Virtual Administrator’s June 2015 Patch ...

Virtual Administrator’s June 2015 Patch Recommendations

8 Security Bulletins were released – 2 Critical, 6 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS15-056 and MS15-057 are rated Critical. MS15-059 is rated Important but many feel it should have been rated Critical. This is a Microsoft Office vulnerability. After your next patch cycle completes you should follow up and make sure these are installed.

No out-of-band security updates were released during the last month.

Heads Up! on KB3050265 – Windows Update Client for Windows 7: June 2015
SaaS partners be sure to approve this patch. A problem with poor performance and failed patch scan results was traced to an issue with Windows Update Agent. Microsoft just released KB3050265 for this. It is listed in patch policy under “Update (Optional – Software)”. However because the patch scanning is affected we can’t be sure Kaseya (which leverages WUA) will properly deploy the patch on all end points. Therefore we created an agent procedure to deploy it. On-premise partners will find this in the VA Scripts> Patch Deployment Folder. SaaS partners can download this from our ClubMSP site.

Windows Update Client for Windows 7: June 2015
https://support.microsoft.com/en-us/kb/3050265

If you find problematic machines down the road use the script.
Patch scans results do not update to the UI. Error: hr=8007000E
https://helpdesk.kaseya.com/entries/94029877-Patch-scans-results-do-not-update-to-the-UI-Error-hr-8007000E

Mystery – You may notice there is no MS15-058 this month. Everyone’s best guess is Microsoft intended to release this but pulled back at the last minute. If this is the case we will likely get an out-of-band patch soon.

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS15-056 Cumulative Security Update for Internet Explorer (3058515) (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
MS15-057 Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890) (Microsoft Windows) The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website.
Details

IMPORTANT

MS15-059 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949) (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Details
MS15-060 Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317) (Microsoft Windows) The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.
Details
MS15-061 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839) (Microsoft Windows) The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
MS15-062 Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site.
Details
MS15-063 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share.
Details
MS15-064 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157) (Microsoft Exchange) The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage.
Details

Leave a reply

Copyright © 2007-2017 Network Depot LLC DBA Virtual Administrator. All Rights Reserved.