Tuesday, April 14, 2015

Microsoft Security Bulletin Release for April, 2015


Microsoft released fourteen (11) bulletins.  Four (4) bulletins are identified as Critical and the remaining seven (7) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Server Software, Productivity Software and .NET Framework.  Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

For those who have had issues with .NET Framework updates, it is suggested that MS-041 be installed separately with a shut/down restart between other updates.

As part of the Internet Explorer update released today, SSL 3.0 has been disabled by default in Internet Explorer 11.



Critical:
  • MS15-032 Cumulative Security Update for Internet Explorer (3038314) 
  • MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) 
  • MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) 
  • MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
Important:
  • MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
  • MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) 
  • MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) 
  • MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) 
  • MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) 
  • MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
  • MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)

Additional Update Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

    The updated version includes the Win32/Saluchtra, Win32/Dexter, Win32/Unskal and Win32/IeEnablerCby malware families.  Additional details ave available in the MMPC blog post.

  • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

  • Windows 8.x -- Non-security new features and improvements for Windows 8.1 are now included with the second Tuesday of the month updates.  Additional information about this change is available here.

  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...







    4 comments:

    Anonymous said...

    Have there been any reports of having to reinstall three updates numerous times? I have three updates that reappear after a few days. They do not seem to be recognized as haveing been downloaded.

    Security Update for Windows 7 for x64-based Systems (KB3004375)

    Security Update for Windows 7 for x64-based Systems (KB3031432)

    Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3021952)

    All three show as being updated successfully but continue to show up as needing to be updated.

    Corrine said...

    My apology for the delay in responding. I missed that you had posted a comment.

    Although update history shows installed, click Status to sort by status and then look for any updates that have a status of "Failed." Right-click an update that has a status of "Failed," and then select View Details. Is there an error code displayed for that update?

    Anonymous said...

    Hi,

    The updates have all been installed 10 or more times successfully with no failures or error codes. The updates reappeared this morning and I had to reinstall them again this morning.

    I'm thinking it may have something to do with how these updates are registered. Perhaps my IOLO System Mechanic system cleaner is deleting the registry of these three updates.

    I'm considering hiding these updates but am not sure if the reinstalls are actually necessary.

    Thanks.

    Corrine said...

    It seems that you've figured out the answer to the problem yourself. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. I do NOT recommend the use of registry cleaners. They do more harm than good.