Microsoft Security Bulletin MS15-088 - Important

Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)

Published: August 11, 2015

Version: 1.0

This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.

This security update is rated Important for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

This security update, in conjunction with the updates for Internet Explorer and Microsoft Office, addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer. For more information about the vulnerability, see the Vulnerability Information section.

For more information about the updates required to address this vulnerability, see Microsoft Knowledge Base Article 3082458, Microsoft Knowledge Base Article 3082442, and Microsoft Knowledge Base Article 3080790.

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Operating System

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced*

Windows Vista

Windows Vista Service Pack 2
(3046017)

Information Disclosure

Important

None

Windows Vista Service Pack 2
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Vista x64 Edition Service Pack 2
(3046017)

Information Disclosure

Important

None

Windows Vista x64 Edition Service Pack 2
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2
(3046017)

Information Disclosure

Important

None

Windows Server 2008 for 32-bit Systems Service Pack 2
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008 for x64-based Systems Service Pack 2
(3046017)

Information Disclosure

Important

None

Windows Server 2008 for x64-based Systems Service Pack 2
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3046017)

Information Disclosure

Important

None

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows 7

Windows 7 for 32-bit Systems Service Pack 1
(3046017)

Information Disclosure

Important

None

Windows 7 for 32-bit Systems Service Pack 1
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows 7 for x64-based Systems Service Pack 1
(3046017)

Information Disclosure

Important

None

Windows 7 for x64-based Systems Service Pack 1
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3046017)

Information Disclosure

Important

None

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3046017)

Information Disclosure

Important

None

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows 8 and Windows 8.1

Windows 8 for 32-bit Systems
(3046017)

Information Disclosure

Important

None

Windows 8 for x64-based Systems
(3046017)

Information Disclosure

Important

None

Windows 8.1 for 32-bit Systems
(3046017)

Information Disclosure

Important

None

Windows 8.1 for x64-based Systems
(3046017)

Information Disclosure

Important

None

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
(3046017)

Information Disclosure

Important

None

Windows Server 2012 R2
(3046017)

Information Disclosure

Important

None

Windows RT and Windows RT 8.1

Windows RT[1]
(3046017)

Information Disclosure

Important

None

Windows RT 8.1[1]
(3046017)

Information Disclosure

Important

None

Windows 10

Windows 10 for 32-bit Systems [2]
(3081436)

Information Disclosure

Important

None

Windows 10 for x64-based Systems [2]
(3081436)

Information Disclosure

Important

None

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(3046017)

Information Disclosure

Important

None

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(3046017)

Information Disclosure

Important

None

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(3046017)

Information Disclosure

Important

None

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(3079757)

Information Disclosure

Important

3039066 in MS15-020

Windows Server 2012 (Server Core installation)
(3046017)

Information Disclosure

Important

None

Windows Server 2012 R2 (Server Core installation)
(3046017)

Information Disclosure

Important

None

[1]This update is available via Windows Update only.

[2]The Windows 10 update is cumulative. In addition to containing non-security updates, it also contains all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with this month’s security release. The update is available via the Windows Update Catalog only. See Microsoft Knowledge Base Article 3081436 for more information and download links.

*The Updates Replaced column shows only the latest update in any chain of superseded updates. For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).

Note Windows Server Technical Preview 2 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update

The vulnerability discussed in this bulletin is also discussed in other bulletins being released in August. Do I need to install multiple updates to be protected from the vulnerability? 
Yes. To be protected from this vulnerability, customers must apply all of the updates provided in this bulletin for their affected software, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081. Customers who do not install all of the updates available for their affected software will not be fully protected from the vulnerability.

Additional Affected Software

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced

Internet Explorer

See MS15-079 for the complete list of affected software and download links for Internet Explorer 
(3078071)

Information Disclosure

Important

See MS15-079

Microsoft Office

See MS15-081 for the complete list of affected software and download links for Microsoft Office 
(3080790)

Information Disclosure

Important

See MS15-081

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the August bulletin summary.

Vulnerability Severity Rating and Maximum Security Impact by Affected Software

Affected Software

Unsafe Command Line Parameter Passing Vulnerability - CVE-2015-2423

Aggregate Severity Rating

Windows Vista

Windows Vista Service Pack 2
(3046017)

Important 
Information Disclosure

Important

Windows Vista Service Pack 2
(3079757)

Important 
Information Disclosure

Important

Windows Vista x64 Edition Service Pack 2
(3046017)

Important 
Information Disclosure

Important

Windows Vista x64 Edition Service Pack 2
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 for 32-bit Systems Service Pack 2
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008 for x64-based Systems Service Pack 2
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 for x64-based Systems Service Pack 2
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 for Itanium-based Systems Service Pack 2
(3079757)

Important 
Information Disclosure

Important

Windows 7

Windows 7 for 32-bit Systems Service Pack 1
(3046017)

Important 
Information Disclosure

Important

Windows 7 for 32-bit Systems Service Pack 1
(3079757)

Important 
Information Disclosure

Important

Windows 7 for x64-based Systems Service Pack 1
(3046017)

Important 
Information Disclosure

Important

Windows 7 for x64-based Systems Service Pack 1
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(3079757)

Important 
Information Disclosure

Important

Windows 8 and Windows 8.1

Windows 8 for 32-bit Systems
(3046017)

Important 
Information Disclosure

Important

Windows 8 for x64-based Systems
(3046017)

Important 
Information Disclosure

Important

Windows 8.1 for 32-bit Systems
(3046017)

Important 
Information Disclosure

Important

Windows 8.1 for x64-based Systems
(3046017)

Important 
Information Disclosure

Important

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
(3046017)

Important 
Information Disclosure

Important

Windows Server 2012 R2
(3046017)

Important 
Information Disclosure

Important

Windows RT and Windows RT 8.1

Windows RT
(3046017)

Important 
Information Disclosure

Important

Windows RT 8.1
(3046017)

Important 
Information Disclosure

Important

Windows 10

Windows 10 for 32-bit Systems
(3081436)

Important 
Information Disclosure

Important

Windows 10 for x64-based Systems
(3081436)

Important 
Information Disclosure

Important

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(3079757)

Important 
Information Disclosure

Important

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(3046017)

Important 
Information Disclosure

Important

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(3079757)

Important 
Information Disclosure

Important

Windows Server 2012 (Server Core installation)
(3046017)

Important 
Information Disclosure

Important

Windows Server 2012 R2 (Server Core installation)
(3046017)

Important 
Information Disclosure

Important

Unsafe Command Line Parameter Passing Vulnerability - CVE-2015-2423

An information disclosure vulnerability exists in Microsoft Windows, Internet Explorer, and Microsoft Office when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM).

To exploit this vulnerability, an attacker would first need to leverage another vulnerability and execute code in Internet Explorer with EPM, and then execute Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter. The update addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer.

This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2015-2423. When this bulletin was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

The following workarounds may be helpful in your situation:

  • Remove notepad.exe from Internet Explorer elevation policy

    Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

    1. Run regedit.exe.
    2. In Registry Editor, expand the following registry key:
      "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy"
      
    3. Select {dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}, click File, and then click Export.
    4. In the Export Registry File dialog, enter notepad.exe_backup.reg, and then click Save.
    5. Click File, select Delete, and then click Yes.
    6. Log off and log on again, or restart the computer.

     

    Impact of workaround: Internet Explorer will be disallowed from executing Notepad with elevated privileges.

    How to undo the workaround.

    1. Run regedit.exe.
    2. In Registry Editor, click File, and then click Import.
    3. In the Import Registry File dialog, select the backup file that you created in the initial procedure, notepad.exe_backup.reg, and then click Open.
    4. Log off and log on again, or restart the computer.

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

  • V1.0 (August 11, 2015): Bulletin published.

Page generated 2015-08-12 7:56Z-07:00.
Show: