Virtual Administrator’s May 2015 Patch Recommendations

13 Security Bulletins were released – 3 Critical, 10 Important, and 0 Moderate

This Month In Brief

Denied Security Updates
MS15-045/KB3046002 This will likely be released next Friday (5/22) after further review – See below
Denied Non-Security Updates
KB3022345, KB3020370, KB3045645, KB3020369, KB3013531

MS15-043, MS15-044 and MS15-045 are rated Critical. After your next patch cycle completes you should follow up and make sure MS15-043 and MS15-044 installed. MS15-045 please see instructions below.
No out-of-band updates were released during the last month.

Details about denied patches/updates
MS15-045/KB3046002, KB3020370, KB3045645, KB3020369, KB3013531
There have numerous reports of machines getting stuck on “Stage 3 of 3. Preparing to configure Windows. Do not turn off your computer” during the post patch reboot. The solution is to turn off your computer or use Ctrl-Alt-Del which should bring you to a login screen.
At this time no one is certain which patch or combination of patches is causing this. Although reports initially blamed KB3046002, those reports now appear to be inaccurate (http://www.infoworld.com/article/2922398/microsoft-windows/microsoft-latest-patches-leave-pcs-hanging-in-stage-3-of-3.html). At this time the most likely culprits are KB3020370, KB3045645, KB3020369 and KB3013531. These are all classified as Optional Update and we have denied all of them.

Temporary Deny for MS15-045/KB3046002. This is rated a Critical High Priority Security update so the threshold for denial is much higher. Although the stuck on “Stage 3 of 3” issues does not appear to be caused by KB3046002 we have seen reports that it can fail to install on some systems and needs to be installed separately. Under normal circumstances we would likely not deny this critical patch. Although it might fail after the initial round of patching it would likely be installed successfully during the second round – as it would be the only remaining missing patch. However because at this time no one is certain what exactly is causing the stuck on “Stage 3 of 3” issue we will deny KB3046002 now but plan to release it next Friday unless we find a compelling reason to keep it denied.
MS15-045 is a vulnerability in Windows Journal. In general, less than one quarter of all machines are affected. If you do not want to wait until next Friday to deploy this patch you can push it out manually. See: https://virtualadministrator.com/?p=5080
Links:
Users with all sorts of Windows configurations report that Tuesday’s crop of patches hang PCs during reboot
http://www.infoworld.com/article/2922398/microsoft-windows/microsoft-latest-patches-leave-pcs-hanging-in-stage-3-of-3.html

Microsoft Reportedly Pulls Updates Causing PCs to Get Stuck on “Configuring Windows Updates”
http://news.softpedia.com/news/Microsoft-Reportedly-Pulls-Updates-Causing-PCs-to-Get-Stuck-on-Configuring-Windows-Updates-481262.shtml

KB3022345 – Update to enable the Diagnostics Tracking Service in Windows
https://support.microsoft.com/en-us/kb/3022345
Diagnostic Tracking Service patch KB 3022345 appears to be corrupting Windows files
http://www.infoworld.com/article/2922324/microsoft-windows/windows-usage-tracker-patch-kb-3022345-triggers-sys-file-corruption-which-sfc-is-unable-to-fix.html

Heads Up to Catia and Enovia D CAD programs users!
MS15-055/KB3061518 – Has been approved. If you run into issues “preventing Catia and Enovia (both 3D CAD programs from Dassault Systèmes) from pulling licenses from the license server. Removing KB 3061518 fixes the problem.”
Windows Schannel patch KB 3061518 causes problems with DSLS Catia, Enovia
http://www.infoworld.com/article/2922320/microsoft-windows/windows-schannel-patch-kb-3061518-causing-problems-with-dsls-catia-and-enovia.html

Exploitability

• Publically disclosed: MS15-045, MS15-051
• Being exploited: None
• Rated CRITICAL: MS15-043, MS15-044, MS15-045
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS15-043 Cumulative Security Update for Internet Explorer (3049563)	(Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB3049563 Affected Software: Internet Explorer 6-11 Known Issues per MS:
	MS15-044 Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)	(Microsoft Windows, .NET Framework, Office, Lync, Silverlight) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts. Details KB in Kaseya: KB2881073, KB2883029, KB3039779, KB3045171, KB3048068, KB3048070, KB3048071, KB3048072, KB3048073, KB3048073, KB3048074, KB3048077, KB3051464, KB3051465, KB3051466, KB3051467, KB3056819 Affected Software: Microsoft Windows, .NET Framework, Office, Lync, Silverlight Known Issues per MS:
	MS15-045 Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)	(Microsoft Windows) The vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Details KB in Kaseya: KB3046002 Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:

IMPORTANT

	MS15-046 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)	(Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Details KB in Kaseya: KB2956140, KB2956193, KB2956194, KB2956195, KB2965233, KB2965237, KB2965240, KB2965242, KB2965282, KB2965307, KB2965311, KB2975808, KB2986216, KB2999412, KB2999420, KB3017815, KB3023055, KB3039725, KB3039736, KB3039748, KB3062536 Affected Software: Office 2007/2010/2011 for Mac/2013 Known Issues per MS:
	MS15-047 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)	(Microsoft Sharepoint Server) The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. Details KB in Kaseya: KB2760412, KB2956192, KB3017815, KB3054792 Affected Software: SharePoint Server 2007/2010/2013 Known Issues per MS:
	MS15-048 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)	(Microsoft Windows, .NET Framework) The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application. Details KB in Kaseya: KB3023211, KB3023213, KB3023215, KB3023217, KB3023219, KB3023220, KB3023221, KB3023222, KB3023223, KB3023224, KB3032655, KB3032662, KB3032663, KB3035485, KB3035486, KB3035488, KB3035489, KB3035490 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT, .NET Framework Known Issues per MS:
	MS15-049 Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)	(Silverlight) The vulnerability could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system. Details KB in Kaseya: KB3056819 Affected Software: Silverlight 5 Known Issues per MS:
	MS15-050 Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker first logs on to the system and then runs a specially crafted application designed to increase privileges. Details KB in Kaseya: KB3055642 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-051 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)	(Microsoft Windows) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on locally and runs arbitrary code in kernel mode. Details KB in Kaseya: KB3045171 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-052 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)	(Microsoft Windows) The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application. Details KB in Kaseya: KB3050514 Affected Software: Windows 8/8.1, Server 2012/2012R2, Windows RT Known Issues per MS: https://support.microsoft.com/en-us/kb/3050514
	MS15-053 Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263)	(Microsoft Windows) An attacker could use one of these ASLR bypasses in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. Details KB in Kaseya: KB3050941, KB3050945, KB3050946 Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-054 Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)	(Microsoft Windows) The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to open a share containing a specially crafted .msc file. Details KB in Kaseya: KB3051768 Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-055 Vulnerability in Schannel Could Allow Information Disclosure	The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DHE) key length of 512 bits in an encrypted TLS session. Details KB in Kaseya: KB3061518 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:

MODERATE