Microsoft releases a new batch of fourteen security updates patching over fifty vulnerabilities today, with one of them known to be abused in targeted attacks. A large number of the vulnerabilities were reported by researchers from Google and their Project Zero, and HP’s Zero Day initiative. Meanwhile, a reflective discussion about the value of these offensive teams is laid out on offsec mailing lists.
Currently being exploited in-the-wild, MS15-085 “Vulnerability in Mount Manager Could Allow Elevation of Privilege”, enables an attacker to write out an executable to disk and run it from usb disk insertion. Exploitation is in use as a part of limited targeted attacks. Update installation and maintenance seems to be a large order here, as Microsoft includes a unique recommendation with it: “If you install a language pack after you install this update, you must reinstall this update.” Not only is “Mountmgr.sys” listed a few hundred times in this related knowledge base article, but over a hundred other files are touched with this larger update.
The new Edge web browser maintains three “memory corruption” vulnerabilities. Typically, when these arise in Microsoft’s web browsers, the flaws have been use-after-free problems. These memory corruption issues surprisingly enable remote code execution on Windows 10:
and one ASLR bypass issue. While the code base is smaller, faster, and newer than IE, these issues continue to crop up in their newest code.
More on Microsoft’s August 2015 Bulletins can be found here, please update your system asap.