Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft Patches Hacking Team Zero-Days, Other Vulnerabilities

Microsoft has released a total of 14 bulletins as part of the company’s July 2015 security updates. The updates address vulnerabilities in Windows, Office, SQL Server and Internet Explorer, including two zero-day bugs identified by researchers while analyzing the recent Hacking Team leak.

Microsoft has released a total of 14 bulletins as part of the company’s July 2015 security updates. The updates address vulnerabilities in Windows, Office, SQL Server and Internet Explorer, including two zero-day bugs identified by researchers while analyzing the recent Hacking Team leak.

Vulnerabilities found during analysis of Hacking Team leak

One of the zero-day vulnerabilities is a Jscript9 memory corruption vulnerability (CVE-2015-2419) identified by researchers at Vectra Networks. The flaw affects Internet Explorer 11 and it can be exploited to gain complete control of a vulnerable system.

Vectra Networks representatives told SecurityWeek that the flaw does not require chaining with other vulnerabilities, but it’s not easy to exploit.

“It is fairly difficult to exploit in a meaningful way without crashing IE,” said Wade Williamson, Director of Product Marketing at Vectra Networks. “It is definitely doable, but requires some skill.”

Microsoft says it’s aware of limited, targeted attacks that attempt to exploit this vulnerability.

The exploit code for this vulnerability was not developed by Hacking Team. Instead, Vectra researchers discovered the bug after finding an email in which an external researcher offered to sell the exploit to Hacking Team. The Italy-based spyware maker, whose systems were recently breached, had not acquired the exploit, but the leaked emails contained enough information to allow Vectra to find and analyze the bug.

“After approaching Hacking Team, the researcher may have gone elsewhere to sell the bug, and if successful it may have been exploited in the wild,” Vectra noted.

Another vulnerability related to the Hacking Team breach is a memory corruption flaw (CVE-2015-2387) in the Adobe Type Manager Font Driver (ATMFD.DLL). The bug, whose existence was brought to light by Trend Micro shortly after the Hacking Team breach was revealed, can be exploited to take complete control of vulnerable systems.

Microsoft says this vulnerability has also been exploited in limited, targeted attacks.

These are not the only vulnerabilities found by experts who analyzed the Hacking Team leak. So far, researchers have uncovered three zero-day bugs in Flash Player, all of which have been patched by Adobe.

Security holes in Internet Explorer, Windows, Office and SQL Server

One of the most serious vulnerabilities patched by Microsoft with the July 2015 bulletins is a remote code execution bug (CVE-2015-2373) affecting the Remote Desktop Protocol (RDP).

“CVE-2015-2373 is the first code execution bug in RDP I can remember since 2012. This is very high impact because many businesses rely on remote desktop protocol and many advanced home users configure remote access for RDP into their home,” Tripwire researcher Craig Young told SecurityWeek. “This should definitely be on the top of everyone’s install list. Although Microsoft describes that code execution is tricky, there are a lot of smart people out there and I’m sure it won’t be long before proof-of-concept code starts floating around.”

Another important security update addresses two vulnerabilities in the Windows Hyper-V hypervisor that can be exploited for remote code execution. The bugs are a buffer overflow (CVE-2015-2361) and an uninitialized memory issue (CVE-2015-2362).

“The Hyper-V vulnerability could be especially painful in shared hosting environments given that privileged users on guest operating systems can run code on the host operating system, potentially compromising the security of all shared hosting,” Tyler Reguly, manager of security research at Tripwire, told SecurityWeek.

Microsoft also released a patch for a remote code execution bug in SQL Server. The patch should have been released last month.

“This issue will be particularly critical for database hosting providers allowing users access to create and manipulate database schema in a shared environment. Successful exploitation of this flaw would allow the attacker complete access to the SQL Server by leveraging a very specific edge case,” Young explained.

Microsoft has also resolved various Internet Explorer vulnerabilities, remote code execution bugs in Office, and privilege escalation issues in Netlogon, the Windows graphics component, the Windows kernel-mode driver, and the Windows installer.

Microsoft Security Essentials no longer available for Windows XP

Starting today, Microsoft Security Essentials is no longer available for Windows XP, an operating system for which support ended on April 2014. Despite reaching end of life, Windows XP still has a market share of roughly 12 percent.

“By making these antimalware tools obsolete for lack of support and updates, Windows XP users will become more susceptible to persistent malware attacks,” Heimdal Security explained in a blog post. “Starting today, Windows XP systems won’t be provided with updates antimalware signatures that are used to find and remove known malware families.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet