Patch Analysis for May 2015

This months Patch Tuesday includes 13 patches with 3 of classified as "Critical". These 13 patches cover 48 various CVE's. We recommend that you test and immediately install MS15-043, MS15-044 and MS15-045 which are our three critical patches for the month. These three patches affect a wide variety of systems and fix a remote code execution vulnerability. Please note that for MS15-50, MS is not releasing and update and is recommending that affected users update their OS. Windows Server 2003 support is ending July 14, 2015 but already it's EOL is affecting users still using this OS. MS15-051 is classified as important but could allow an attacker to to install programs, modify data or create full privileged user accounts so we are recommending you test and patch. Of the 13 patches this month, this is the only one associated with a vulnerability that MS is aware of limited, targeted attacks. For the other 12, no active exploits have been reported by MS as of release time of this months bulletins.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

Visit the Lumension Patch Tuesday Center


Bulletin Exploit Types
/Technologies Affected
System Types Affected Exploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity rating Products Affected Notes Randy's recommendation
MS15-045

3046002
Remote Code Execution

/ Microsoft Windows
Workstations
Servers
Yes/No Yes Critical Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Only affects systems with Windows Journal installed. Workaround is to not install .jnt files from untrusted sources or disable Windows Journal component. Patch if you have systems using Windows Journal.
MS15-043

3049563
Remote Code Execution

/ Microsoft Windows, Internet Explorer
Workstations
Servers
No/No No Critical Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Req's restart. There are workarounds published by MS, but none that we see fit as "practical". Servers running IE with ESC enabled are less vulnerable. Critical, so patch manually or with Windows Update on Windows 7 and later versions.
MS15-052

3050514
Security feature bypass

/ Microsoft Windows
Workstations
Servers
No/No No Important Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Req's restart. Test and patch as needed.
MS15-054

3051768
Denial of service

/ Microsoft Windows
Workstations
Servers
No/No No Important Vista
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Req's restart. DOS, test and patch as needed.
MS15-050

3055642
Privilege elevation

/ Microsoft Windows
Workstations
Servers
No/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Req's restart. Server 2003 is listed but MS is not issuing an update due to compatibility problems. MS recommends Server 2003 security-conscious customers to upgrade to a later OS. Test and patch as needed.
MS15-044

3057110
Information disclosure
Remote Code Execution

/ Microsoft Windows, .NET Framework, Office, Lync, Silverlight
Workstations
Servers
No/No No Critical Vista
Office 2007
Server 2003
Server 2008
Server 2008 R2
Windows 7
Office 2010
Silverlight 5
Lync 2010
Windows 8
Server 2012
Windows RT
Lync 2013
Server 2012 R2
Windows 8.1
Windows RT 8.1
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 4
.NET Framework 4.5
.NET Framework 4.5.1
.NET Framework 3.0 SP2
.NET Framework 4.5.2
Silverlight 5 Developer
Live Meeting 2007
May req' restart. Multiple updates available but can be installed in any order. Critical, patch immediately.
MS15-048

3057134
Privilege elevation
Denial of service

/ Microsoft Windows, .NET Framework
Workstations
Servers
No/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
.NET Framework 1.1 SP1
.NET Framework 2.0 SP2
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 4
.NET Framework 4.5
.NET Framework 4.5.1
.NET Framework 4.5.2
Multiple updates can be installed in any sequence. Test and patch.
MS15-046

3057181
Remote Code Execution

/ Microsoft Offie
Workstations
Servers
Sharepoint Servers
No/No No Important Office 2007
Office 2010
Office 2011 for MAC
Powerpoint Viewer
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2013 Web Apps
Office 2010 Web Apps
May req' restart. Multiple vulnerabilities covered. Vulnerability triggered when an end user opens a specially crafted file. We recommend admins test and patch.
MS15-051

3057191
Privilege elevation
Information disclosure

/ Microsoft Windows
Workstations
Servers
Yes/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Req's restart. Mutliple vulnerabilities with one publicly disclosed. Test and patch as needed.
MS15-053

3057263
Arbitrary code
Security feature bypass

/ Microsoft Windows
Workstations
Servers
No/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
VBScript 5.6
VBScript 5.7
VBScript 5.8
JScript 5.6
JScript 5.7
JScript 5.8
May req restart. Multiple vulnerabilities. Test and patch as needed.
MS15-047

3058083
Remote Code Execution

/ Microsoft Server Software
Sharepoint Servers No/No No Important SharePoint Server 2007
SharePoint Server 2010
SharePoint Server 2013
Attacker must be authenticated. Test first and then patch.
MS15-049

3058985
Privilege elevation

/ Silverlight
Workstations No/No Yes Important Silverlight 5
Silverlight 5 Developer
Does not require restart. Builds prior to 5.1.40416.00 are affected. Workaround is to disable Silverlight in the browser. Affect IE, Firefox and Chrome if the plugin is being used. Test and patch.
MS15-055

3061518
Information disclosure

/ Microsoft Windows
Workstations
Servers
No/No No Important Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Req's restart. If installing manually, install MS15-052 before installing MS15-055 on Win8 and Server 2012. MS customers installing automatically are taken care of with automatic updates enabled. Patch as needed.

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources