LanGuard reports



Supported Microsoft Security Bulletins


More information on 2015 updates



Bulletin ID:
MS15-134
Title:
Security Update for Windows Media Center to Address Remote Code Execution (3108669)
Update Type:
Security Update
Severity:
Important
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-6127
CVE-2015-6131
Included Updates:
3108669
Applies to:
Windows 7
Windows 8
Windows 8.1
Windows Vista

Bulletin ID:
MS15-133
Title:
Security Update for Windows PGM to Address Elevation of Privilege (3116130)
Update Type:
Security Update
Severity:
Important
Date:
2015-12-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application that, by way of a race condition, results in references to memory locations that have already been freed. Microsoft Message Queuing (MSMQ) must be installed and the Windows Pragmatic General Multicast (PGM) protocol specifically enabled for a system to be vulnerable. MSMQ is not present in default configurations and, if it is installed, the PGM protocol is available but disabled by default.
Vulnerabilities:
CVE-2015-6126
Included Updates:
2919355
3109103
3116130
3116869
3116900
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-132
Title:
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
Update Type:
Security Update
Severity:
Important
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker accesses a local system and runs a specially crafted application.
Vulnerabilities:
CVE-2015-6128
CVE-2015-6132
CVE-2015-6133
Included Updates:
2919355
3108347
3108371
3108381
3116162
3116869
3116900
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-131
Title:
Security Update for Microsoft Office to Address Remote Code Execution (3116111)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-6040
CVE-2015-6118
CVE-2015-6122
CVE-2015-6124
CVE-2015-6172
CVE-2015-6177
Included Updates:
3085528
3085549
3101532
3114342
3114382
3114403
3114415
3114422
3114425
3114431
3114433
3114457
3114458
3114479
3116111
3119517
3119518
Applies to:
Maximum Security Impact by Affected Software
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software
Vulnerability Severity Rating

Bulletin ID:
MS15-130
Title:
Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts.
Vulnerabilities:
CVE-2015-6130
Included Updates:
3108670
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows 7
Windows Server 2008 R2

Bulletin ID:
MS15-129
Title:
Security Update for Silverlight to Address Remote Code Execution (3106614)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read- and write-access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.
Vulnerabilities:
CVE-2015-6114
CVE-2015-6165
CVE-2015-6166
Included Updates:
3106614
Applies to:
Software

Bulletin ID:
MS15-128
Title:
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.
Vulnerabilities:
CVE-2015-6106
CVE-2015-6107
CVE-2015-6108
Included Updates:
2919355
3085612
3085616
3099860
3099862
3099863
3099864
3099866
3099869
3099874
3104503
3109094
3114351
3114372
3114478
3115870
3115871
3115872
3115873
3115875
3116869
3116900
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-127
Title:
Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
Vulnerabilities:
CVE-2015-6125
Included Updates:
3100465
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-126
Title:
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in the VBScript scripting engine in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.
Vulnerabilities:
CVE-2015-6135
CVE-2015-6136
Included Updates:
2919355
3105578
3105579
3116178
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS15-124
Title:
Cumulative Security Update for Internet Explorer (3116180)
Update Type:
Security Update
Severity:
Critical
Date:
2015-12-08
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-6083
CVE-2015-6134
CVE-2015-6135
CVE-2015-6136
CVE-2015-6138
CVE-2015-6139
CVE-2015-6140
CVE-2015-6141
CVE-2015-6142
CVE-2015-6143
CVE-2015-6144
CVE-2015-6145
CVE-2015-6146
CVE-2015-6147
CVE-2015-6148
CVE-2015-6149
CVE-2015-6150
CVE-2015-6151
CVE-2015-6152
CVE-2015-6153
CVE-2015-6154
CVE-2015-6155
CVE-2015-6156
CVE-2015-6157
CVE-2015-6158
CVE-2015-6159
CVE-2015-6160
CVE-2015-6161
CVE-2015-6162
CVE-2015-6164
Included Updates:
3104002
3116180
3116869
3116900
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-111
Title:
Security Update for Windows Kernel to Address Elevation of Privilege (3096447)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-17
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2015-2549
CVE-2015-2550
CVE-2015-2552
CVE-2015-2553
CVE-2015-2554
Included Updates:
2919355
3088195
3096447
3097617
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-115
Title:
Security Update for Microsoft Windows to Address Remote Code Execution (3105864)
Update Type:
Security Update
Severity:
Critical
Date:
2015-11-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.
Vulnerabilities:
CVE-2015-6100
CVE-2015-6101
CVE-2015-6102
CVE-2015-6103
CVE-2015-6104
CVE-2015-6109
CVE-2015-6113
Included Updates:
2919355
3097877
3101746
3105211
3105213
3105864
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-123
Title:
Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.
Vulnerabilities:
CVE-2015-6061
Included Updates:
3085634
3096735
3096736
3096738
3101496
3105872
Applies to:
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Lync Room System
Microsoft Skype for Business 2016

Bulletin ID:
MS15-122
Title:
Security Update for Kerberos to Address Security Feature Bypass (3105256)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
Vulnerabilities:
CVE-2015-6095
Included Updates:
2919355
3101246
3105211
3105213
3105256
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-121
Title:
Security Update for Schannel to Address Spoofing (3081320)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
Vulnerabilities:
CVE-2015-6112
Included Updates:
3081320
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-120
Title:
Security Update for IPSec to Address Denial of Service (3102939)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
Vulnerabilities:
CVE-2015-6111
Included Updates:
3102939
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-119
Title:
Security Update for Winsock to Address Elevation of Privilege (3104521)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.
Vulnerabilities:
CVE-2015-2478
Included Updates:
2919355
3092601
3104521
3105211
3105213
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-118
Title:
Security Update for .NET Framework to Address Elevation of Privilege (3104507)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
Vulnerabilities:
CVE-2015-6096
CVE-2015-6099
CVE-2015-6115
Included Updates:
2919355
3097988
3097989
3097991
3097992
3097994
3097995
3097996
3097997
3097999
3098000
3098001
3098778
3098779
3098780
3098781
3098784
3098785
3098786
3104507
3118750
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-117
Title:
Security Update for NDIS to Address Elevation of Privilege (3101722)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Vulnerabilities:
CVE-2015-6098
Included Updates:
3101722
Applies to:
Maximum Security Impact by Affected Software
Server Core installation option
Vulnerability Severity Rating
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS15-116
Title:
Security Update for Microsoft Office to Address Remote Code Execution (3104540)
Update Type:
Security Update
Severity:
Important
Date:
2015-11-10
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2503
CVE-2015-6038
CVE-2015-6091
CVE-2015-6092
CVE-2015-6093
CVE-2015-6094
CVE-2015-6123
Included Updates:
2596614
2596770
2687406
2817478
2878230
2880506
2889915
2899473
2899516
2910978
2920680
2920698
2920726
2965313
3054793
3054978
3085477
3085511
3085548
3085551
3085552
3085561
3085584
3085594
3085614
3085634
3101359
3101360
3101364
3101365
3101367
3101370
3101371
3101496
3101499
3101506
3101507
3101509
3101510
3101512
3101513
3101514
3101521
3101525
3101526
3101529
3101533
3101543
3101544
3101553
3101554
3101555
3101558
3101559
3101560
3101564
3102924
3102925
3104540
3112369
Applies to:
Maximum Security Impact by Affected Software
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software
Vulnerability Severity Rating

Bulletin ID:
MS15-114
Title:
Security Update for Windows Journal to Address Remote Code Execution (3100213)
Update Type:
Security Update
Severity:
Critical
Date:
2015-11-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2015-6097
Included Updates:
3100213
Applies to:
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS15-112
Title:
Cumulative Security Update for Internet Explorer (3104517)
Update Type:
Security Update
Severity:
Critical
Date:
2015-11-10
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2427
CVE-2015-6064
CVE-2015-6065
CVE-2015-6066
CVE-2015-6068
CVE-2015-6069
CVE-2015-6070
CVE-2015-6071
CVE-2015-6072
CVE-2015-6073
CVE-2015-6074
CVE-2015-6075
CVE-2015-6076
CVE-2015-6077
CVE-2015-6078
CVE-2015-6079
CVE-2015-6080
CVE-2015-6081
CVE-2015-6082
CVE-2015-6084
CVE-2015-6085
CVE-2015-6086
CVE-2015-6087
CVE-2015-6088
CVE-2015-6089
Included Updates:
3100773
3104517
3105211
3105213
3154996
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-099
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664)
Update Type:
Security Update
Severity:
Critical
Date:
2015-11-10
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2520
CVE-2015-2521
CVE-2015-2522
CVE-2015-2523
CVE-2015-2545
Included Updates:
2910993
2920693
3054813
3054932
3054965
3054987
3054993
3054995
3085483
3085487
3085501
3085502
3085526
3085543
3085560
3085572
3085620
3085635
3088501
3089664
Applies to:
Maximum Security Impact by Affected Software
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac 2011
Microsoft Office for Mac 2016
Other Office Software
Vulnerability Severity Rating

Bulletin ID:
MS15-106
Title:
Cumulative Security Update for Internet Explorer (3096441)
Update Type:
Security Update
Severity:
Critical
Date:
2015-10-29
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2482
CVE-2015-6042
CVE-2015-6044
CVE-2015-6045
CVE-2015-6046
CVE-2015-6047
CVE-2015-6048
CVE-2015-6049
CVE-2015-6050
CVE-2015-6051
CVE-2015-6052
CVE-2015-6053
CVE-2015-6055
CVE-2015-6056
CVE-2015-6059
CVE-2015-6184
Included Updates:
3093983
3096441
3097617
3105210
3119070
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-110
Title:
Security Updates for Microsoft Office to Address Remote Code Execution (3096440)
Update Type:
Security Update
Severity:
Important
Date:
2015-10-13
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2555
CVE-2015-2556
CVE-2015-2557
CVE-2015-2558
CVE-2015-6037
CVE-2015-6039
Included Updates:
2553405
2596670
2920693
3054994
3085514
3085520
3085542
3085567
3085568
3085571
3085582
3085583
3085595
3085596
3085609
3085615
3085618
3085619
3096440
3097264
3097266
Applies to:
Maximum Security Impact by Affected Software
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office for Mac 2011
Other Office Software
Vulnerability Severity Rating

Bulletin ID:
MS15-109
Title:
Security Update for Windows Shell to Address Remote Code Execution (3096443)
Update Type:
Security Update
Severity:
Critical
Date:
2015-10-13
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.
Vulnerabilities:
CVE-2015-2515
CVE-2015-2548
Included Updates:
2919355
3080446
3093513
3096443
3097617
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-108
Title:
Security Update for JScript and VBScript to Address Remote Code Execution (3089659)
Update Type:
Security Update
Severity:
Critical
Date:
2015-10-13
Description:
This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.
Vulnerabilities:
CVE-2015-2482
CVE-2015-6052
CVE-2015-6055
CVE-2015-6059
Included Updates:
3089659
3094995
3094996
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS15-100
Title:
Vulnerability in Windows Media Center Could Allow Remote Code Execution (3087918)
Update Type:
Security Update
Severity:
Important
Date:
2015-10-13
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2509
Included Updates:
3087918
Applies to:
Windows 7
Windows 8
Windows Vista

