Microsoft Patch Tuesday – May 2015

[steven36]

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journal. The remaining ten bulletins are marked as Important and address vulnerabilities in Microsoft Office, Sharepoint, .NET, Silverlight, Service Control Manager, Windows Kernel, VBScript/JScript, Microsoft Management Console, and Secure Channel.

Bulletins Rated Critical
MS15-043, MS15-044, and MS15-045 are rated Critical.

MS15-043 is this month’s Internet Explorer security bulletin with vulnerabilities in versions 6 through 11 being addressed. This month, 22 CVE were addressed the majority of those were memory corruption vulnerabilities that could result in remote code execution. There were also several ASLR bypass, elevation of privilege, and information disclosure vulnerabilities that were addressed this month.

MS15-044 addresses two CVE related to TrueType and OpenType Font parsing in various Microsoft applications including the core operating system and Microsoft Office, Microsoft Lync, and Microsoft Silverlight. Please review the specific bulletin for all OS/Application versions that are affected. The more severe of the two vulnerabilities (CVE-2015-1671) affects TrueType Font parsing and could result in remote code execution. This vulnerability could be exploited by forcing the user to view a specially crafted document or webpage that contains embedded TrueType fonts. The other vulnerability (CVE-2015-1670) affects OpenType Font parsing which could result in information disclosure.

MS15-045 addresses six CVE related to Windows Journal affecting multiple versions of Microsoft Windows. An attacker could exploit these vulnerabilities by having a user open a specially crafted Microsoft Journal File (*.int) which could result in remote code execution. Two of the vulnerabilities (CVE-2015-1675 & CVE-2015-1695) were publicly disclosed but have not yet been seen being exploited.

Bulletins Rated as Important
MS15-046, MS15-047, MS15-048, MS15-049, MS15-050, MS15-051, MS15-052, MS15-053, MS15-054, and MS15-055 are rated as Important.

MS15-046 addresses two CVE related to Microsoft Office. Both vulnerabilities (CVE-2015-1682 & CVE-2015-1683) are memory corruption vulnerabilities that could result in remote code execution if a user opens a specially crafted Microsoft Office document.

MS15-047 addresses a single vulnerability (CVE-2015-1700) in Microsoft SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1. This vulnerability allows an authenticated user to potentially execute remote code by sending a specially crafted content to a Microsoft SharePoint Server.

MS15-048 addresses two vulnerabilities in .NET Framework affecting multiple versions on all currently supported Microsoft operating systems. The first vulnerability, CVE-2015-1672 is a Denial of Service vulnerability related to the decryption of XML documents within the .NET Framework and can be exploited by sending specially crafted XML data to a vulnerable server hosting a .NET application. The second vulnerability, CVE-2015-1673, is a privilege escalation vulnerability in the Windows Forms libraries for .NET Framework caused by improper handling of objects in memory. In order for this vulnerability to be exploited, an attacker could use social engineering to convince a user into install a maliciously crafted partial trust application.

MS15-049 addresses a single vulnerability (CVE-2015-1715) in Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime. This privilege escalation vulnerability allows a user to run a low integrity level application at medium or high integrity. In order to exploit this vulnerability, an attacker would need to convince a user to execute a maliciously crafted Silverlight executable. Once the vulnerability has been exploited, an attacker would then have the ability to execute arbitrary code with an elevated privilege level.

MS15-050 addresses a single vulnerability (CVE-2015-1702) in Service Control Manager affecting multiple different versions of Microsoft Windows. This vulnerability could allow a user that is logged in to execute a program to escalate privileges due to improper verification of impersonation levels in the Service Control Manager. Exploitation of this vulnerability would require an attacker to execute a maliciously crafted application that is designed to elevate privileges while logged into the system.

MS15-051 addresses six vulnerabilities associated with Windows Kernel-Mode Drivers affecting multiple different Microsoft Windows versions. The majority are information disclosure vulnerabilities that could leak private address information. The remaining vulnerability, CVE-2015-1701, is a privilege escalation vulnerability resulting from improper handling of objects in memory which could result in arbitrary code execution in kernel mode.

MS15-052 addresses a single vulnerability, CVE-2015-1674, in Windows Kernel affecting multiple versions of Microsoft Windows including Windows 8 & 8.1, Windows Server 2012 & 2012 R2, and Windows RT & RT 8.1. This particular vulnerability is a security feature bypass related to the Windows kernel failing to properly validate from which mode the request originates.

MS15-053 addresses two vulnerabilities in JScript and VBScript in multiple versions of Microsoft Windows potentially allowing Security Feature Bypass. The first vulnerability,
CVE-2015-1684, affects only VBScript. The remaining vulnerability affects both VBScript and JScript. Both vulnerabilities, when rendered in Internet Explorer, remove Address Space Layer Randomization (ASLR) allowing an attacker to more accurately predict the memory offsets to specific functions.

MS15-054 addresses a single vulnerability, CVE-2015-1681, in Microsoft Management Console (MMC) affecting Microsoft Windows Vista and newer operating systems. This vulnerability allows an unauthenticated attacker to create a Denial of Service condition by getting a user to open a share containing a specially crafted .msc file.

