Microsoft releases a long list of updates to multiple technologies today with 14 Security Bulletins (MS15-058, MS15-065 – MS15-077) patching 58 vulnerabilities, and at least 47 of them reported through a a responsible disclosure channel.
Meanwhile, several are being used and detected ITW as a part of limited targeted attacks, like the Microsoft Office RCE cve-2015-2424, ATMFD.DLL EoP cve-2015-2387, and the Internet Explorer JScript9 RCE cve-2015-2419. Some were the result of breach leaks as well. A number of these have a very attractive offensive utility to defend against, so expect to see these exploits being used and re-used.
Leave a reply