The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.Use this table to learn about the likelihood of code execution and denial of service exploits within 30 days of security bulletin release, for each of the security updates that you may need to install. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month’s updates. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.In the columns below, “Latest Software Release” refers to the subject software, and “Older Software Releases” refers to all older, supported releases of the subject software, as listed in the “Affected Software” and “Non-Affected Software” tables in the bulletin.
Bulletin ID

Vulnerability Title

CVE ID

Exploitability Assessment forLatest Software Release

Exploitability Assessment forOlder Software Release

Denial of ServiceExploitability Assessment

MS15-094

Information Disclosure Vulnerability

CVE-2015-2483

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not Applicable

MS15-094

Tampering Vulnerability

CVE-2015-2484

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2485

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2486

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2487

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Elevation of Privilege Vulnerability

CVE-2015-2489

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2490

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2491

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2492

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Scripting Engine Memory Corruption Vulnerability

CVE-2015-2493

4 – Not Affected

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2494

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Information Disclosure Vulnerability

CVE-2015-2496

0 – Exploitation Detected

0 – Exploitation Detected

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2498

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2499

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2500

4 – Not Affected

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2501

4 – Not Affected

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2541

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-094

Memory Corruption Vulnerability

CVE-2015-2542

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-095

Memory Corruption Vulnerability

CVE-2015-2485

1 – Exploitation More Likely

4 – Not Affected

Not Applicable

MS15-095

Memory Corruption Vulnerability

CVE-2015-2486

1 – Exploitation More Likely

4 – Not Affected

Not Applicable

MS15-095

Memory Corruption Vulnerability

CVE-2015-2494

1 – Exploitation More Likely

4 – Not Affected

Not Applicable

MS15-095

Memory Corruption Vulnerability

CVE-2015-2542

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-096

Active Directory Denial of Service Vulnerability

CVE-2015-2535

4 – Not Affected

3 – Exploitation Unlikely

Permanent

MS15-097

OpenType Font Parsing Vulnerability

CVE-2015-2506

1 – Exploitation More Likely

1 – Exploitation More Likely

Permanent

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2507

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2508

2 – Exploitation Less Likely

4 – Not Affected

Temporary

MS15-097

Graphics Component Buffer Overflow Vulnerability

CVE-2015-2510

2 – Exploitation Less Likely

1 – Exploitation More Likely

Not Applicable

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2511

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2512

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2517

1 – Exploitation More Likely

1 – Exploitation More Likely

Permanent

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2518

1 – Exploitation More Likely

1 – Exploitation More Likely

Permanent

MS15-097

Win32k Elevation of Privilege Vulnerability

CVE-2015-2527

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-097

Kernel ASLR Bypass Vulnerability

CVE-2015-2529

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not Applicable

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2546

1 – Exploitation More Likely

0 – Exploitation Detected

Not Applicable

MS15-098

Windows Journal RCE Vulnerability

CVE-2015-2513

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-098

Windows Journal DoS Vulnerability

CVE-2015-2514

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-098

Windows Journal DoS Vulnerability

CVE-2015-2516

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-098

Windows Journal Integer Overflow RCE Vulnerability

CVE-2015-2519

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-098

Windows Journal RCE Vulnerability

CVE-2015-2530

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-099

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2520

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-099

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2521

4 – Not Affected

1 – Exploitation More Likely

Not Applicable

MS15-099

Microsoft SharePoint XSS Spoofing Vulnerability

CVE-2015-2522

3 – Exploitation Unlikely

4 – Not Affected

Not Applicable

MS15-099

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2523

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-099

Microsoft Office Malformed EPS File Vulnerability

CVE-2015-2545

1 – Exploitation More Likely

0 – Exploitation Detected

Not Applicable

MS15-100

Windows Media Center RCE Vulnerability

CVE-2015-2509

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not Applicable

MS15-101

.NET Elevation of Privilege Vulnerability

CVE-2015-2504

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not Applicable

MS15-101

MVC Denial of Service Vulnerability

CVE-2015-2526

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Temporary

MS15-102

Windows Task Management Elevation of Privilege Vulnerability

CVE-2015-2524

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-102

Windows Task File Deletion Elevation of Privilege Vulnerability

CVE-2015-2525

4 – Not Affected

1 – Exploitation More Likely

Not Applicable

MS15-102

Windows Task Management Elevation of Privilege Vulnerability

CVE-2015-2528

1 – Exploitation More Likely

1 – Exploitation More Likely

Not Applicable

MS15-103

Exchange Information Disclosure Vulnerability

CVE-2015-2505

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-103

Exchange Spoofing Vulnerability

CVE-2015-2543

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-103

Exchange Spoofing Vulnerability

CVE-2015-2544

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-104

Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability

CVE-2015-2531

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-104

Lync Server XSS Information Disclosure Vulnerability

CVE-2015-2532

4 – Not Affected

3 – Exploitation Unlikely

Not Applicable

MS15-104

Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability

CVE-2015-2536

3 – Exploitation Unlikely

3 – Exploitation Unlikely

Not Applicable

MS15-105

Hyper-V Security Feature Bypass Vulnerability

CVE-2015-2534

2 – Exploitation Less Likely

2 – Exploitation Less Likely

Not Applicable

Leave a Reply