| Bulletin ID: MS15-134 |
Title: Security Update for Windows Media Center to Address Remote Code Execution (3108669) |
Update Type: Security Update |
Severity: Important |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-6127 CVE-2015-6131 |
Included Updates: 3108669 |
Applies to: Windows 7 Windows 8 Windows 8.1 Windows Vista |
||
| Bulletin ID: MS15-133 |
Title: Security Update for Windows PGM to Address Elevation of Privilege (3116130) |
Update Type: Security Update |
Severity: Important |
Date: 2015-12-08 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed. Microsoft Message Queuing (MSMQ) must be installed and the Windows Pragmatic General Multicast (PGM) protocol specifically enabled for a system to be vulnerable. MSMQ is not present in default configurations and, if it is installed, the PGM protocol is available but disabled by default. | ||||
| Vulnerabilities: CVE-2015-6126 |
Included Updates: 2919355 3109103 3116130 3116869 3116900 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-132 |
Title: Security Update for Microsoft Windows to Address Remote Code Execution (3116162) |
Update Type: Security Update |
Severity: Important |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application. | ||||
| Vulnerabilities: CVE-2015-6128 CVE-2015-6132 CVE-2015-6133 |
Included Updates: 2919355 3108347 3108371 3108381 3116162 3116869 3116900 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-131 |
Title: Security Update for Microsoft Office to Address Remote Code Execution (3116111) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-6040 CVE-2015-6118 CVE-2015-6122 CVE-2015-6124 CVE-2015-6172 CVE-2015-6177 |
Included Updates: 3085528 3085549 3101532 3114342 3114382 3114403 3114415 3114422 3114425 3114431 3114433 3114457 3114458 3114479 3116111 3119517 3119518 |
Applies to: Maximum Security Impact by Affected Software Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software Vulnerability Severity Rating |
||
| Bulletin ID: MS15-130 |
Title: Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts. | ||||
| Vulnerabilities: CVE-2015-6130 |
Included Updates: 3108670 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows 7 Windows Server 2008 R2 |
||
| Bulletin ID: MS15-129 |
Title: Security Update for Silverlight to Address Remote Code Execution (3106614) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read- and write-access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements. | ||||
| Vulnerabilities: CVE-2015-6114 CVE-2015-6165 CVE-2015-6166 |
Included Updates: 3106614 |
Applies to: Software |
||
| Bulletin ID: MS15-128 |
Title: Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. | ||||
| Vulnerabilities: CVE-2015-6106 CVE-2015-6107 CVE-2015-6108 |
Included Updates: 2919355 3085612 3085616 3099860 3099862 3099863 3099864 3099866 3099869 3099874 3104503 3109094 3114351 3114372 3114478 3115870 3115871 3115872 3115873 3115875 3116869 3116900 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-127 |
Title: Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server. | ||||
| Vulnerabilities: CVE-2015-6125 |
Included Updates: 3100465 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-126 |
Title: Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website. | ||||
| Vulnerabilities: CVE-2015-6135 CVE-2015-6136 |
Included Updates: 2919355 3105578 3105579 3116178 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
||
| Bulletin ID: MS15-124 |
Title: Cumulative Security Update for Internet Explorer (3116180) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-12-08 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-6083 CVE-2015-6134 CVE-2015-6135 CVE-2015-6136 CVE-2015-6138 CVE-2015-6139 CVE-2015-6140 CVE-2015-6141 CVE-2015-6142 CVE-2015-6143 CVE-2015-6144 CVE-2015-6145 CVE-2015-6146 CVE-2015-6147 CVE-2015-6148 CVE-2015-6149 CVE-2015-6150 CVE-2015-6151 CVE-2015-6152 CVE-2015-6153 CVE-2015-6154 CVE-2015-6155 CVE-2015-6156 CVE-2015-6157 CVE-2015-6158 CVE-2015-6159 CVE-2015-6160 CVE-2015-6161 CVE-2015-6162 CVE-2015-6164 |
Included Updates: 3104002 3116180 3116869 3116900 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-111 |
Title: Security Update for Windows Kernel to Address Elevation of Privilege (3096447) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-17 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
| Vulnerabilities: CVE-2015-2549 CVE-2015-2550 CVE-2015-2552 CVE-2015-2553 CVE-2015-2554 |
Included Updates: 2919355 3088195 3096447 3097617 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-115 |
Title: Security Update for Microsoft Windows to Address Remote Code Execution (3105864) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-11-12 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts. | ||||
| Vulnerabilities: CVE-2015-6100 CVE-2015-6101 CVE-2015-6102 CVE-2015-6103 CVE-2015-6104 CVE-2015-6109 CVE-2015-6113 |
Included Updates: 2919355 3097877 3101746 3105211 3105213 3105864 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-123 |
Title: Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content. | ||||
| Vulnerabilities: CVE-2015-6061 |
Included Updates: 3085634 3096735 3096736 3096738 3101496 3105872 |
Applies to: Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Lync Room System Microsoft Skype for Business 2016 |
||
| Bulletin ID: MS15-122 |
Title: Security Update for Kerberos to Address Security Feature Bypass (3105256) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer. | ||||
| Vulnerabilities: CVE-2015-6095 |
Included Updates: 2919355 3101246 3105211 3105213 3105256 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows 10 Windows 7 Windows 8 Windows 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-121 |
Title: Security Update for Schannel to Address Spoofing (3081320) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server. | ||||
| Vulnerabilities: CVE-2015-6112 |
Included Updates: 3081320 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-120 |
Title: Security Update for IPSec to Address Denial of Service (3102939) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials. | ||||
| Vulnerabilities: CVE-2015-6111 |
Included Updates: 3102939 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-119 |
Title: Security Update for Winsock to Address Elevation of Privilege (3104521) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability. | ||||
| Vulnerabilities: CVE-2015-2478 |
Included Updates: 2919355 3092601 3104521 3105211 3105213 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-118 |