Bulletin ID:
MS15-081
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790)
Update Type:
Security Update
Severity:
Critical
Date:
2015-10-13
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1642
CVE-2015-2423
CVE-2015-2466
CVE-2015-2467
CVE-2015-2468
CVE-2015-2469
CVE-2015-2470
CVE-2015-2477
Included Updates:
2553313
2596650
2598244
2687409
2837610
2920691
2920708
2965280
2965310
2986254
3039734
3039798
3054816
3054858
3054876
3054888
3054929
3054960
3054974
3054991
3054992
3055003
3055029
3055030
3055033
3055037
3055039
3055044
3055051
3055052
3055053
3055054
3080790
3081349
3082420
3085538
Applies to:
Maximum Security Impact by Affected Software
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac 2011
Microsoft Office for Mac 2016
Other Office Software
Vulnerability Severity Rating

Bulletin ID:
MS15-046
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3057181)
Update Type:
Security Update
Severity:
Important
Date:
2015-10-13
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1682
CVE-2015-1683
Included Updates:
2956140
2956193
2956194
2956195
2965233
2965237
2965240
2965242
2965282
2965307
2965311
2975808
2975816
2986216
2999412
2999420
3017815
3023055
3039725
3039736
3039748
3054833
3054834
3054835
3054838
3054839
3054840
3054841
3054842
3054843
3054845
3054847
3054848
3057181
3062536
3085544
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software

Bulletin ID:
MS15-097
Title:
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)
Update Type:
Security Update
Severity:
Critical
Date:
2015-09-30
Description:
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
Vulnerabilities:
CVE-2015-2506
CVE-2015-2507
CVE-2015-2508
CVE-2015-2510
CVE-2015-2511
CVE-2015-2512
CVE-2015-2517
CVE-2015-2518
CVE-2015-2527
CVE-2015-2529
CVE-2015-2546
Included Updates:
2910994
2919355
3081087
3081088
3081089
3081090
3081091
3081455
3085500
3085529
3085546
3086255
3087039
3087135
3089656
3099414
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-105
Title:
Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass (3091287)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to incorrectly apply access control list (ACL) configuration settings. Customers who have not enabled the Hyper-V role are not affected.
Vulnerabilities:
CVE-2015-2534
Included Updates:
2919355
3087088
3091287
Applies to:
Server Core installation option
Windows 10
Windows 8.1
Windows Server 2012 R2

Bulletin ID:
MS15-104
Title:
Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An attacker would have to convince users to click a link in an instant messenger or email message that directs them to an affected website by way of a specially crafted URL.
Vulnerabilities:
CVE-2015-2531
CVE-2015-2532
CVE-2015-2536
Included Updates:
3061064
3080353
3089952
Applies to:
Microsoft Lync Server 2013
Skype for Business Server 2015

Bulletin ID:
MS15-103
Title:
Vulnerabilities in Microsoft Exchange Server Could Allow Information Disclosure (3089250)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Vulnerabilities:
CVE-2015-2505
CVE-2015-2543
CVE-2015-2544
Included Updates:
3087126
3089250
Applies to:
Microsoft Server Software

Bulletin ID:
MS15-102
Title:
Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Vulnerabilities:
CVE-2015-2524
CVE-2015-2525
CVE-2015-2528
Included Updates:
3082089
3084135
3089657
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-101
Title:
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
Vulnerabilities:
CVE-2015-2504
CVE-2015-2526
Included Updates:
2919355
3074228
3074229
3074230
3074231
3074232
3074233
3074541
3074543
3074544
3074545
3074547
3074548
3074549
3074550
3074552
3074553
3074554
3089662
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-098
Title:
Vulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
Update Type:
Security Update
Severity:
Critical
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2513
CVE-2015-2514
CVE-2015-2516
CVE-2015-2519
CVE-2015-2530
Included Updates:
2919355
3069114
3089669
Applies to:
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-096
Title:
Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.
Vulnerabilities:
CVE-2015-2535
Included Updates:
3072595
Applies to:
Server Core installation option
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-094
Title:
Cumulative Security Update for Internet Explorer (3089548)
Update Type:
Security Update
Severity:
Critical
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2483
CVE-2015-2484
CVE-2015-2485
CVE-2015-2486
CVE-2015-2487
CVE-2015-2489
CVE-2015-2490
CVE-2015-2491
CVE-2015-2492
CVE-2015-2493
CVE-2015-2494
CVE-2015-2498
CVE-2015-2499
CVE-2015-2500
CVE-2015-2501
CVE-2015-2541
CVE-2015-2542
Included Updates:
3081455
3087038
3089548
934307
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-083
Title:
Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
Update Type:
Security Update
Severity:
Important
Date:
2015-09-08
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to the SMB server error logging.
Vulnerabilities:
CVE-2015-2474
Included Updates:
3073921
Applies to:
Server Core installation option
Windows Server 2008
Windows Vista

Bulletin ID:
MS15-080
Title:
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
Update Type:
Security Update
Severity:
Critical
Date:
2015-09-08
Description:
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.
Vulnerabilities:
CVE-2015-2431
CVE-2015-2432
CVE-2015-2433
CVE-2015-2435
CVE-2015-2453
CVE-2015-2454
CVE-2015-2455
CVE-2015-2456
CVE-2015-2458
CVE-2015-2459
CVE-2015-2460
CVE-2015-2461
CVE-2015-2462
CVE-2015-2463
CVE-2015-2464
CVE-2015-2465
Included Updates:
2919355
3054846
3054890
3055014
3072303
3072305
3072306
3072307
3072309
3072310
3072311
3075590
3075591
3075592
3075593
3078601
3078662
3079743
3080333
3081436
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-093
Title:
Security Update for Internet Explorer (3088903)
Update Type:
Security Update
Severity:
Critical
Date:
2015-08-20
Description:
This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2502
Included Updates:
3081444
3087985
3088903
934307
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-092
Title:
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.
Vulnerabilities:
CVE-2015-2479
CVE-2015-2480
CVE-2015-2481
Included Updates:
3083184
3083185
3083186
3086251
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-090
Title:
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.
Vulnerabilities:
CVE-2015-2428
CVE-2015-2429
CVE-2015-2430
Included Updates:
3060716
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-089
Title:
Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.
Vulnerabilities:
CVE-2015-2476
Included Updates:
3076949
Applies to:
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-088
Title:
Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.
Vulnerabilities:
CVE-2015-2423
Included Updates:
2919355
3046017
3079757
3080057
3080790
3082442
3082458
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-087
Title:
Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.
Vulnerabilities:
CVE-2015-2475
Included Updates:
3073893
3082459
3087119
Applies to:
Server Core installation option
Windows Server 2008

