Overview of the June 2015 Microsoft Patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
--- |
Johannes 4069 Posts ISC Handler Jun 9th 2015 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Jun 9th 2015 5 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Note that MS15-056 includes "non security enhancements".
One of this, which is very security relevant is HSTS for IE11 on Windows 7, 8.1, and 2012. This is using the Chromium Preload Set as Chrome and Firefox are doing. HSTS is enabled by default, but can be disabled through a registry setting. HSTS is a good feature, however if people have a problem, it is better to disable HSTS than roll back the whole patch. https://support.microsoft.com/en-us/kb/3071338 |
brian 4 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 9th 2015 5 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Microsoft's website has MS15-061, CVE-2015-2360 listed as Exploitability:0, exploitation detected in the table https://technet.microsoft.com/library/security/ms15-JUN.
It is listed as publicly exposed: no, exploited: yes on https://technet.microsoft.com/library/security/MS15-061. |
Jasey 93 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 9th 2015 5 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This is not directly related to Microsoft Patch Tuesday. but it is indirectly. I'm trying to implement the patch management practice, but I'm struggling with operationalizing it with IT.
Is there a practical "best practice" guide for patch management? I know NIST has one (800-40), but I'm looking for a practical guide, not just for Microsoft, but other patching (e.g. Adobe, Apache, Oracle, Cisco) as well. I've looked thru your archives and haven't found one. Thanks and keep up the good work! |
AAInfoSec 48 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 10th 2015 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!