Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published
Summary: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Revision Note: V1.0 (July 14, 2015): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for July 2015.

Severity Rating: Critical
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Advisory published
Summary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malicious Software Removal Tool (MSRT) is available that addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Revision Note: V1.0 (July 14, 2015):
Summary: Microsoft is announcing the availability of an update to harden scenarios in which Data Encryption Standard (DES) encryption keys are used with accounts. Microsoft disabled DES by default starting in Windows 7 and Windows Server 2008 R2. However, this update provides enhanced user protection in environments where DES is still enabled for application compatibility reasons. The improvement is part of ongoing efforts to bolster the effectiveness of encryption in Windows.