Bulletin ID:
MS15-086
Title:
Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege (3075158)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
Vulnerabilities:
CVE-2015-2420
Included Updates:
3064919
3071088
3071089
3075158
Applies to:
Microsoft System Center 2012 Operations Manager
Microsoft System Center 2012 Operations Manager R2

Bulletin ID:
MS15-085
Title:
Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it.
Vulnerabilities:
CVE-2015-1769
Included Updates:
2919355
3071756
3081436
3082487
Applies to:
Server Core installation option
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-084
Title:
Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.
Vulnerabilities:
CVE-2015-2434
CVE-2015-2440
CVE-2015-2471
Included Updates:
2825645
2919355
3076895
3080129
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-082
Title:
Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
Update Type:
Security Update
Severity:
Important
Date:
2015-08-11
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-2472
CVE-2015-2473
Included Updates:
2919355
3073094
3075220
3075221
3075222
3075226
3080348
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-079
Title:
Cumulative Security Update for Internet Explorer (3082442)
Update Type:
Security Update
Severity:
Critical
Date:
2015-08-11
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2423
CVE-2015-2441
CVE-2015-2442
CVE-2015-2443
CVE-2015-2444
CVE-2015-2445
CVE-2015-2446
CVE-2015-2447
CVE-2015-2448
CVE-2015-2449
CVE-2015-2450
CVE-2015-2451
CVE-2015-2452
Included Updates:
3078071
3082442
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-078
Title:
Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
Update Type:
Security Update
Severity:
Critical
Date:
2015-07-20
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
Vulnerabilities:
CVE-2015-2426
Included Updates:
3079904
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-077
Title:
Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-2387
Included Updates:
3077657
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-076
Title:
Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability, which exists in Windows Remote Procedure Call (RPC) authentication, could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-2370
Included Updates:
3067505
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-075
Title:
Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if used in conjunction with another vulnerability that allows arbitrary code to be run through Internet Explorer. Once the other vulnerability has been exploited, an attacker could then exploit the vulnerabilities addressed in this bulletin to cause arbitrary code to run at a medium integrity level.
Vulnerabilities:
CVE-2015-2416
CVE-2015-2417
Included Updates:
3072633
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-074
Title:
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows Installer service improperly runs custom action scripts. An attacker must first compromise a user who is logged on to the target system to exploit the vulnerability. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Vulnerabilities:
CVE-2015-2371
Included Updates:
3072630
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-073
Title:
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2015-2363
CVE-2015-2365
CVE-2015-2366
CVE-2015-2367
CVE-2015-2381
CVE-2015-2382
Included Updates:
3070102
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-072
Title:
Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An authenticated attacker who successfully exploited this vulnerability could elevate privileges on a targeted system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. An attacker must first log on to the system to exploit this vulnerability.
Vulnerabilities:
CVE-2015-2364
Included Updates:
3069392
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-071
Title:
Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker with access to a primary domain controller (PDC) on a target network runs a specially crafted application to establish a secure channel to the PDC as a backup domain controller (BDC).
Vulnerabilities:
CVE-2015-2374
Included Updates:
3068457
Applies to:
Server Core installation option
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-070
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-2375
CVE-2015-2376
CVE-2015-2377
CVE-2015-2378
CVE-2015-2379
CVE-2015-2380
CVE-2015-2415
CVE-2015-2424
Included Updates:
2837612
2965208
2965209
2965281
2965283
3054861
3054949
3054958
3054963
3054968
3054971
3054973
3054981
3054990
3054996
3054999
3072620
3073865
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT
Microsoft Office for Mac
Other Office Software

Bulletin ID:
MS15-069
Title:
Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-2368
CVE-2015-2369
Included Updates:
2919355
3061512
3067903
3070738
3072631
Applies to:
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-068
Title:
Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
Update Type:
Security Update
Severity:
Critical
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.
Vulnerabilities:
CVE-2015-2361
CVE-2015-2362
Included Updates:
2919355
3046339
3046359
3072000
Applies to:
Server Core installation option
Windows 8
Windows 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-067
Title:
Vulnerability in RDP Could Allow Remote Code Execution (3073094)
Update Type:
Security Update
Severity:
Critical
Date:
2015-07-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk.
Vulnerabilities:
CVE-2015-2373
Included Updates:
2919355
3067904
3069762
3073094
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows Server 2012

Bulletin ID:
MS15-066
Title:
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
Update Type:
Security Update
Severity:
Critical
Date:
2015-07-14
Description:
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-2372
Included Updates:
3068364
3068368
3068404
3072604
Applies to:
Server Core installation
Windows Server 2003
Windows Server 2008
Windows Vista

