Computer News & Safety – Harry Waldron Rotating Header Image

June 9th, 2015:

Microsoft Security Updates – JUNE 2015

https://technet.microsoft.com/library/security/MS15-jun

Microsoft is releasing the following eight security bulletins for newly discovered vulnerabilities:

Bulletin ID: MS15-056
Bulletin Title: Cumulative Security Update for Internet Explorer (3058515)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Internet Explorer on affected Microsoft Windows clients and servers.

Bulletin ID: MS15-057
Bulletin Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
Max Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin ID: MS15-059
Bulletin Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
Max Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Compatibility Pack SP3, Office 2010, Office 2013, and Office 2013 RT.

Bulletin ID: MS15-060
Bulletin Title: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
Max Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1.

Bulletin ID: MS15-061
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: All supported releases of Microsoft Windows.

Bulletin ID: MS15-062
Bulletin Title: Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Does not require restart
Affected Software: Microsoft Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012.

Bulletin ID: MS15-063
Bulletin Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

Bulletin ID: MS15-064
Bulletin Title: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
Max Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Does not require restart
Affected Software: Microsoft Exchange Server 2013

 

Web Security – US Government must use HTTPS on all sites by December 2016

All governmental sites must use encrypted secure connections as an operational standard by the end of 2016.

http://www.pcmag.com/article2/0,2817,2485665,00.asp

https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf

The White House now requires all publicly accessible federal websites and services to use a secure HTTPS connection. Government agencies have until Dec. 31, 2016 to comply with the new HTTPS-Only Standard directive.   Unencrypted HTTP connections “create a vulnerability and expose potentially sensitive information about users,” U.S. Chief Information Officer Tony Scott said in this week’s announcement. That includes data like browser identity, website content, search terms, and other user-submitted details. “To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services,” Scott continued. “Monday’s action will deliver that same protection to users of federal websites and services.”

The move comes after the ACLU in April alerted Scott to “dozens” of inspectors general (including those at the Departments of Justice and Homeland Security) who did not use HTTPS for online whistleblower complaints, including disclosures of waste, fraud, or abuse.   That includes the Departments of Agriculture and Treasury, the Consumer Product Safety Commission, the Corporation for Public Broadcasting, the U.S. International Trade Commission, the National Archives, and the Smithsonian. Not to mention the State Department’s “Rewards for Justice” online terrorism tip line.