11 Security Bulletins were released – 4 Critical, 7 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of 11 Security Bulletins and are releasing all of them.
We have seen problems with KB2889923, KB2990214 and KB3013769 and have denied them in all patch polices – see details below.
Install MS15-034 NOW on anything that is publicly facing and is a web server! This is a very nasty vulnerability and an easy one to exploit.
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
https://isc.sans.edu/diary/MS15-034%3A+HTTP.sys+(IIS)+DoS+And+Possible+Remote+Code+Execution.+PATCH+NOW/19583
MS15-032, MS15-033and MS15-035 are also rated Critical.
After your next patch cycle completes you should follow up and make sure these are installed.
No out-of-band updates were released during the last month.
Denied updates
KB2889923 Update (Optional – Software)
Outlook 2010 freezes, and then crashes when it runs together with Lync 2013
https://support.microsoft.com/en-us/kb/3040488
KB2990214 Update (Optional – Software)
Update that enables you to upgrade from Windows 7 to a later version of Windows
https://support.microsoft.com/en-us/kb/2990214
SSRS Breaks After KB2990214 Applied to Windows Server 2008 R2
http://windowsitpro.com/patch-tuesday/patch-tuesday-fallout-ssrs-breaks-after-kb2990214-applied-windows-server-2008-r2
KB3013769 Update (Optional – Software) Re-released
December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
https://support.microsoft.com/en-us/kb/3013769
Many people using Kaspersky Antivirus report that installing the patch triggers a blue screen: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (kl1.sys).
http://news.softpedia.com/news/KB3013769-Botched-Update-Causes-BSOD-on-Windows-PCs-Running-Kaspersky-Software-478451.shtml
Notable:Support for Microsoft Office 2013 RTM and Exchange 2013 RTM Expires
Support for Microsoft Office 2013 RTM has ended. Starting with the April 2015 release, all Office 2013 updates will only apply if Office 2013 SP1 is installed.
http://blogs.technet.com/b/office_sustained_engineering/archive/2015/04/14/april-2015-office-update-release.aspx
At this time Exchange 2013 RTM, CU1. CU2 and CU3 are no longer supported. Customers should be on a recent Exchange 2013 build. Exchange 2013 CU4 is also known as SP1.
http://blogs.technet.com/b/rmilne/archive/2015/04/14/end-of-exchange-2013-rtm-support.aspx
Exploitability
- Publically disclosed: None
- Being exploited: MS15-033
- Rated CRITICAL: MS15-032, MS15-033, MS15-034, MS15-035
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
Requires Restart
- Servers:True
- Workstations:True
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
 |
MS15-032 Cumulative Security Update for Internet Explorer (3038314) | (Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) | (Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. |
|
MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) | (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. |
|
MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) | (Microsoft Windows) The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. |
IMPORTANT
 |
MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044) | (Productivity Software) The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server. |
|
MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) | (Microsoft Windows) An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. |
|
MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) | (Microsoft Windows) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. |
|
MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) | (Microsoft Windows) The vulnerability could allow security feature bypass if a user clicks a specially crafted link. |
|
MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) | (Microsoft Windows) The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off. |
|
MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) | (.Net Framework) The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. |
|
MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) | (Microsoft Windows) The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. |
