Microsoft Security Bulletin: April 2015 Release!
That time is upon us again when it’s time to review our servers and apply updates where needed. Please see the details below for the list of security bulletins for this month. This month we have 11 bulletins to consider.
Bulletin ID |
Bulletin Title and Executive Summary |
Maximum Severity Ratingand Vulnerability Impact |
Restart Requirement |
KnownIssues |
AffectedSoftware |
Cumulative Security Update for Internet Explorer (3038314) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
Critical Remote Code Execution |
Requires restart |
--------- |
Microsoft Windows,Internet Explorer |
|
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
Critical Remote Code Execution |
May require restart |
--------- |
Microsoft Office |
|
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. |
Critical Remote Code Execution |
Requires restart |
--------- |
Microsoft Windows |
|
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages. |
Critical Remote Code Execution |
May require restart |
--------- |
Microsoft Windows |
|
Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044) This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser. |
Important Elevation of Privilege |
May require restart |
--------- |
Microsoft Server Software,Productivity Software |
|
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Important Elevation of Privilege |
Does not require restart |
--------- |
Microsoft Windows |
|
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. To exploit these vulnerabilities, an attacker would first have to log on to the system. |
Important Elevation of Privilege |
Requires restart |
--------- |
Microsoft Windows |
|
Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a user clicks a specially crafted link. In all cases, however, an attacker would have no way to force users to click a specially crafted link; an attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message. |
Important Security Feature Bypass |
May require restart |
--------- |
Microsoft Windows |
|
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) This security update resolves a vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off. |
Important Information Disclosure |
May require restart |
--------- |
Microsoft Windows |
|
Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploited the vulnerability would be able to view parts of a web configuration file, which could expose sensitive information. |
Important Information Disclosure |
May require restart |
--------- |
Microsoft Windows, Microsoft .NET Framework |
|
Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. Note that the denial of service does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host; however, it could cause other VMs on the host to not be manageable in Virtual Machine Manager. |
Important Denial of Service |
Requires restart |
--------- |
Microsoft Windows |
The table above is just a summary from the Bulletin release page. Make sure you check that out to get more detailed information including exploitability index and more details of affected software.
Jeffa
Technorati Tags: Security Bulletins,Updates,Patching