Bulletin ID:
MS15-065
Title:
Security Update for Internet Explorer (3076321)
Update Type:
Security Update
Severity:
Critical
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1729
CVE-2015-1733
CVE-2015-1738
CVE-2015-1767
CVE-2015-2372
CVE-2015-2383
CVE-2015-2384
CVE-2015-2385
CVE-2015-2388
CVE-2015-2389
CVE-2015-2390
CVE-2015-2391
CVE-2015-2397
CVE-2015-2398
CVE-2015-2401
CVE-2015-2402
CVE-2015-2403
CVE-2015-2404
CVE-2015-2406
CVE-2015-2408
CVE-2015-2410
CVE-2015-2411
CVE-2015-2412
CVE-2015-2413
CVE-2015-2414
CVE-2015-2419
CVE-2015-2421
CVE-2015-2422
CVE-2015-2425
Included Updates:
3065822
3074886
3075516
3076321
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-058
Title:
Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
Vulnerabilities:
CVE-2015-1761
CVE-2015-1762
CVE-2015-1763
Included Updates:
3045303
3045305
3045308
3045311
3045312
3045313
3045314
3045316
3045317
3045318
3045319
3045321
3045323
3045324
3065718
3070446
Applies to:
SQL Server 2008 R2 Service Pack 2
SQL Server 2008 R2 Service Pack 3
SQL Server 2008 Service Pack 3
SQL Server 2008 Service Pack 4
SQL Server 2012 Service Pack 1
SQL Server 2012 Service Pack 2
SQL Server 2014

Bulletin ID:
MS15-006
Title:
Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
Update Type:
Security Update
Severity:
Important
Date:
2015-07-14
Description:
This security update resolves a privately reported vulnerability in Windows Error Reporting (WER). The vulnerability could allow security feature bypass if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain access to the memory of a running process. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2015-0001
Included Updates:
3004365
Applies to:
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-044
Title:
Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)
Update Type:
Security Update
Severity:
Critical
Date:
2015-06-23
Description:
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
Vulnerabilities:
CVE-2015-1670
CVE-2015-1671
Included Updates:
2844699
2881073
2883029
3037575
3039779
3045171
3048068
3048070
3048071
3048072
3048073
3048074
3048077
3051464
3051465
3051466
3051467
3056819
3057110
3057781
3065979
887012
912203
934307
971512
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-057
Title:
Vulnerability in Windows Media Player Could Allow Remote Code Execution (3033890)
Update Type:
Security Update
Severity:
Critical
Date:
2015-06-17
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1728
Included Updates:
3033890
Applies to:
Windows 7
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Vista

Bulletin ID:
MS15-064
Title:
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
Update Type:
Security Update
Severity:
Important
Date:
2015-06-09
Description:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if an authenticated user clicks a link to a specially crafted webpage. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message.
Vulnerabilities:
CVE-2015-1764
CVE-2015-1771
CVE-2015-2359
Included Updates:
3062157
Applies to:
Microsoft Server Software

Bulletin ID:
MS15-063
Title:
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)
Update Type:
Security Update
Severity:
Important
Date:
2015-06-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or on a network share. An attacker would then have to wait for a user to run a program that can load a malicious .dll file, resulting in elevation of privilege. However, in all cases an attacker would have no way to force a user to visit such a network share or website.
Vulnerabilities:
CVE-2015-1758
Included Updates:
3063858
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows RT
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Vista

Bulletin ID:
MS15-062
Title:
Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)
Update Type:
Security Update
Severity:
Important
Date:
2015-06-09
Description:
This security update resolves a vulnerability in Microsoft Active Directory Federation Services (AD FS). The vulnerability could allow elevation of privilege if an attacker submits a specially crafted URL to a target site. Due to the vulnerability, in specific situations specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a user who views the malicious content. For cross-site scripting attacks, this vulnerability requires that a user be visiting a compromised site for any malicious action to occur.
Vulnerabilities:
CVE-2015-1757
Included Updates:
3062577
Applies to:
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012

Bulletin ID:
MS15-061
Title:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839)
Update Type:
Security Update
Severity:
Important
Date:
2015-06-09
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-1719
CVE-2015-1720
CVE-2015-1721
CVE-2015-1722
CVE-2015-1723
CVE-2015-1724
CVE-2015-1725
CVE-2015-1726
CVE-2015-1727
CVE-2015-1768
CVE-2015-2360
Included Updates:
3057839
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-060
Title:
Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317)
Update Type:
Security Update
Severity:
Important
Date:
2015-06-09
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link, or a link to specially crafted content, and then invokes F12 Developer Tools in Internet Explorer.
Vulnerabilities:
CVE-2015-1756
Included Updates:
3059317
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-059
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
Update Type:
Security Update
Severity:
Important
Date:
2015-06-09
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1759
CVE-2015-1760
CVE-2015-1770
Included Updates:
2863812
2863817
3039749
3039782
3064949
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013 RT