Title: Security Update for .NET Framework to Address Elevation of Privilege (3104507) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser. | ||||
| Vulnerabilities: CVE-2015-6096 CVE-2015-6099 CVE-2015-6115 |
Included Updates: 2919355 3097988 3097989 3097991 3097992 3097994 3097995 3097996 3097997 3097999 3098000 3098001 3098778 3098779 3098780 3098781 3098784 3098785 3098786 3104507 3118750 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-117 |
Title: Security Update for NDIS to Address Elevation of Privilege (3101722) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. | ||||
| Vulnerabilities: CVE-2015-6098 |
Included Updates: 3101722 |
Applies to: Maximum Security Impact by Affected Software Server Core installation option Vulnerability Severity Rating Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
||
| Bulletin ID: MS15-116 |
Title: Security Update for Microsoft Office to Address Remote Code Execution (3104540) |
Update Type: Security Update |
Severity: Important |
Date: 2015-11-10 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2503 CVE-2015-6038 CVE-2015-6091 CVE-2015-6092 CVE-2015-6093 CVE-2015-6094 CVE-2015-6123 |
Included Updates: 2596614 2596770 2687406 2817478 2878230 2880506 2889915 2899473 2899516 2910978 2920680 2920698 2920726 2965313 3054793 3054978 3085477 3085511 3085548 3085551 3085552 3085561 3085584 3085594 3085614 3085634 3101359 3101360 3101364 3101365 3101367 3101370 3101371 3101496 3101499 3101506 3101507 3101509 3101510 3101512 3101513 3101514 3101521 3101525 3101526 3101529 3101533 3101543 3101544 3101553 3101554 3101555 3101558 3101559 3101560 3101564 3102924 3102925 3104540 3112369 |
Applies to: Maximum Security Impact by Affected Software Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software Vulnerability Severity Rating |
||
| Bulletin ID: MS15-114 |
Title: Security Update for Windows Journal to Address Remote Code Execution (3100213) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-11-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-6097 |
Included Updates: 3100213 |
Applies to: Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
||
| Bulletin ID: MS15-112 |
Title: Cumulative Security Update for Internet Explorer (3104517) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-11-10 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2427 CVE-2015-6064 CVE-2015-6065 CVE-2015-6066 CVE-2015-6068 CVE-2015-6069 CVE-2015-6070 CVE-2015-6071 CVE-2015-6072 CVE-2015-6073 CVE-2015-6074 CVE-2015-6075 CVE-2015-6076 CVE-2015-6077 CVE-2015-6078 CVE-2015-6079 CVE-2015-6080 CVE-2015-6081 CVE-2015-6082 CVE-2015-6084 CVE-2015-6085 CVE-2015-6086 CVE-2015-6087 CVE-2015-6088 CVE-2015-6089 |
Included Updates: 3100773 3104517 3105211 3105213 3154996 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-099 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-11-10 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2520 CVE-2015-2521 CVE-2015-2522 CVE-2015-2523 CVE-2015-2545 |
Included Updates: 2910993 2920693 3054813 3054932 3054965 3054987 3054993 3054995 3085483 3085487 3085501 3085502 3085526 3085543 3085560 3085572 3085620 3085635 3088501 3089664 |
Applies to: Maximum Security Impact by Affected Software Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office for Mac 2011 Microsoft Office for Mac 2016 Other Office Software Vulnerability Severity Rating |
||
| Bulletin ID: MS15-106 |
Title: Cumulative Security Update for Internet Explorer (3096441) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-10-29 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2482 CVE-2015-6042 CVE-2015-6044 CVE-2015-6045 CVE-2015-6046 CVE-2015-6047 CVE-2015-6048 CVE-2015-6049 CVE-2015-6050 CVE-2015-6051 CVE-2015-6052 CVE-2015-6053 CVE-2015-6055 CVE-2015-6056 CVE-2015-6059 CVE-2015-6184 |
Included Updates: 3093983 3096441 3097617 3105210 3119070 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-110 |
Title: Security Updates for Microsoft Office to Address Remote Code Execution (3096440) |
Update Type: Security Update |
Severity: Important |
Date: 2015-10-13 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2555 CVE-2015-2556 CVE-2015-2557 CVE-2015-2558 CVE-2015-6037 CVE-2015-6039 |
Included Updates: 2553405 2596670 2920693 3054994 3085514 3085520 3085542 3085567 3085568 3085571 3085582 3085583 3085595 3085596 3085609 3085615 3085618 3085619 3096440 3097264 3097266 |
Applies to: Maximum Security Impact by Affected Software Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office for Mac 2011 Other Office Software Vulnerability Severity Rating |
||
| Bulletin ID: MS15-109 |
Title: Security Update for Windows Shell to Address Remote Code Execution (3096443) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-10-13 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online. | ||||
| Vulnerabilities: CVE-2015-2515 CVE-2015-2548 |
Included Updates: 2919355 3080446 3093513 3096443 3097617 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-108 |
Title: Security Update for JScript and VBScript to Address Remote Code Execution (3089659) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-10-13 |
| Description: This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website. | ||||
| Vulnerabilities: CVE-2015-2482 CVE-2015-6052 CVE-2015-6055 CVE-2015-6059 |
Included Updates: 3089659 3094995 3094996 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
||
| Bulletin ID: MS15-100 |
Title: Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918) |
Update Type: Security Update |
Severity: Important |
Date: 2015-10-13 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2509 |
Included Updates: 3087918 |
Applies to: Windows 7 Windows 8 Windows Vista |
||
| Bulletin ID: MS15-081 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-10-13 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1642 CVE-2015-2423 CVE-2015-2466 CVE-2015-2467 CVE-2015-2468 CVE-2015-2469 CVE-2015-2470 CVE-2015-2477 |
Included Updates: 2553313 2596650 2598244 2687409 2837610 2920691 2920708 2965280 2965310 2986254 3039734 3039798 3054816 3054858 3054876 3054888 3054929 3054960 3054974 3054991 3054992 3055003 3055029 3055030 3055033 3055037 3055039 3055044 3055051 3055052 3055053 3055054 3080790 3081349 3082420 3085538 |
Applies to: Maximum Security Impact by Affected Software Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office for Mac 2011 Microsoft Office for Mac 2016 Other Office Software Vulnerability Severity Rating |
||