MS15-055 addresses a single vulnerability, CVE-2015-1716, in Secure Channel affecting multiple versions of Microsoft Windows. This vulnerability could result in information disclosure if an attacker is able to reduce the Diffie-Hellman ephemeral key length to 512 bytes in an encrypted TLS session. Reducing the key length to 512 bytes makes the key exchanges weak and vulnerable to multiple different attacks.

Coverage
In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Defense Center, FireSIGHT Management Center or Snort.org.
Snort SIDs: 34379-34384, 34391-34392, 34405-34412, 34415, 34417-34425, 34430-34433, 34436-34437, 34444-34445


Source and more info at Microsoft here Microsoft Security Bulletin Summary for May 2015

[manju]

the news says 13 bulletins, my girlfriend's got 29 updates (more or less 300MB to download for Win 7 x86)...

i got 30 updates (win 7 x64), with nearly 1.3GB :wtf:

[steven36]

the news says 13 bulletins, my girlfriend's got 29 updates (more or less 300MB to download for Win 7 x86)...

i got 30 updates (win 7 x64), with nearly 1.3GB :wtf:

here on windows 8.1 it was a lot of updates as well but were only 100 and some megabytes . Some stuff they be updating don't have nothing to do with security . Like this usage tracker the sneak on windows update

​

more info

http://www.infoworld.com/article/2919142/operating-systems/windows-patch-kb-3022345-re-re-released-third-version-of-usage-tracker-in-two-weeks.html

nothing but more spyware :(

[Pete 12]

"clicking on info link no longer opens the knowledgebase article in default browser"

This does not work anymore in Win7 also !! So you dont know WHAT THE UPDATE DOES ,coz the info is not available anymore !!!

After offering updates and clicking on information about the update the site does not open !

What are they doing for the f*** with Win7 ????

[steven36]

​What you talking about Pete ? looks like the board trolls are in full force today marking down my everyone they have a grudge against post . :lol:

​You see it all time even if a post is deemed poplar really looks childish .

​

[manju]

some of the bigger updates where related to office, skype....

[banned]

"clicking on info link no longer opens the knowledgebase article in default browser"

This does not work anymore in Win7 also !! So you dont know WHAT THE UPDATE DOES ,coz the info is not available anymore !!!

I had a problem in Win7/8 a couple of months ago. The knowledgebase articles weren't yet updated on support.microsoft.com, so tried replacing support2.microsoft.com in the address bar and it helped.

[Ballistic Gelatin]

Slightly OT, I updated my installation of Office 2013 Professional today (Click-to-Run) via its native updater. Yet the KB article for v15.0.4719.1002 (May 2015 update) wasn't yet available.

[steven36]

Here for like 3 months every since flash had to patch all those exploits Flash is never available for IE anymore on patch Tuesday in win 8 or 8.1 . Why do they even have it were we cant install normal if there not going update it right?

[TMROKS]

These updates screwed my system up! First was that a lot of updates failed, most of the office updates and the 2 dot net updates.

I tried to uninstall the office updates that did succeed to see if that was the problem and they kept reappearing so then I used jv16 to remove them, then I thought I would try to uninstall my office and I got error 1719, which means my windows installer got corrupted! So I used my office hack prog to uninstall office and used jv16 again to clean out the registry entries.

I used the dot net cleanup utility to get rid of the dot net progs. I now can't reinstall dot net 4.0 and my win installer is still fried! I tried all the recommended fixes for win installer to no avail!

I did scanreg and still no luck. Now I have to do a repair upgrade of win 7!

I wonder if this update screw up has anything to do with the updates I chose not to install, they are as follows;

Update for Windows 7 for x64-based Systems (KB2952664)
Update type: Recommended

Update for Windows 7 for x64-based Systems (KB2990214)
Update type: Important

Update for Windows 7 for x64-based Systems (KB3021917)
Update type: Recommended

Update for Windows 7 for x64-based Systems (KB3022345)
Update type: Recommended

Update for Windows 7 for x64-based Systems (KB3035583)
Update type: Recommended

Update for Windows 7 for x64-based Systems (KB971033)
Update type: Important

[FJMcNasty]

For all their pretence at trying to put things right with W10, and listening to users, M$ are as full of sewage and lies as they ever were.

I really tried very hard to find the W7 version of KB3022345 yesterday. The W8 version is easily found, but not W7. When I can't find a downloadable update for manual installation it goes straight into the sin bin of hidden updates. At the moment there are 3 in there:

KB2952664 - Tagged as W10 adware by many online

KB3022345

KB3035583 - Tagged as W10 adware by many online

I reckon you made the wise decision, TMROKS.

[steven36]

I wonder if this update screw up has anything to do with the updates I chose not to install, they are as follows;

Could be why updates failed or maybe not . I had them fail before on a clean image of windows 8 before some months back and after i got the required offline installers updates to upgrade to 8.1 thorough the windows store updates went smooth for it. Ive had very little trouble with updates windows 8.1 but cant say the same about windows 8. I was just trying to do all my updates online before upgrading to 8.1 and didn't go so well that time had find the 3 offline installers needed. Sometimes it can be another program on your pc such as and antivirus that can foul up updates , system restore etc as well . only way to tell would be to restore or reformat and install the missing updates and see if you still get errors . I know to update to windows 8.1 you need certain updates to do it so chances are high if you don't install certain updates.. so updates in general could fail . Me myself i just block most of that spy stuff Microsoft does with my firewall . ^_^