April 2015 Patch Recommendations

Virtual Administrator’s April 2015 Patch Recommendations

11 Security Bulletins were released – 4 Critical, 7 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of 11 Security Bulletins and are releasing all of them.
We have seen problems with KB2889923, KB2990214 and KB3013769 and have denied them in all patch polices – see details below.

Install MS15-034 NOW on anything that is publicly facing and is a web server! This is a very nasty vulnerability and an easy one to exploit.
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
https://isc.sans.edu/diary/MS15-034%3A+HTTP.sys+(IIS)+DoS+And+Possible+Remote+Code+Execution.+PATCH+NOW/19583

MS15-032, MS15-033and MS15-035 are also rated Critical.
After your next patch cycle completes you should follow up and make sure these are installed.

No out-of-band updates were released during the last month.

Denied updates

KB2889923 Update (Optional – Software)
Outlook 2010 freezes, and then crashes when it runs together with Lync 2013
https://support.microsoft.com/en-us/kb/3040488

KB2990214 Update (Optional – Software)
Update that enables you to upgrade from Windows 7 to a later version of Windows
https://support.microsoft.com/en-us/kb/2990214
SSRS Breaks After KB2990214 Applied to Windows Server 2008 R2
http://windowsitpro.com/patch-tuesday/patch-tuesday-fallout-ssrs-breaks-after-kb2990214-applied-windows-server-2008-r2

KB3013769 Update (Optional – Software) Re-released
December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
https://support.microsoft.com/en-us/kb/3013769
Many people using Kaspersky Antivirus report that installing the patch triggers a blue screen: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (kl1.sys).
http://news.softpedia.com/news/KB3013769-Botched-Update-Causes-BSOD-on-Windows-PCs-Running-Kaspersky-Software-478451.shtml

Notable:Support for Microsoft Office 2013 RTM and Exchange 2013 RTM Expires
Support for Microsoft Office 2013 RTM has ended. Starting with the April 2015 release, all Office 2013 updates will only apply if Office 2013 SP1 is installed.
http://blogs.technet.com/b/office_sustained_engineering/archive/2015/04/14/april-2015-office-update-release.aspx

At this time Exchange 2013 RTM, CU1. CU2 and CU3 are no longer supported. Customers should be on a recent Exchange 2013 build. Exchange 2013 CU4 is also known as SP1.
http://blogs.technet.com/b/rmilne/archive/2015/04/14/end-of-exchange-2013-rtm-support.aspx

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS15-032 Cumulative Security Update for Internet Explorer (3038314) (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.
Details
MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) (Microsoft Windows) The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file.
Details

IMPORTANT

MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044) (Productivity Software) The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server.
Details
MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) (Microsoft Windows) An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account.
Details
MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) (Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) (Microsoft Windows) The vulnerability could allow security feature bypass if a user clicks a specially crafted link.
Details
MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) (Microsoft Windows) The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off.
Details
MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) (.Net Framework) The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled.
Details
MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) (Microsoft Windows) The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session.
Details

Leave a reply

Copyright © 2007-2017 Network Depot LLC DBA Virtual Administrator. All Rights Reserved.