Bulletin ID:
MS15-056
Title:
Cumulative Security Update for Internet Explorer (3058515)
Update Type:
Security Update
Severity:
Critical
Date:
2015-06-09
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1687
CVE-2015-1730
CVE-2015-1731
CVE-2015-1732
CVE-2015-1735
CVE-2015-1736
CVE-2015-1737
CVE-2015-1739
CVE-2015-1740
CVE-2015-1741
CVE-2015-1742
CVE-2015-1743
CVE-2015-1744
CVE-2015-1745
CVE-2015-1747
CVE-2015-1748
CVE-2015-1750
CVE-2015-1751
CVE-2015-1752
CVE-2015-1753
CVE-2015-1754
CVE-2015-1755
CVE-2015-1765
CVE-2015-1766
Included Updates:
3058515
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-018
Title:
Cumulative Security Update for Internet Explorer (3032359)
Update Type:
Security Update
Severity:
Critical
Date:
2015-05-14
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-0032
CVE-2015-0056
CVE-2015-0072
CVE-2015-0099
CVE-2015-0100
CVE-2015-1622
CVE-2015-1623
CVE-2015-1624
CVE-2015-1625
CVE-2015-1626
CVE-2015-1627
CVE-2015-1634
Included Updates:
3032359
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-015
Title:
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-14
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Vulnerabilities:
CVE-2015-0062
Included Updates:
3031432
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-009
Title:
Security Update for Internet Explorer (3034682)
Update Type:
Security Update
Severity:
Critical
Date:
2015-05-14
Description:
This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2014-8967
CVE-2015-0017
CVE-2015-0018
CVE-2015-0019
CVE-2015-0020
CVE-2015-0021
CVE-2015-0022
CVE-2015-0023
CVE-2015-0025
CVE-2015-0026
CVE-2015-0027
CVE-2015-0028
CVE-2015-0029
CVE-2015-0030
CVE-2015-0031
CVE-2015-0035
CVE-2015-0036
CVE-2015-0037
CVE-2015-0038
CVE-2015-0039
CVE-2015-0040
CVE-2015-0041
CVE-2015-0042
CVE-2015-0043
CVE-2015-0044
CVE-2015-0045
CVE-2015-0046
CVE-2015-0048
CVE-2015-0049
CVE-2015-0050
CVE-2015-0051
CVE-2015-0052
CVE-2015-0053
CVE-2015-0054
CVE-2015-0055
CVE-2015-0066
CVE-2015-0067
CVE-2015-0068
CVE-2015-0069
CVE-2015-0070
CVE-2015-0071
Included Updates:
3021952
3034196
3034682
Applies to:
3021952
3034196

Bulletin ID:
MS15-055
Title:
Vulnerability in Schannel Could Allow Information Disclosure (3061518)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. A server needs to support 512-bit DHE key lengths for an attack to be successful; the minimum allowable DHE key length in default configurations of Windows servers is 1024 bits.
Vulnerabilities:
CVE-2015-1716
Included Updates:
3061518
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-054
Title:
Vulnerability in Microsoft Management Console File Format Could Allow Denial of Service (3051768)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to open a share containing a specially crafted .msc file. However, an attacker would have no way of forcing a user to visit the share or view the file.
Vulnerabilities:
CVE-2015-1681
Included Updates:
3051768
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-053
Title:
Vulnerabilities in JScript and VBScript Scripting Engines Could Allow Security Feature Bypass (3057263)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these ASLR bypasses in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.
Vulnerabilities:
CVE-2015-1684
CVE-2015-1686
Included Updates:
262841
3050941
3050945
3050946
3057263
934307
Applies to:
Server Core installation
Windows Server 2003
Windows Server 2008
Windows Vista

Bulletin ID:
MS15-052
Title:
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application.
Vulnerabilities:
CVE-2015-1674
Included Updates:
3050514
Applies to:
Server Core installation option
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-050
Title:
Vulnerability in Service Control Manager Could Allow Elevation of Privilege (3055642)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves a vulnerability in Windows Service Control Manager (SCM), which is caused when SCM improperly verifies impersonation levels. The vulnerability could allow elevation of privilege if an attacker can first log on to the system and then run a specially crafted application designed to increase privileges.
Vulnerabilities:
CVE-2015-1702
Included Updates:
3055642
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-048
Title:
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application.
Vulnerabilities:
CVE-2015-1672
CVE-2015-1673
Included Updates:
3023211
3023213
3023215
3023217
3023219
3023220
3023221
3023222
3023223
3023224
3032655
3032662
3032663
3035485
3035486
3035487
3035488
3035489
3035490
3057134
Applies to:
Server Core installation option
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-047
Title:
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
Update Type:
Security Update
Severity:
Important
Date:
2015-05-12
Description:
This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
Vulnerabilities:
CVE-2015-1700
Included Updates:
2760412
2956192
3054792
3058083
887012
912203
Applies to:
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013

Bulletin ID:
MS15-045
Title:
Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)
Update Type:
Security Update
Severity:
Critical
Date:
2015-05-12
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1675
CVE-2015-1695
CVE-2015-1696
CVE-2015-1697
CVE-2015-1698
CVE-2015-1699
Included Updates:
3046002
Applies to:
Windows 7
Windows 8
Windows 8.1
Windows RT
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Vista

Bulletin ID:
MS15-043
Title:
Cumulative Security Update for Internet Explorer (3049563)
Update Type:
Security Update
Severity:
Critical
Date:
2015-05-12
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1658
CVE-2015-1684
CVE-2015-1685
CVE-2015-1686
CVE-2015-1688
CVE-2015-1689
CVE-2015-1691
CVE-2015-1692
CVE-2015-1694
CVE-2015-1703
CVE-2015-1704
CVE-2015-1705
CVE-2015-1706
CVE-2015-1708
CVE-2015-1709
CVE-2015-1710
CVE-2015-1711
CVE-2015-1712
CVE-2015-1713
CVE-2015-1714
CVE-2015-1717
CVE-2015-1718
Included Updates:
3049563
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-035
Title:
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
Update Type:
Security Update
Severity:
Critical
Date:
2015-05-04
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages.
Vulnerabilities:
CVE-2015-1645
Included Updates:
3046306
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-033
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
Update Type:
Security Update
Severity:
Critical
Date:
2015-04-17
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-1639
CVE-2015-1641
CVE-2015-1649
CVE-2015-1650
CVE-2015-1651
Included Updates:
2553164
2553428
2965210
2965215
2965224
2965236
2965238
2965284
2965289
2965306
3048019
3051737
3055707
887012
912203
Applies to:
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Microsoft Outlook for Mac for Office 365
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word Viewer
Microsoft Word for Mac 2011

Bulletin ID:
MS15-042
Title:
Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. Note that the denial of service does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host; however, it could cause other VMs on the host to not be manageable in Virtual Machine Manager.
Vulnerabilities:
CVE-2015-1647
Included Updates:
3047234
Applies to:
Windows 8.1 for x64-based Systems
Windows Server 2012 R2

Bulletin ID:
MS15-041
Title:
Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploited the vulnerability would be able to view parts of a web configuration file, which could expose sensitive information.
Vulnerabilities:
CVE-2015-1648
Included Updates:
3037572
3037573
3037574
3037575
3037576
3037577
3037578
3037579
3037580
3037581
3048010
Applies to:
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft .NET Framework 4.5.1/4.5.2
Microsoft .NET Framework 4.5/4.5.1/4.5.2

Bulletin ID:
MS15-040
Title:
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves a vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off.
Vulnerabilities:
CVE-2015-1638
Included Updates:
3045711
Applies to:
Active Directory Federation Services 3.0

Bulletin ID:
MS15-039
Title:
Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a user clicks a specially crafted link. In all cases, however, an attacker would have no way to force users to click a specially crafted link; an attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.
Vulnerabilities:
CVE-2015-1646
Included Updates:
3046482
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-038
Title:
Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. To exploit these vulnerabilities, an attacker would first have to log on to the system.
Vulnerabilities:
CVE-2015-1643
CVE-2015-1644
Included Updates:
3045685
3045999
3049576
934307
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 R2 Service Pack 2
Windows Server 2003 R2 x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-037
Title:
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-0098
Included Updates:
3046269
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1

Bulletin ID:
MS15-036
Title:
Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
Update Type:
Security Update
Severity:
Important
Date:
2015-04-14
Description:
This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser.
Vulnerabilities:
CVE-2015-1640
CVE-2015-1653
Included Updates:
2965219
2965278
2965302
3052044
887012
912203
Applies to:
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2013 Service Pack 1

Bulletin ID:
MS15-034
Title:
Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
Update Type:
Security Update
Severity:
Critical
Date:
2015-04-14
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.
Vulnerabilities:
CVE-2015-1635
Included Updates:
3042553
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-032
Title:
Cumulative Security Update for Internet Explorer (3038314)
Update Type:
Security Update
Severity:
Critical
Date:
2015-04-14
Description:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:

Included Updates:
3038314
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS14-018
Title:
Cumulative Security Update for Internet Explorer (2950467)
Update Type:
Security Update
Severity:
Critical
Date:
2015-04-07
Description:
This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2014-0325
CVE-2014-1751
CVE-2014-1752
CVE-2014-1753
CVE-2014-1755
CVE-2014-1760
Included Updates:
2919355
2950467
Applies to:
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Bulletin ID:
MS15-027
Title:
Vulnerability in NETLOGON Could Allow Spoofing (3002657)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-16
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.
Vulnerabilities:
CVE-2015-0005
Included Updates:
3002657
Applies to:
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-025
Title:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-16
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts potentially with full user rights.
Vulnerabilities:
CVE-2015-0073
CVE-2015-0075
Included Updates:
3033395
3035131
3038680
934307
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-031
Title:
Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected.
Vulnerabilities:
CVE-2015-1637
Included Updates:
3046049
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-030
Title:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker creates multiple Remote Desktop Protocol (RDP) sessions that fail to properly free objects in memory. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
Vulnerabilities:
CVE-2015-0079
Included Updates:
3035017
3036493
3039976
934307
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-029
Title:
Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted JPEG XR (.JXR) image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
Vulnerabilities:
CVE-2015-0076
Included Updates:
3035126
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-028
Title:
Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run. An attacker who successfully exploited this vulnerability could bypass access control list (ACL) checks and run privileged executables.
Vulnerabilities:
CVE-2015-0084
Included Updates:
3030377
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-026
Title:
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL.
Vulnerabilities:
CVE-2015-1628
CVE-2015-1629
CVE-2015-1630
CVE-2015-1631
CVE-2015-1632
Included Updates:
3040856
Applies to:
Microsoft Exchange Server 2013 Cumulative Update 7
Microsoft Exchange Server 2013 Service Pack 1

Bulletin ID:
MS15-024
Title:
Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker convinces a user to visit a website that contains specially crafted PNG images.
Vulnerabilities:
CVE-2015-0080
Included Updates:
3035132
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-023
Title:
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
Update Type:
Security Update
Severity:
Important
Date:
2015-03-10
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application designed to increase privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Vulnerabilities:
CVE-2015-0077
CVE-2015-0078
CVE-2015-0094
CVE-2015-0095
Included Updates:
3034344
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-022
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
Update Type:
Security Update
Severity:
Critical
Date:
2015-03-10
Description:
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-0085
CVE-2015-0086
CVE-2015-0097
CVE-2015-1633
CVE-2015-1636
Included Updates:
2737989
2760361
2760508
2760554
2880473
2881068
2881078
2883100
2889839
2899580
2920731
2920812
2956069
2956076
2956103
2956106
2956107
2956109
2956136
2956138
2956139
2956142
2956143
2956151
2956153
2956158
2956163
2956175
2956180
2956181
2956183
2956188
2956189
2956208
2984939
3038999
887012
912203
Applies to:
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel Viewer
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 (32-bit editions)
Microsoft Office 2013 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint 2007 Service Pack 3
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 (32-bit editions)
Microsoft Word 2013 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word Viewer
 MS15-012

Bulletin ID:
MS15-021
Title:
Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)
Update Type:
Security Update
Severity:
Critical
Date:
2015-03-10
Description:
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted file or website. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-0074
CVE-2015-0087
CVE-2015-0088
CVE-2015-0089
CVE-2015-0090
CVE-2015-0091
CVE-2015-0092
CVE-2015-0093
Included Updates:
3032323
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-020
Title:
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
Update Type:
Security Update
Severity:
Critical
Date:
2015-03-10
Description:
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or open a file in a working directory that contains a specially crafted DLL file.
Vulnerabilities:
CVE-2015-0081
CVE-2015-0096
Included Updates:
3033889
3039066
3041836
934307
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-019
Title:
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)
Update Type:
Security Update
Severity:
Critical
Date:
2015-03-10
Description:
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-0032
Included Updates:
262841
3030398
3030403
3030630
3040297
934307
Applies to:
VBScript 5.6
VBScript 5.7
VBScript 5.8

Bulletin ID:
MS14-084
Title:
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
Update Type:
Security Update
Severity:
Critical
Date:
2015-03-10
Description:
This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2014-6363
Included Updates:
3012168
3012172
3012176
3016711
Applies to:
VBScript 5.6
VBScript 5.7
VBScript 5.8

Bulletin ID:
MS15-017
Title:
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
Update Type:
Security Update
Severity:
Important
Date:
2015-02-10
Description:
This security update resolves a privately reported vulnerability in Virtual Machine Manager (VMM). The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability.
Vulnerabilities:
CVE-2015-0012
Included Updates:
3023195
3035898
Applies to:
VMM Server update 3023195

Bulletin ID:
MS15-016
Title:
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
Update Type:
Security Update
Severity:
Important
Date:
2015-02-10
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted TIFF image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
Vulnerabilities:
CVE-2015-0061
Included Updates:
3029944
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-014
Title:
Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
Update Type:
Security Update
Severity:
Important
Date:
2015-02-10
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker, by way of a man-in-the-middle attack, causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable. This results in the Group Policy settings on the system to revert to their default, and potentially less secure, state.
Vulnerabilities:
CVE-2015-0009
Included Updates:
3004361
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-013
Title:
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
Update Type:
Security Update
Severity:
Important
Date:
2015-02-10
Description:
This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.
Vulnerabilities:
CVE-2014-6362
Included Updates:
2910941
2920748
2920795
3033857
Applies to:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 (32-bit editions)
Microsoft Office 2013 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)

Bulletin ID:
MS15-012
Title:
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
Update Type:
Security Update
Severity:
Important
Date:
2015-02-10
Description:
This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2015-0063
CVE-2015-0064
CVE-2015-0065
Included Updates:
2920753
2920788
2920791
2920810
2956058
2956066
2956070
2956073
2956081
2956092
2956097
2956098
2956099
3032328
Applies to:
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 (32-bit editions)
Microsoft Excel 2013 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel Viewer
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word Viewer

Bulletin ID:
MS15-011
Title:
Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
Update Type:
Security Update
Severity:
Critical
Date:
2015-02-10
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities:
CVE-2015-0008
Included Updates:
3000483
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-010
Title:
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
Update Type:
Security Update
Severity:
Critical
Date:
2015-02-10
Description:
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts.
Vulnerabilities:
CVE-2015-0003
CVE-2015-0010
CVE-2015-0057
CVE-2015-0058
CVE-2015-0059
CVE-2015-0060
CVE-2015-2010
Included Updates:
3013455
3023562
3036220
934307
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-008
Title:
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)
Update Type:
Security Update
Severity:
Important
Date:
2015-01-13
Description:
This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Vulnerabilities:
CVE-2015-0011
Included Updates:
3019215
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-007
Title:
Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
Update Type:
Security Update
Severity:
Important
Date:
2015-01-13
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service on an Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to the IAS or NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS.
Vulnerabilities:
CVE-2015-0015
Included Updates:
3014029
Applies to:
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS15-005
Title:
Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
Update Type:
Security Update
Severity:
Important
Date:
2015-01-13
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass by unintentionally relaxing the firewall policy and/or configuration of certain services when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic initiated by the victim.
Vulnerabilities:
CVE-2015-0006
Included Updates:
3022777
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-004
Title:
Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
Update Type:
Security Update
Severity:
Important
Date:
2015-01-13
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities:
CVE-2015-0016
Included Updates:
3019978
3020387
3020388
3023299
3025421
934307
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-003
Title:
Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
Update Type:
Security Update
Severity:
Important
Date:
2015-01-13
Description:
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. A local attacker who successfully exploited this vulnerability could run arbitrary code on a target system with elevated privileges. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Vulnerabilities:
CVE-2015-0004
Included Updates:
3021674
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-002
Title:
Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
Update Type:
Security Update
Severity:
Critical
Date:
2015-01-13
Description:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to an affected Windows server. Only customers who enable this service are vulnerable. By default, Telnet is installed but not enabled on Windows Server 2003. Telnet is not installed by default on Windows Vista and later operating systems.
Vulnerabilities:
CVE-2015-0014
Included Updates:
3020393
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Bulletin ID:
MS15-001
Title:
Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
Update Type:
Security Update
Severity:
Important
Date:
2015-01-13
Description:
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could bypass existing permission checks that are performed during cache modification in the Microsoft Windows Application Compatibility component and execute arbitrary code with elevated privileges.
Vulnerabilities:
CVE-2015-0002
Included Updates:
3023266
Applies to:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2

Bulletin ID:
MS14-080
Title:
Cumulative Security Update for Internet Explorer (3008923)
Update Type:
Security Update
Severity:
Critical
Date:
2015-01-13
Description:
This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Vulnerabilities:
CVE-2014-6327
CVE-2014-6328
CVE-2014-6329
CVE-2014-6330
CVE-2014-6363
CVE-2014-6365
CVE-2014-6366
CVE-2014-6368
CVE-2014-6369
CVE-2014-6373
CVE-2014-6374
CVE-2014-6375
CVE-2014-6376
CVE-2014-8966
Included Updates:
3008923
3029449
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9