Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2015-03-10

MS15-018
Title Cumulative Security Update For Internet Explorer
Replaces MS15-009, MS15-019
Affected Internet Explorer
KB KB3040297
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2015-0032 1
MS15-019
Title Remote Code Execution Vulnerability in VBScript Scripting Engine
Replaces MS14-084
Affected VBScript
KB KB3040297
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2015-0032 1
MS15-020
Title Remote Code Execution Via Loading Untrusted DLLs and Windows Text Service Memory Corruption
Replaces MS14-027
Affected Windows Text Services
KB KB3041836
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2015-0081 2
MS15-021
Title Remote Code Execution Vulnerability in Adobe Font Drivers
Replaces MS13-081
Affected Adobe Font Drivers
KB KB3032323
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2015-0074 2
MS15-022
Title Remote Code Execution Vulnerability in Microsoft Office
Replaces MS13-072, MS14-022, MS14-023, MS14-050, MS14-073, MS15-012
Affected Microsoft Office
KB KB3038999
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2015-0085 1
MS15-023
Title Elevation of Privilege Vulnerability in Kernel Mode Drivers
Replaces MS15-010
Affected Kernel Mode Drivers
KB KB3034344
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0077 2
MS15-024
Title Information Disclosure Vulnerability in PNG Processing
Replaces MS15-016
Affected Windows
KB KB3035132
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0080 3
MS15-025
Title Elevation of Privilege / Impersonation Vulnerability in Windows Kernel
Replaces MS13-031, MS15-010, MS15-015
Affected Windows Kernel
KB KB3038680
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0073 2
MS15-026
Title Cross Site Scripting Vulnerabilities in Microsoft Exchange Server
Replaces
Affected Microsoft Exchange Server
KB KB3040856
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-1628 2
MS15-027
Title Spoofing Vulnerability in NETLOGON
Replaces MS10-101
Affected Windows
KB KB3002657
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0005 2
MS15-028
Title Access Control List Bypass via Windows Task Scheduler
Replaces
Affected Windows
KB KB3030377
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0084 2
MS15-029
Title Information Disclosure in Windows Photo Decoder
Replaces
Affected Windows Photo Decoder
KB KB3035126
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0076 2
MS15-030
Title Denial of Service Vulnerability in RDP
Replaces MS14-030
Affected Remote Desktop Protocol
KB KB3039976
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-0079 3
MS15-031
Title Schannel Patch for FREAK
Replaces
Affected Schannel
KB KB3046049
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2015-1637 1
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.