Microsoft March Patch Tuesday
Overview of the March 2015 Microsoft patches and their status.
# | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS15-018 | Cumulative Security Update For Internet Explorer (Replaces MS15-009 ) (note that for IE8 and later, the VBScript vulnerability CVE-2015-0032 is addressed by MS15-019) | |||||
Internet Explorer CVE-2015-0032 CVE-2015-0056 CVE-2015-0072 CVE-2015-0099 CVE-2015-0100 CVE-2015-1622 CVE-2015-1623 CVE-2015-1624 CVE-2015-1625 CVE-2015-1626 CVE-2015-1627 CVE-2015-1634 |
KB 3040297 | CVE-2015-1625 has been disclosed in public, but no exploits seen yet.. | Severity:Critical Exploitability: 1 |
Critical | Critical | |
MS15-019 | Remote Code Execution Vulnerability in VBScript Scripting Engine (Replaces MS14-084 ) | |||||
VBScript CVE-2015-0032 |
KB 3040297 | no known exploits. | Severity:Critical Exploitability: 1 |
Critical | Important | |
MS15-020 | Remote Code Execution Via Loading Untrusted DLLs and Windows Text Service Memory Corruption (Replaces MS14-027 ) | |||||
Windows Text Services CVE-2015-0081 CVE-2015-0096 |
KB 3041836 | no known exploits. | Severity:Critical Exploitability: 2 |
Critical | Critical | |
MS15-021 | Remote Code Execution Vulnerability in Adobe Font Drivers (Replaces MS13-081 ) | |||||
Adobe Font Drivers CVE-2015-0074 CVE-2015-0087 CVE-2015-0088 CVE-2015-0089 CVE-2015-0090 CVE-2015-0091 CVE-2015-0092 CVE-2015-0093 |
KB 3032323 | no known exploits. | Severity:Critical Exploitability: 2 |
Critical | Important | |
MS15-022 | Remote Code Execution Vulnerability in Microsoft Office (Replaces MS13-072 MS14-022 MS14-023 MS14-050 MS14-073 MS15-012 ) | |||||
Microsoft Office CVE-2015-0085 CVE-2015-0086 CVE-2015-0097 CVE-2015-1633 CVE-2015-1636 |
KB 3038999 | no known exploits. | Severity:Critical Exploitability: 1 |
Critical | Important | |
MS15-023 | Elevation of Privilege Vulnerability in Kernel Mode Drivers (Replaces MS15-010 ) | |||||
Kernel Mode Drivers CVE-2015-0077 CVE-2015-0078 CVE-2015-0094 CVE-2015-0095 |
KB 3034344 | no known exploits. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-024 | Information Disclosure Vulnerability in PNG Processing (Replaces MS15-016 ) | |||||
Windows CVE-2015-0080 |
KB 3035132 | no known exploits. | Severity:Important Exploitability: 3 |
Important | Important | |
MS15-025 | Elevation of Privilege / Impersonation Vulnerability in Windows Kernel (Replaces MS13-031 MS15-010 MS15-015 ) | |||||
Windows Kernel CVE-2015-0073 CVE-2015-0075 |
KB 3038680 | no known exploits. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-026 | Cross Site Scripting Vulnerabilities in Microsoft Exchange Server | |||||
Microsoft Exchange Server CVE-2015-1628 CVE-2015-1629 CVE-2015-1630 CVE-2015-1631 CVE-2015-1632 |
KB 3040856 | no known exploits. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-027 | Spoofing Vulnerability in NETLOGON (Replaces MS10-101 ) | |||||
Windows CVE-2015-0005 |
KB 3002657 | no known exploits. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-028 | Access Control List Bypass via Windows Task Scheduler | |||||
Windows CVE-2015-0084 |
KB 3030377 | no known exploits. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-029 | Information Disclosure in Windows Photo Decoder | |||||
Windows Photo Decoder CVE-2015-0076 |
KB 3035126 | no known exploits. | Severity:Important Exploitability: 2 |
Important | Important | |
MS15-030 | Denial of Service Vulnerability in RDP (Replaces MS14-030 ) | |||||
Remote Desktop Protocol CVE-2015-0079 |
KB 3039976 | no known exploits. | Severity:Important Exploitability: 3 |
Important | Important | |
MS15-031 | Schannel Patch for FREAK | |||||
Schannel CVE-2015-1637 |
KB 3046049 | yes. | Severity:Important Exploitability: 1 |
Important | Important |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
Keywords: mspatchday
13 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
Anonymous
Mar 10th 2015
9 years ago
Anonymous
Mar 10th 2015
9 years ago
Anonymous
Mar 10th 2015
9 years ago
Anonymous
Mar 10th 2015
9 years ago
Anonymous
Mar 10th 2015
9 years ago
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/CVE-2015-0096-issue-patched-today-involves-failed-Stuxnet-fix/ba-p/6718402#.VP9GQFV4o50
Anonymous
Mar 10th 2015
9 years ago
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/CVE-2015-0096-issue-patched-today-involves-failed-Stuxnet-fix/ba-p/6718402
Anonymous
Mar 10th 2015
9 years ago
Anonymous
Mar 11th 2015
9 years ago
Does anyone experienced this behaviour?
Thanks, greetings
Peter
URLs:
- https://social.technet.microsoft.com/Forums/en-US/a08ad884-6b05-4632-8f28-2568eb97b636/update-kb3033929-fails-with-error-code-80004005?forum=w7itprosecurity
- http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb3033929-important-update-failed-reverted-changes/5a902e57-515d-4f15-91e6-eb73781ec382
Anonymous
Mar 11th 2015
9 years ago
http://windows.microsoft.com/en-us/windows7/Open-the-Windows-Update-troubleshooter
http://support.microsoft.com/kb/2509997
Anonymous
Mar 11th 2015
9 years ago