| Bulletin ID: MS15-046 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181) |
Update Type: Security Update |
Severity: Important |
Date: 2015-10-13 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1682 CVE-2015-1683 |
Included Updates: 2956140 2956193 2956194 2956195 2965233 2965237 2965240 2965242 2965282 2965307 2965311 2975808 2975816 2986216 2999412 2999420 3017815 3023055 3039725 3039736 3039748 3054833 3054834 3054835 3054838 3054839 3054840 3054841 3054842 3054843 3054845 3054847 3054848 3057181 3062536 3085544 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office for Mac Other Office Software |
||
| Bulletin ID: MS15-097 |
Title: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-09-30 |
| Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts. | ||||
| Vulnerabilities: CVE-2015-2506 CVE-2015-2507 CVE-2015-2508 CVE-2015-2510 CVE-2015-2511 CVE-2015-2512 CVE-2015-2517 CVE-2015-2518 CVE-2015-2527 CVE-2015-2529 CVE-2015-2546 |
Included Updates: 2910994 2919355 3081087 3081088 3081089 3081090 3081091 3081455 3085500 3085529 3085546 3086255 3087039 3087135 3089656 3099414 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-105 |
Title: Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to incorrectly apply access control list (ACL) configuration settings. Customers who have not enabled the Hyper-V role are not affected. | ||||
| Vulnerabilities: CVE-2015-2534 |
Included Updates: 2919355 3087088 3091287 |
Applies to: Server Core installation option Windows 10 Windows 8.1 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-104 |
Title: Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL. | ||||
| Vulnerabilities: CVE-2015-2531 CVE-2015-2532 CVE-2015-2536 |
Included Updates: 3061064 3080353 3089952 |
Applies to: Microsoft Lync Server 2013 Skype for Business Server 2015 |
||
| Bulletin ID: MS15-103 |
Title: Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content. | ||||
| Vulnerabilities: CVE-2015-2505 CVE-2015-2543 CVE-2015-2544 |
Included Updates: 3087126 3089250 |
Applies to: Microsoft Server Software |
||
| Bulletin ID: MS15-102 |
Title: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. | ||||
| Vulnerabilities: CVE-2015-2524 CVE-2015-2525 CVE-2015-2528 |
Included Updates: 3082089 3084135 3089657 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-101 |
Title: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so. | ||||
| Vulnerabilities: CVE-2015-2504 CVE-2015-2526 |
Included Updates: 2919355 3074228 3074229 3074230 3074231 3074232 3074233 3074541 3074543 3074544 3074545 3074547 3074548 3074549 3074550 3074552 3074553 3074554 3089662 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-098 |
Title: Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2513 CVE-2015-2514 CVE-2015-2516 CVE-2015-2519 CVE-2015-2530 |
Included Updates: 2919355 3069114 3089669 |
Applies to: Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-096 |
Title: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain. | ||||
| Vulnerabilities: CVE-2015-2535 |
Included Updates: 3072595 |
Applies to: Server Core installation option Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-094 |
Title: Cumulative Security Update for Internet Explorer (3089548) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2483 CVE-2015-2484 CVE-2015-2485 CVE-2015-2486 CVE-2015-2487 CVE-2015-2489 CVE-2015-2490 CVE-2015-2491 CVE-2015-2492 CVE-2015-2493 CVE-2015-2494 CVE-2015-2498 CVE-2015-2499 CVE-2015-2500 CVE-2015-2501 CVE-2015-2541 CVE-2015-2542 |
Included Updates: 3081455 3087038 3089548 934307 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-083 |
Title: Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921) |
Update Type: Security Update |
Severity: Important |
Date: 2015-09-08 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to the SMB server error logging. | ||||
| Vulnerabilities: CVE-2015-2474 |
Included Updates: 3073921 |
Applies to: Server Core installation option Windows Server 2008 Windows Vista |
||
| Bulletin ID: MS15-080 |
Title: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-09-08 |
| Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. | ||||
| Vulnerabilities: CVE-2015-2431 CVE-2015-2432 CVE-2015-2433 CVE-2015-2435 CVE-2015-2453 CVE-2015-2454 CVE-2015-2455 CVE-2015-2456 CVE-2015-2458 CVE-2015-2459 CVE-2015-2460 CVE-2015-2461 CVE-2015-2462 CVE-2015-2463 CVE-2015-2464 CVE-2015-2465 |
Included Updates: 2919355 3054846 3054890 3055014 3072303 3072305 3072306 3072307 3072309 3072310 3072311 3075590 3075591 3075592 3075593 3078601 3078662 3079743 3080333 3081436 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-093 |
Title: Security Update for Internet Explorer (3088903) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-08-20 |
| Description: This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2502 |
Included Updates: 3081444 3087985 3088903 934307 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-092 |
Title: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so. | ||||
| Vulnerabilities: CVE-2015-2479 CVE-2015-2480 CVE-2015-2481 |
Included Updates: 3083184 3083185 3083186 3086251 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-090 |
Title: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox. | ||||
| Vulnerabilities: CVE-2015-2428 CVE-2015-2429 CVE-2015-2430 |
Included Updates: 3060716 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-089 |
Title: Vulnerability in WebDAV Could Allow Information Disclosure (3076949) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic. | ||||
| Vulnerabilities: CVE-2015-2476 |
Included Updates: 3076949 |
Applies to: Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-088 |
Title: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081. | ||||
| Vulnerabilities: CVE-2015-2423 |
Included Updates: 2919355 3046017 3079757 3080057 3080790 3082442 3082458 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-087 |
Title: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed. | ||||
| Vulnerabilities: CVE-2015-2475 |
Included Updates: 3073893 3082459 3087119 |
Applies to: Server Core installation option Windows Server 2008 |
||
| Bulletin ID: MS15-086 |
Title: Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website. | ||||
| Vulnerabilities: CVE-2015-2420 |
Included Updates: 3064919 3071088 3071089 3075158 |
Applies to: Microsoft System Center 2012 Operations Manager Microsoft System Center 2012 Operations Manager R2 |
||
| Bulletin ID: MS15-085 |
Title: Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it. | ||||
