Saturday, January 7, 2017

Microsoft Security Bulletin Release for April 2015

Microsoft Security Bulletin Release for April 2015



Microsoft released fourteen (11) bulletins.  Four (4) bulletins are identified as Critical and the remaining seven (7) are rated Important in severity.

The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Server Software, Productivity Software and .NET Framework.  Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

For those who have had issues with .NET Framework updates, it is suggested that MS-041 be installed separately with a shut/down restart between other updates.

As part of the Internet Explorer update released today, SSL 3.0 has been disabled by default in Internet Explorer 11.



Critical:
  • MS15-032 Cumulative Security Update for Internet Explorer (3038314) 
  • MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) 
  • MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) 
  • MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
Important:
  • MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
  • MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) 
  • MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) 
  • MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) 
  • MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) 
  • MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
  • MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)

Additional Update Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

    The updated version includes the Win32/Saluchtra, Win32/Dexter, Win32/Unskal and Win32/IeEnablerCby malware families.  Additional details ave available in the MMPC blog post.

  • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

  • Windows 8.x -- Non-security new features and improvements for Windows 8.1 are now included with the second Tuesday of the month updates.  Additional information about this change is available here.

  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

References

  • MSRC: April 2015 Updates
  • TechNet: Microsoft Security Bulletin for April 2015 



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...







    Computer security news & information, help, tips, tutorials, and more.
    ©2006 - 2016 "Security Garden" By Corrine

    Available link for download

    Posted by at
    Labels: , , , , , ,