, the vulnerabilities can lead to an elevation of priviledge for an attacker if they are able to log onto a vulnerable system and execute specially written code.

Though this advisory is rated "Important" and not "Critical" by Microsoft, they note that an exploit for one of the four vulnerabilities in the report -- CVE-2015-6175 -- has been detected in the wild. Be aware that aside from applying the Windows Updates there are no currently known workarounds or mitigating factors for these vulnerabilities.

The Global ConfigMgr service is working to push these updates as soon as possible.

Further reading:

MS15-131

  • https://technet.microsoft.com/en-us/library/security/MS15-131
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6040
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6118
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6124
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6177

MS15-135

  • https://technet.microsoft.com/library/security/MS15-135
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6171
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6173
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6174
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6175

Information Security & Policy resources

  • Leading in Cybersecurity
  • IU Data Management

Indiana University

Accessibility | Privacy Notice | Copyright © 2021 The Trustees of Indiana University