April 2015 Patch Tuesday Issues Updates to Microsoft Office

This month’s Patch Tuesday release appears moderately light compared with the previous month’s, with only 11 security bulletins with four rated ‘Critical’, while the rest are rated as ‘Important’. Microsoft addressed a total of 26 vulnerabilities this April.

The critical security updates issued by Microsoft all deal with remote code execution (RCE) vulnerabilities. One of the updates rated as ‘Critical’ is MS15-033 or Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) addresses flaws that could be exploited across several versions of Microsoft Office including Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010 Microsoft Word Viewer, Microsoft Office Compatibility Pack, etc.

A summary of our Patch Tuesday coverage for April 2015 is posted at our Threat Encyclopedia Page: April 2015 – Microsoft Releases 11 Security Advisories.

Users and system administrators are strongly advised to issue the appropriate patches for these system vulnerabilities. Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities following DPI rules:

• 1006609 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1652)
• 1006610 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1657)
• 1006611 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1659)
• 1006612 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1660)
• 1006613 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1661)
• 1006614 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1662)
• 1006615 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1665)
• 1006616 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1666)
• 1006617 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1667)
• 1006618 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-1668)
• 1006623 – Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)
• 1006625 – Microsoft Office Component Use After Free Vulnerability (CVE-2015-1649)
• 1006626 – Microsoft Office Component Use After Free Vulnerability (CVE-2015-1650)
• 1006627 – Microsoft Office Component Use After Free Vulnerability (CVE-2015-1651)
• 1006620 – Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635)
• 1006619 – Microsoft Windows EMF Processing Remote Code Execution Vulnerability (CVE-2015-1645)
• 1000552 – Generic Cross Site Scripting (XSS) Prevention
• 1006628 – MSXML Same Origin Policy Security Bypass Vulnerability (CVE-2015-1646)
• 1006629 – Microsoft Windows ASP.NET Information Disclosure Vulnerability (CVE-2015-1648)

Solution for “Re-Direct To SMB” Vulnerability

In addition to the DPI rules for this month’s Patch Tuesday, we are also issuing an update that addresses a newly-disclosed vulnerability that is said to affect 31 application from Adobe, Apple, Microsoft, among other software. More about this vulnerability known as the “Re-Direct To SMB” vulnerability can be found at this page: Vulnerability Note VU#672268 

Trend Micro Deep Security and Vulnerability Protection protect user systems from this vulnerability through the following DPI rule:

• 1006631 – Identified File Protocol Handler In HTTP Location Header