Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.

Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.

Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link; an attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.

Severity Rating: Critical
Revision Note: V1.0 (July 20, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

Revision Note: V1.0 (July 14, 2015):
Summary: Microsoft is announcing the availability of an update to harden scenarios in which Data Encryption Standard (DES) encryption keys are used with accounts. Microsoft disabled DES by default starting in Windows 7 and Windows Server 2008 R2. However, this update provides enhanced user protection in environments where DES is still enabled for application compatibility reasons. The improvement is part of ongoing efforts to bolster the effectiveness of encryption in Windows.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run. Once the other vulnerability has been exploited, an attacker could then exploit the vulnerabilities addressed in this bulletin to cause arbitrary code to run at a medium integrity level.

Severity Rating: Critical
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Windows Hyper-V. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An an attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.