| Vulnerabilities: CVE-2015-1769 |
Included Updates: 2919355 3071756 3081436 3082487 |
Applies to: Server Core installation option Windows 10 Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-084 |
Title: Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message. | ||||
| Vulnerabilities: CVE-2015-2434 CVE-2015-2440 CVE-2015-2471 |
Included Updates: 2825645 2919355 3076895 3080129 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-082 |
Title: Vulnerabilities in RDP Could Allow Remote Code Execution (3080348) |
Update Type: Security Update |
Severity: Important |
Date: 2015-08-11 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-2472 CVE-2015-2473 |
Included Updates: 2919355 3073094 3075220 3075221 3075222 3075226 3080348 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-079 |
Title: Cumulative Security Update for Internet Explorer (3082442) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-08-11 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2423 CVE-2015-2441 CVE-2015-2442 CVE-2015-2443 CVE-2015-2444 CVE-2015-2445 CVE-2015-2446 CVE-2015-2447 CVE-2015-2448 CVE-2015-2449 CVE-2015-2450 CVE-2015-2451 CVE-2015-2452 |
Included Updates: 3078071 3082442 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-078 |
Title: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-07-20 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts. | ||||
| Vulnerabilities: CVE-2015-2426 |
Included Updates: 3079904 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-077 |
Title: Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-2387 |
Included Updates: 3077657 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-076 |
Title: Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-2370 |
Included Updates: 3067505 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-075 |
Title: Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run through Internet Explorer. Once the other vulnerability has been exploited, an attacker could then exploit the vulnerabilities addressed in this bulletin to cause arbitrary code to run at a medium integrity level. | ||||
| Vulnerabilities: CVE-2015-2416 CVE-2015-2417 |
Included Updates: 3072633 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-074 |
Title: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. | ||||
| Vulnerabilities: CVE-2015-2371 |
Included Updates: 3072630 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-073 |
Title: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. | ||||
| Vulnerabilities: CVE-2015-2363 CVE-2015-2365 CVE-2015-2366 CVE-2015-2367 CVE-2015-2381 CVE-2015-2382 |
Included Updates: 3070102 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-072 |
Title: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. An attacker must first log on to the system to exploit this vulnerability. | ||||
| Vulnerabilities: CVE-2015-2364 |
Included Updates: 3069392 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-071 |
Title: Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC). | ||||
| Vulnerabilities: CVE-2015-2374 |
Included Updates: 3068457 |
Applies to: Server Core installation option Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-070 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-2375 CVE-2015-2376 CVE-2015-2377 CVE-2015-2378 CVE-2015-2379 CVE-2015-2380 CVE-2015-2415 CVE-2015-2424 |
Included Updates: 2837612 2965208 2965209 2965281 2965283 3054861 3054949 3054958 3054963 3054968 3054971 3054973 3054981 3054990 3054996 3054999 3072620 3073865 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT Microsoft Office for Mac Other Office Software |
||
| Bulletin ID: MS15-069 |
Title: Vulnerabilities in Windows Could Allow Remote Code Execution (3072631) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-2368 CVE-2015-2369 |
Included Updates: 2919355 3061512 3067903 3070738 3072631 |
Applies to: Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-068 |
Title: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability. | ||||
| Vulnerabilities: CVE-2015-2361 CVE-2015-2362 |
Included Updates: 2919355 3046339 3046359 3072000 |
Applies to: Server Core installation option Windows 8 Windows 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-067 |
Title: Vulnerability in RDP Could Allow Remote Code Execution (3073094) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. | ||||
| Vulnerabilities: CVE-2015-2373 |
Included Updates: 2919355 3067904 3069762 3073094 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows Server 2012 |
||
| Bulletin ID: MS15-066 |
Title: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-07-14 |
| Description: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-2372 |
Included Updates: 3068364 3068368 3068404 3072604 |
Applies to: Server Core installation Windows Server 2003 Windows Server 2008 Windows Vista |
||
| Bulletin ID: MS15-065 |
Title: Security Update for Internet Explorer (3076321) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1729 CVE-2015-1733 CVE-2015-1738 CVE-2015-1767 CVE-2015-2372 CVE-2015-2383 CVE-2015-2384 CVE-2015-2385 CVE-2015-2388 CVE-2015-2389 CVE-2015-2390 CVE-2015-2391 CVE-2015-2397 CVE-2015-2398 CVE-2015-2401 CVE-2015-2402 CVE-2015-2403 CVE-2015-2404 CVE-2015-2406 CVE-2015-2408 CVE-2015-2410 CVE-2015-2411 CVE-2015-2412 CVE-2015-2413 CVE-2015-2414 CVE-2015-2419 CVE-2015-2421 CVE-2015-2422 CVE-2015-2425 |
Included Updates: 3065822 3074886 3075516 3076321 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-058 |
Title: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database. | ||||
| Vulnerabilities: CVE-2015-1761 CVE-2015-1762 CVE-2015-1763 |
Included Updates: 3045303 3045305 3045308 3045311 3045312 3045313 3045314 3045316 3045317 3045318 3045319 3045321 3045323 3045324 3065718 3070446 |
Applies to: SQL Server 2008 R2 Service Pack 2 SQL Server 2008 R2 Service Pack 3 SQL Server 2008 Service Pack 3 SQL Server 2008 Service Pack 4 SQL Server 2012 Service Pack 1 SQL Server 2012 Service Pack 2 SQL Server 2014 |
||
| Bulletin ID: MS15-006 |
Title: Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365) |
Update Type: Security Update |
Severity: Important |
Date: 2015-07-14 |
| Description: This security update resolves a privately reported vulnerability in Windows Error Reporting (WER). The vulnerability could allow security feature bypass if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain access to the memory of a running process. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-0001 |
Included Updates: 3004365 |
