13 Security Bulletins were released – 3 Critical, 10 Important, and 0 Moderate
This Month In Brief
KB3020369 was not originally mentioned in our May Patch Blog but has since been identified as the source of the “Restart stuck on ‘Stage 3 of 3’” issue – (https://support.microsoft.com/en-us/kb/3020369) When our blog was posted we warned that no one was sure which patch (or combination of patches) was causing the problem but KB3020370, KB3045645, KB3020269 and KB3013531 had been implicated. Unfortunately an article written by Woody Leonhard erroneously identified KB3020369 as KB3020269 and this error was replicated on a number of different sources.
Summary: KB3022345 and KB3020369 are currently denied in our patch policies and all other previously denied patches (KB3046002, KB3020370, KB3045645, KB3020269 and KB3013531) have been approved.
Denied Security Updates
MS15-045/KB3046002 This will likely be released next Friday (5/22) after further review – See below
Denied Non-Security Updates
KB3022345, KB3020370, KB3045645, KB3020369, KB3013531
MS15-043, MS15-044 and MS15-045 are rated Critical. After your next patch cycle completes you should follow up and make sure MS15-043 and MS15-044 installed. MS15-045 please see instructions below.
No out-of-band updates were released during the last month.
Details about denied patches/updates
MS15-045/KB3046002, KB3020370, KB3045645, KB3020369, KB3013531
There have numerous reports of machines getting stuck on “Stage 3 of 3. Preparing to configure Windows. Do not turn off your computer” during the post patch reboot. The solution is to turn off your computer or use Ctrl-Alt-Del which should bring you to a login screen.
At this time no one is certain which patch or combination of patches is causing this. Although reports initially blamed KB3046002, those reports now appear to be inaccurate (http://www.infoworld.com/article/2922398/microsoft-windows/microsoft-latest-patches-leave-pcs-hanging-in-stage-3-of-3.html). At this time the most likely culprits are KB3020370, KB3045645, KB3020369 and KB3013531. These are all classified as Optional Update and we have denied all of them.
Temporary Deny for MS15-045/KB3046002. This is rated a Critical High Priority Security update so the threshold for denial is much higher. Although the stuck on “Stage 3 of 3” issues does not appear to be caused by KB3046002 we have seen reports that it can fail to install on some systems and needs to be installed separately. Under normal circumstances we would likely not deny this critical patch. Although it might fail after the initial round of patching it would likely be installed successfully during the second round – as it would be the only remaining missing patch. However because at this time no one is certain what exactly is causing the stuck on “Stage 3 of 3” issue we will deny KB3046002 now but plan to release it next Friday unless we find a compelling reason to keep it denied.
MS15-045 is a vulnerability in Windows Journal. In general, less than one quarter of all machines are affected. If you do not want to wait until next Friday to deploy this patch you can push it out manually. See: https://virtualadministrator.com/?p=5080
Users with all sorts of Windows configurations report that Tuesday’s crop of patches hang PCs during reboot
Microsoft Reportedly Pulls Updates Causing PCs to Get Stuck on “Configuring Windows Updates”
KB3022345 – Update to enable the Diagnostics Tracking Service in Windows
Diagnostic Tracking Service patch KB 3022345 appears to be corrupting Windows files
Heads Up to Catia and Enovia D CAD programs users!
MS15-055/KB3061518 – Has been approved. If you run into issues “preventing Catia and Enovia (both 3D CAD programs from Dassault Systèmes) from pulling licenses from the license server. Removing KB 3061518 fixes the problem.”
Windows Schannel patch KB 3061518 causes problems with DSLS Catia, Enovia
- Publically disclosed: MS15-045, MS15-051
- Being exploited: None
- Rated CRITICAL: MS15-043, MS15-044, MS15-045
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
New Security Bulletins
|MS15-043 Cumulative Security Update for Internet Explorer (3049563)||(Internet Explorer) The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS15-044 Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)||(Microsoft Windows, .NET Framework, Office, Lync, Silverlight) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
|MS15-045 Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)||(Microsoft Windows) The vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file.
|MS15-046 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)||(Microsoft Office) The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.
|MS15-047 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)||(Microsoft Sharepoint Server) The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server.
|MS15-048 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)||(Microsoft Windows, .NET Framework) The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application.
|MS15-049 Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)||(Silverlight) The vulnerability could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system.
|MS15-050 Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)||(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker first logs on to the system and then runs a specially crafted application designed to increase privileges.
|MS15-051 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)||(Microsoft Windows) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on locally and runs arbitrary code in kernel mode.
|MS15-052 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)||(Microsoft Windows) The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application.
|MS15-053 Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263)||(Microsoft Windows) An attacker could use one of these ASLR bypasses in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.
|MS15-054 Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)||(Microsoft Windows) The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to open a share containing a specially crafted .msc file.
|MS15-055 Vulnerability in Schannel Could Allow Information Disclosure||The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DHE) key length of 512 bits in an encrypted TLS session.