April, 2015: Patch Tuesday: 4 Critical and 7 Important Patches

This April Patch Tuesday Bulletin brings 11 patches with it. There are 4 critical and 7 important with only a single bulletin addressing a vulnerability that is being actively exploited. Focus on the initial 4 critical patches released with special emphasis on Internet Explorer MS15-032 since there are report of active attacks. The remaining 3 critical patches remediate issues with Microsoft Office and Windows but there have not been reports of active attacks. Work on remediating the elevation of privilege vulnerabilities next by applying MS15-036, MS15-037, and MS15-038. Look at applying MS15-039 and MS15-041 since they address issues with widely used technologies like XML core services and .NET. Review MS15-040 and MS15-042 to determine if they are applicable to the environment and apply as necessary.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

Visit the Lumension Patch Tuesday Center


Bulletin Exploit Types
/Technologies Affected
System Types Affected Exploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity rating Products Affected Notes Randy's recommendation
MS15-032

3038314
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/No No Critical Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Restart required, multiple vulnerabilities Update immediately
MS15-034

3042553
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Critical Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Server 2012 R2
Windows 8.1
Restart required Update immediately
MS15-040

3045711
Information disclosure

/ Microsoft Windows
Servers No/No No Important Server 2012 R2 May require restart Update after testing
MS15-037

3046269
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Server 2008 R2
Windows 7
  Update immediately
MS15-035

3046306
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Critical Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
May require restart Update immediately
MS15-039

3046482
Security feature bypass

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
May require restart Update after testing
MS15-042

3047234
Denial of service

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Server 2012 R2
Windows 8.1
Restart required Update after testing
MS15-041

3048010
Information disclosure

/ .NET Framework
Workstations
Terminal Servers
Servers
No/No Yes Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
May require restart Update after testing
MS15-033

3048019
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
No/Yes No Critical Office 2007
Office 2010
Office 2011 for MAC
Office 2013 RT
Office 2013
May require restart, multiple vulnerabilities Update immediately
MS15-038

3049576
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Restart required, multiple vulnerabilities Update after testing
MS15-036

3052044
Privilege elevation

/ Productivity Software
Sharepoint Servers No/No No Important SharePoint Server 2010
SharePoint Server 2013
May require restart, multiple vulnerabilities Update after testing

Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.