Applies to: Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-044 |
Title: Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-06-23 |
| Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts. | ||||
| Vulnerabilities: CVE-2015-1670 CVE-2015-1671 |
Included Updates: 2844699 2881073 2883029 3037575 3039779 3045171 3048068 3048070 3048071 3048072 3048073 3048074 3048077 3051464 3051465 3051466 3051467 3056819 3057110 3057781 3065979 887012 912203 934307 971512 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-057 |
Title: Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-06-17 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1728 |
Included Updates: 3033890 |
Applies to: Windows 7 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Vista |
||
| Bulletin ID: MS15-064 |
Title: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157) |
Update Type: Security Update |
Severity: Important |
Date: 2015-06-09 |
| Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message. | ||||
| Vulnerabilities: CVE-2015-1764 CVE-2015-1771 CVE-2015-2359 |
Included Updates: 3062157 |
Applies to: Microsoft Server Software |
||
| Bulletin ID: MS15-063 |
Title: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858) |
Update Type: Security Update |
Severity: Important |
Date: 2015-06-09 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share. An attacker would then have to wait for a user to run a program that can load a malicious .dll file, resulting in elevation of privilege. However, in all cases an attacker would have no way to force a user to visit such a network share or website. | ||||
| Vulnerabilities: CVE-2015-1758 |
Included Updates: 3063858 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows RT Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Vista |
||
| Bulletin ID: MS15-062 |
Title: Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577) |
Update Type: Security Update |
Severity: Important |
Date: 2015-06-09 |
| Description: This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur. | ||||
| Vulnerabilities: CVE-2015-1757 |
Included Updates: 3062577 |
Applies to: Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 |
||
| Bulletin ID: MS15-061 |
Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839) |
Update Type: Security Update |
Severity: Important |
Date: 2015-06-09 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-1719 CVE-2015-1720 CVE-2015-1721 CVE-2015-1722 CVE-2015-1723 CVE-2015-1724 CVE-2015-1725 CVE-2015-1726 CVE-2015-1727 CVE-2015-1768 CVE-2015-2360 |
Included Updates: 3057839 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-060 |
Title: Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317) |
Update Type: Security Update |
Severity: Important |
Date: 2015-06-09 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer. | ||||
| Vulnerabilities: CVE-2015-1756 |
Included Updates: 3059317 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-059 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949) |
Update Type: Security Update |
Severity: Important |
Date: 2015-06-09 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1759 CVE-2015-1760 CVE-2015-1770 |
Included Updates: 2863812 2863817 3039749 3039782 3064949 |
Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2013 RT |
||
| Bulletin ID: MS15-056 |
Title: Cumulative Security Update for Internet Explorer (3058515) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-06-09 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1687 CVE-2015-1730 CVE-2015-1731 CVE-2015-1732 CVE-2015-1735 CVE-2015-1736 CVE-2015-1737 CVE-2015-1739 CVE-2015-1740 CVE-2015-1741 CVE-2015-1742 CVE-2015-1743 CVE-2015-1744 CVE-2015-1745 CVE-2015-1747 CVE-2015-1748 CVE-2015-1750 CVE-2015-1751 CVE-2015-1752 CVE-2015-1753 CVE-2015-1754 CVE-2015-1755 CVE-2015-1765 CVE-2015-1766 |
Included Updates: 3058515 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-018 |
Title: Cumulative Security Update for Internet Explorer (3032359) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-05-14 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-0032 CVE-2015-0056 CVE-2015-0072 CVE-2015-0099 CVE-2015-0100 CVE-2015-1622 CVE-2015-1623 CVE-2015-1624 CVE-2015-1625 CVE-2015-1626 CVE-2015-1627 CVE-2015-1634 |
Included Updates: 3032359 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-015 |
Title: Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-14 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. | ||||
| Vulnerabilities: CVE-2015-0062 |
Included Updates: 3031432 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-009 |
Title: Security Update for Internet Explorer (3034682) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-05-14 |
| Description: This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2014-8967 CVE-2015-0017 CVE-2015-0018 CVE-2015-0019 CVE-2015-0020 CVE-2015-0021 CVE-2015-0022 CVE-2015-0023 CVE-2015-0025 CVE-2015-0026 CVE-2015-0027 CVE-2015-0028 CVE-2015-0029 CVE-2015-0030 CVE-2015-0031 CVE-2015-0035 CVE-2015-0036 CVE-2015-0037 CVE-2015-0038 CVE-2015-0039 CVE-2015-0040 CVE-2015-0041 CVE-2015-0042 CVE-2015-0043 CVE-2015-0044 CVE-2015-0045 CVE-2015-0046 CVE-2015-0048 CVE-2015-0049 CVE-2015-0050 CVE-2015-0051 CVE-2015-0052 CVE-2015-0053 CVE-2015-0054 CVE-2015-0055 CVE-2015-0066 CVE-2015-0067 CVE-2015-0068 CVE-2015-0069 CVE-2015-0070 CVE-2015-0071 |
Included Updates: 3021952 3034196 3034682 |
Applies to: 3021952 3034196 |
||
| Bulletin ID: MS15-055 |
Title: Vulnerability in Schannel Could Allow Information Disclosure (3061518) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. A server needs to support 512-bit DHE key lengths for an attack to be successful; the minimum allowable DHE key length in default configurations of Windows servers is 1024 bits. | ||||
| Vulnerabilities: CVE-2015-1716 |
Included Updates: 3061518 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-054 |
Title: Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to open a share containing a specially crafted .msc file. However, an attacker would have no way of forcing a user to visit the share or view the file. | ||||
| Vulnerabilities: CVE-2015-1681 |
Included Updates: 3051768 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-053 |
Title: Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these ASLR bypasses in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. | ||||
| Vulnerabilities: CVE-2015-1684 CVE-2015-1686 |
Included Updates: 262841 3050941 3050945 3050946 3057263 934307 |
Applies to: Server Core installation Windows Server 2003 Windows Server 2008 Windows Vista |
||
| Bulletin ID: MS15-052 |
Title: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application. | ||||
| Vulnerabilities: CVE-2015-1674 |
Included Updates: 3050514 |
Applies to: Server Core installation option Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-050 |
Title: Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves a vulnerability in Windows Service Control Manager (SCM), which is caused when SCM improperly verifies impersonation levels. The vulnerability could allow elevation of privilege if an attacker can first log on to the system and then run a specially crafted application designed to increase privileges. | ||||
| Vulnerabilities: CVE-2015-1702 |
Included Updates: 3055642 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-048 |
Title: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application. | ||||
| Vulnerabilities: CVE-2015-1672 CVE-2015-1673 |
Included Updates: 3023211 3023213 3023215 3023217 3023219 3023220 3023221 3023222 3023223 3023224 3032655 3032662 3032663 3035485 3035486 3035487 3035488 3035489 3035490 3057134 |
Applies to: Server Core installation option Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-047 |
Title: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083) |
Update Type: Security Update |
Severity: Important |
Date: 2015-05-12 |
| Description: This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. | ||||
| Vulnerabilities: CVE-2015-1700 |
Included Updates: 2760412 2956192 3054792 3058083 887012 912203 |
Applies to: Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 |
||
| Bulletin ID: MS15-045 |
Title: Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-05-12 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1675 CVE-2015-1695 CVE-2015-1696 CVE-2015-1697 CVE-2015-1698 CVE-2015-1699 |
Included Updates: 3046002 |
Applies to: Windows 7 Windows 8 Windows 8.1 Windows RT Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Vista |
||
| Bulletin ID: MS15-043 |
Title: Cumulative Security Update for Internet Explorer (3049563) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-05-12 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1658 CVE-2015-1684 CVE-2015-1685 CVE-2015-1686 CVE-2015-1688 CVE-2015-1689 CVE-2015-1691 CVE-2015-1692 CVE-2015-1694 CVE-2015-1703 CVE-2015-1704 CVE-2015-1705 CVE-2015-1706 CVE-2015-1708 CVE-2015-1709 CVE-2015-1710 CVE-2015-1711 CVE-2015-1712 CVE-2015-1713 CVE-2015-1714 CVE-2015-1717 CVE-2015-1718 |
Included Updates: 3049563 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-035 |
Title: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-05-04 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages. | ||||
| Vulnerabilities: CVE-2015-1645 |
Included Updates: 3046306 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-033 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-04-17 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-1639 CVE-2015-1641 CVE-2015-1649 CVE-2015-1650 CVE-2015-1651 |
Included Updates: 2553164 2553428 2965210 2965215 2965224 2965236 2965238 2965284 2965289 2965306 3048019 3051737 3055707 887012 912203 |
Applies to: Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office for Mac 2011 Microsoft Outlook for Mac for Office 365 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word Viewer Microsoft Word for Mac 2011 |
||
| Bulletin ID: MS15-042 |
Title: Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. Note that the denial of service does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host; however, it could cause other VMs on the host to not be manageable in Virtual Machine Manager. | ||||
| Vulnerabilities: CVE-2015-1647 |
Included Updates: 3047234 |
Applies to: Windows 8.1 for x64-based Systems Windows Server 2012 R2 |
||
| Bulletin ID: MS15-041 |
Title: Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploited the vulnerability would be able to view parts of a web configuration file, which could expose sensitive information. | ||||
| Vulnerabilities: CVE-2015-1648 |
Included Updates: 3037572 3037573 3037574 3037575 3037576 3037577 3037578 3037579 3037580 3037581 3048010 |
Applies to: Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4 Microsoft .NET Framework 4.5.1/4.5.2 Microsoft .NET Framework 4.5/4.5.1/4.5.2 |
||
| Bulletin ID: MS15-040 |
Title: Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves a vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off. | ||||
| Vulnerabilities: CVE-2015-1638 |
Included Updates: 3045711 |
Applies to: Active Directory Federation Services 3.0 |
||
| Bulletin ID: MS15-039 |
Title: Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a user clicks a specially crafted link. In all cases, however, an attacker would have no way to force users to click a specially crafted link; an attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message. | ||||
| Vulnerabilities: CVE-2015-1646 |
Included Updates: 3046482 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-038 |
Title: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. To exploit these vulnerabilities, an attacker would first have to log on to the system. | ||||
| Vulnerabilities: CVE-2015-1643 CVE-2015-1644 |
Included Updates: 3045685 3045999 3049576 934307 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 R2 Service Pack 2 Windows Server 2003 R2 x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-037 |
Title: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-0098 |
Included Updates: 3046269 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
||
| Bulletin ID: MS15-036 |
Title: Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044) |
Update Type: Security Update |
Severity: Important |
Date: 2015-04-14 |
| Description: This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser. | ||||
| Vulnerabilities: CVE-2015-1640 CVE-2015-1653 |
Included Updates: 2965219 2965278 2965302 3052044 887012 912203 |
Applies to: Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2013 Service Pack 1 |
||
| Bulletin ID: MS15-034 |
Title: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-04-14 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. | ||||
| Vulnerabilities: CVE-2015-1635 |
Included Updates: 3042553 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-032 |
Title: Cumulative Security Update for Internet Explorer (3038314) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-04-14 |
| Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: |
