Tuesday, May 12, 2015

Microsoft Security Bulletin Release for May, 2015


Microsoft released thirteen (13) bulletins.  Three (3) bulletins are identified as Critical and the remaining ten (10) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Lync, Microsoft Silverlight, Microsoft Server Software and .NET Framework.  Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

For those who have had issues with .NET Framework updates, it is suggested that MS-041 be installed separately with a shut/down restart between other updates.

Also released was one new Security Advisory:
One Security Advisory was revised:

Critical:
  • MS15-043 -- Cumulative Security Update for Internet Explorer (3049563)
  • MS15-044 -- Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
  • MS15-045-- Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002) 
Important:
  • MS15-046 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181) 
  • MS15-047 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083) 
  • MS15-048 -- Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
  • MS15-049 -- Vulnerability in Silverlight Could Allow Elevation of Privilege (3058985)
  • MS15-050 -- Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)
  • MS15-051 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191) 
  • MS15-052 -- Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
  • MS15-053 -- Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263) 
  • MS15-054 -- Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768) 
  • MS15-055 -- Vulnerability in Schannel Could Allow Information Disclosure (3061518) 

Additional Update Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

  • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

  • Windows 8.x -- Non-security new features and improvements for Windows 8.1 are now included with the second Tuesday of the month updates.  Additional information about this change is available here.

  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...








    No comments: