Virtual Administrator’s August 2015 Patch Recommendations

14 Security Bulletins were released – 4 Critical, 10 Important, and 0 Moderate

This Month In Brief

14 Security Bulletins were released – 4 Critical, 10 Important

We have not uncovered any widespread problems with any of 14 Security Bulletins and are releasing all of them.
We have seen problems with KB3087916 and KB3081424 have denied it in all patch polices – see details below.

MS15-079, MS15-080, MS15-081 and MS15-091 are rated Critical.
After your next patch cycle completes you should follow up and make sure these are installed.

Out-of-band security updates
Microsoft Security Bulletin MS15-078 was released on July 20 and it was approved in Kaseya the same day.
MS15-078: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
https://technet.microsoft.com/library/security/MS15-078

Denied Updates

KB3087916 – Security update for Flash player
https://support.microsoft.com/en-us/kb/3087916
We are denying this until Microsoft releases a revised update.
“Microsoft has accidentally updated the embedded flash player in Internet Explorer 11 to use the debugger version instead of the ‘normal’ version.”
And causes “alert boxes pop up on some but not all sites that use flash and warn about action script and other flash features.”
See: http://myonlinesecurity.co.uk/flash-player-alerts-or-warnings-when-using-internet-explorer-11-on-windows-88-1-and-windows-10/

KB3081424 – Cumulative Update for Windows 10: August 5, 2015
“Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes. If you have previous updates installed, only the new fixes that are contained in this package will be downloaded and installed to your computer.”

On August 5th Microsoft release KB3081424 – a cumulative update. KB3081424 was causing some machines to go into a reboot loop. On August 11th (Patch Tuesday) Microsoft released KB3081436. KB3081436 is a cumulative update and replaced/superseded KB3081424.

Cumulative update for Windows 10: August 11, 2015
https://support.microsoft.com/en-us/kb/3081436
There have reports of KB3081436 failing to install correctly.
Cumulative Update for Windows 10 (KB3081424) fails to install –
Microsoft Community:http://answers.microsoft.com/en-us/windows/forum/windows_10-update/cumulative-update-for-windows-10-kb3081424-fails/c7c1750a-63be-4b88-9a49-e18bfa8782de?auth=1

However no one has seen KB3081440 available?

There is a registry fix/hack that has been shown to fix this issue. If you are having trouble with KB3081424 or KB3081436 search for “KB3081424 fix” or “KB3081436 fix”. Because this is not sanctioned by Microsoft, and we not have tried it, we can’t recommend it.

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS15-079 Cumulative Security Update for Internet Explorer (3082442) (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB3078071
Affected Software: Internet Explorer 7-11
Known Issues per MS:
MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) (.NET Framework, Office, Lync, Silverlight) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.
Details
KB in Kaseya: KB3078601, KB3081436
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT, Office 2007/2010, Lync 2010, Silverlight 5, .NET 3.5 – 4.5.2
Known Issues per MS:
MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
KB in Kaseya: KB2553313, KB2596650, KB2598244, KB2687409, KB2837610, KB2965280, KB2965310, KB2986254, KB3039734, KB3039798, KB3054816, KB3054858, KB3054876, KB3054888, KB3054960, KB3054974, KB3054991, KB3054992, KB3055003, KB3055029, KB3055030, KB3055033, KB3055037, KB3055039, KB3055044, KB3055051, KB3055053, KB3055054, KB3055052, KB3081349, KB3082420
Affected Software: Office 2007/2010/2013/2013RT, 2011 for Mac
Known Issues per MS: https://support.microsoft.com/en-us/kb/3080790
MS15-091 Cumulative Security Update for Microsoft Edge (3084525) (Microsoft Edge) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
Details
KB in Kaseya: KB3081436
Affected Software: Microsoft Edge
Known Issues per MS:

IMPORTANT

MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution (3080348) (Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file.
Details
KB in Kaseya: KB3075220, KB3075221, KB3075222, KB3075222, KB3075226
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS: https://support.microsoft.com/en-us/kb/3080348
MS15-083 Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921) (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.
Details
KB in Kaseya: KB3073921
Affected Software: Vista, Server 2008
Known Issues per MS:
MS15-084 Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129) (Microsoft Office) The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0.
Details
KB in Kaseya: KB2825645, KB3076895
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT, Office 2007
Known Issues per MS:
MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system.
Details
KB in Kaseya: KB3071756, KB3081436
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158) (Microsoft Server Software) The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website.
Details
KB in Kaseya: KB3064919, KB3071088, KB3071089
Affected Software: Sys Center 2012/2012R2 Ops Mgr
Known Issues per MS:
MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) (Microsoft Server Software) The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter.
Details
KB in Kaseya: KB3073893, KB3087119
Affected Software: Server 2008
Known Issues per MS:
MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) (Microsoft Windows) To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure.
Details
KB in Kaseya: KB3046017, KB3079757, KB3081436
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-089 Vulnerability in WebDAV Could Allow Information Disclosure (3076949) (Microsoft Windows) The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.
Details
KB in Kaseya: KB3076949
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-090 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) (Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.
Details
KB in Kaseya: KB3060716
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) (.NET Framework) The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application.
Details
KB in Kaseya: KB3081436, KB3083184, KB3083185, KB3083186
Affected Software: Vista, Windows 7/8/8.1/10, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:

MODERATE