Included Updates: 3038314 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS14-018 |
Title: Cumulative Security Update for Internet Explorer (2950467) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-04-07 |
| Description: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2014-0325 CVE-2014-1751 CVE-2014-1752 CVE-2014-1753 CVE-2014-1755 CVE-2014-1760 |
Included Updates: 2919355 2950467 |
Applies to: Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
| Bulletin ID: MS15-027 |
Title: Vulnerability in NETLOGON Could Allow Spoofing (3002657) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-16 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic. | ||||
| Vulnerabilities: CVE-2015-0005 |
Included Updates: 3002657 |
Applies to: Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-025 |
Title: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-16 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts potentially with full user rights. | ||||
| Vulnerabilities: CVE-2015-0073 CVE-2015-0075 |
Included Updates: 3033395 3035131 3038680 934307 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-031 |
Title: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected. | ||||
| Vulnerabilities: CVE-2015-1637 |
Included Updates: 3046049 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-030 |
Title: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker creates multiple Remote Desktop Protocol (RDP) sessions that fail to properly free objects in memory. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. | ||||
| Vulnerabilities: CVE-2015-0079 |
Included Updates: 3035017 3036493 3039976 934307 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-029 |
Title: Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted JPEG XR (.JXR) image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. | ||||
| Vulnerabilities: CVE-2015-0076 |
Included Updates: 3035126 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-028 |
Title: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run. An attacker who successfully exploited this vulnerability could bypass access control list (ACL) checks and run privileged executables. | ||||
| Vulnerabilities: CVE-2015-0084 |
Included Updates: 3030377 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-026 |
Title: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL. | ||||
| Vulnerabilities: CVE-2015-1628 CVE-2015-1629 CVE-2015-1630 CVE-2015-1631 CVE-2015-1632 |
Included Updates: 3040856 |
Applies to: Microsoft Exchange Server 2013 Cumulative Update 7 Microsoft Exchange Server 2013 Service Pack 1 |
||
| Bulletin ID: MS15-024 |
Title: Vulnerability in PNG Processing Could Allow Information Disclosure (3035132) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker convinces a user to visit a website that contains specially crafted PNG images. | ||||
| Vulnerabilities: CVE-2015-0080 |
Included Updates: 3035132 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-023 |
Title: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344) |
Update Type: Security Update |
Severity: Important |
Date: 2015-03-10 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application designed to increase privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. | ||||
| Vulnerabilities: CVE-2015-0077 CVE-2015-0078 CVE-2015-0094 CVE-2015-0095 |
Included Updates: 3034344 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-022 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-03-10 |
| Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-0085 CVE-2015-0086 CVE-2015-0097 CVE-2015-1633 CVE-2015-1636 |
Included Updates: 2737989 2760361 2760508 2760554 2880473 2881068 2881078 2883100 2889839 2899580 2920731 2920812 2956069 2956076 2956103 2956106 2956107 2956109 2956136 2956138 2956139 2956142 2956143 2956151 2956153 2956158 2956163 2956175 2956180 2956181 2956183 2956188 2956189 2956208 2984939 3038999 887012 912203 |
Applies to: MS15-012 Microsoft Excel 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel Viewer Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 (32-bit editions) Microsoft Office 2013 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office Compatibility Pack Service Pack 3 Microsoft PowerPoint 2007 Service Pack 3 Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 (32-bit editions) Microsoft Word 2013 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word Viewer |
||
| Bulletin ID: MS15-021 |
Title: Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-03-10 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted file or website. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-0074 CVE-2015-0087 CVE-2015-0088 CVE-2015-0089 CVE-2015-0090 CVE-2015-0091 CVE-2015-0092 CVE-2015-0093 |
Included Updates: 3032323 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-020 |
Title: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-03-10 |
| Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or open a file in a working directory that contains a specially crafted DLL file. | ||||
| Vulnerabilities: CVE-2015-0081 CVE-2015-0096 |
Included Updates: 3033889 3039066 3041836 934307 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-019 |
Title: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-03-10 |
| Description: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-0032 |
Included Updates: 262841 3030398 3030403 3030630 3040297 934307 |
Applies to: VBScript 5.6 VBScript 5.7 VBScript 5.8 |
||
| Bulletin ID: MS14-084 |
Title: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-03-10 |
| Description: This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2014-6363 |
Included Updates: 3012168 3012172 3012176 3016711 |
Applies to: VBScript 5.6 VBScript 5.7 VBScript 5.8 |
||
| Bulletin ID: MS15-017 |
Title: Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) |
Update Type: Security Update |
Severity: Important |
Date: 2015-02-10 |
| Description: This security update resolves a privately reported vulnerability in Virtual Machine Manager (VMM). The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability. | ||||
| Vulnerabilities: CVE-2015-0012 |
Included Updates: 3023195 3035898 |
Applies to: VMM Server update 3023195 |
||
| Bulletin ID: MS15-016 |
Title: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) |
Update Type: Security Update |
Severity: Important |
Date: 2015-02-10 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted TIFF image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. | ||||
| Vulnerabilities: CVE-2015-0061 |
Included Updates: 3029944 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-014 |
Title: Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) |
Update Type: Security Update |
Severity: Important |
Date: 2015-02-10 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker, by way of a man-in-the-middle attack, causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable. This results in the Group Policy settings on the system to revert to their default, and potentially less secure, state. | ||||
| Vulnerabilities: CVE-2015-0009 |
Included Updates: 3004361 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-013 |
Title: Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) |
Update Type: Security Update |
Severity: Important |
Date: 2015-02-10 |
| Description: This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code. | ||||
| Vulnerabilities: CVE-2014-6362 |
Included Updates: 2910941 2920748 2920795 3033857 |
Applies to: Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 (32-bit editions) Microsoft Office 2013 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) |
||
| Bulletin ID: MS15-012 |
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328) |
Update Type: Security Update |
Severity: Important |
Date: 2015-02-10 |
| Description: This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-0063 CVE-2015-0064 CVE-2015-0065 |
Included Updates: 2920753 2920788 2920791 2920810 2956058 2956066 2956070 2956073 2956081 2956092 2956097 2956098 2956099 3032328 |
Applies to: Microsoft Excel 2007 Service Pack 3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 (32-bit editions) Microsoft Excel 2013 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel Viewer Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office Compatibility Pack Service Pack 3 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word Viewer |
||
| Bulletin ID: MS15-011 |
Title: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-02-10 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Vulnerabilities: CVE-2015-0008 |
Included Updates: 3000483 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-010 |
Title: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-02-10 |
| Description: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts. | ||||
| Vulnerabilities: CVE-2015-0003 CVE-2015-0010 CVE-2015-0057 CVE-2015-0058 CVE-2015-0059 CVE-2015-0060 CVE-2015-2010 |
Included Updates: 3013455 3023562 3036220 934307 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-008 |
Title: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215) |
Update Type: Security Update |
Severity: Important |
Date: 2015-01-13 |
| Description: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. | ||||
| Vulnerabilities: CVE-2015-0011 |
Included Updates: 3019215 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-007 |
Title: Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029) |
Update Type: Security Update |
Severity: Important |
Date: 2015-01-13 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service on an Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to the IAS or NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS. | ||||
| Vulnerabilities: CVE-2015-0015 |
Included Updates: 3014029 |
Applies to: Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS15-005 |
Title: Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777) |
Update Type: Security Update |
Severity: Important |
Date: 2015-01-13 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass by unintentionally relaxing the firewall policy and/or configuration of certain services when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic initiated by the victim. | ||||
| Vulnerabilities: CVE-2015-0006 |
Included Updates: 3022777 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-004 |
Title: Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421) |
Update Type: Security Update |
Severity: Important |
Date: 2015-01-13 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2015-0016 |
Included Updates: 3019978 3020387 3020388 3023299 3025421 934307 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-003 |
Title: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674) |
Update Type: Security Update |
Severity: Important |
Date: 2015-01-13 |
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. A local attacker who successfully exploited this vulnerability could run arbitrary code on a target system with elevated privileges. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. | ||||
| Vulnerabilities: CVE-2015-0004 |
Included Updates: 3021674 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-002 |
Title: Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-01-13 |
| Description: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to an affected Windows server. Only customers who enable this service are vulnerable. By default, Telnet is installed but not enabled on Windows Server 2003. Telnet is not installed by default on Windows Vista and later operating systems. | ||||
| Vulnerabilities: CVE-2015-0014 |
Included Updates: 3020393 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2003 Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2012 Windows Server 2012 R2 Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 |
||
| Bulletin ID: MS15-001 |
Title: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266) |
Update Type: Security Update |
Severity: Important |
Date: 2015-01-13 |
| Description: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could bypass existing permission checks that are performed during cache modification in the Microsoft Windows Application Compatibility component and execute arbitrary code with elevated privileges. | ||||
| Vulnerabilities: CVE-2015-0002 |
Included Updates: 3023266 |
Applies to: Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for x64-based Systems Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 |
||
| Bulletin ID: MS14-080 |
Title: Cumulative Security Update for Internet Explorer (3008923) |
Update Type: Security Update |
Severity: Critical |
Date: 2015-01-13 |
| Description: This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. | ||||
| Vulnerabilities: CVE-2014-6327 CVE-2014-6328 CVE-2014-6329 CVE-2014-6330 CVE-2014-6363 CVE-2014-6365 CVE-2014-6366 CVE-2014-6368 CVE-2014-6369 CVE-2014-6373 CVE-2014-6374 CVE-2014-6375 CVE-2014-6376 CVE-2014-8966 |
Included Updates: 3008923 3029449 |
Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
||
