Patch Tuesday: Microsoft Security Bulletin Summary for March 2015

  • Post author:
  • Reading time:7 mins read
MS Patch Tuesday March 2015
MS Patch Tuesday March 2015

A big Patch Tuesday this month, Microsoft Patch Tuesday March 2015, consisting of total fourteen security bulletins address total of 45 vulnerabilities. This month also high priority fix is for Internet Explorer along with Microsoft Windows, Adobe Font Driver, VBScript Scripting Engine, and Microsoft Office. Internet Explorer addresses and Adobe Font Driver address total 20 out of 45 vulnerabilities.

This month five bulletins are rated as Critical, addressing 28 vulnerabilities and nine are rated as Important.

Five critical security updates addresses security issues in Internet Explorer 6 to Internet Explorer 11, VBScript Scripting Engine, Microsoft Windows, Adobe Font Driver and Microsoft Office. All of them potentially allow Remote Code Execution, hence these bulletins are high priority for deploying patches.

Important security updates address issues in Kernel-Mode Driver, PNG Processing component, Windows Kernel, Microsoft Exchange Server, NETLOGON, Windows Task Scheduler, Windows Photo Decoder Component, Remote Desktop Protocol and Schannel.

The recently discovered FREAK (Factoring attack on RSA-EXPORT Keys) vulnerability (CVE-2015-1637) in SSL has been addressed in MS15-031 bulletin, which was allowing Man-in-the-Middle (MITM) attacker to downgrade SSL communication to weaker encryption export-grade key or 512-bit RSA keys, which is easy to break.
Microsoft security bulletin summary for March 2015 in order of severity.

MS15-018: Cumulative Security Update for Internet Explorer (3032359)
Severity Rating: Critical
Affected Software: Internet Explorer
Impact: Remote Code Execution

MS15-019: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)
Severity Rating: Critical
Affected Software: VBScript Scripting Engine
Impact: Remote Code Execution

MS15-020: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
Severity Rating: Critical
Affected Software: Microsoft Windows
Impact: Remote Code Execution

MS15-021: Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)
Severity Rating: Critical
Affected Software: Adobe Font Driver
Impact: Remote Code Execution

MS15-022: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
Severity Rating: Critical
Affected Software: Microsoft Office, Microsoft Office Web Apps Server, Microsoft SharePoint Foundation, Microsoft SharePoint Server
Impact: Remote Code Execution

MS15-023: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
Severity Rating: Important
Affected Software: Kernel-Mode Driver
Impact: Information Disclosure, Elevation of Privilege

MS15-024: Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
Severity Rating: Important
Affected Software: PNG Processing Component
Impact: Information Disclosure

MS15-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
Severity Rating: Important
Affected Software: Windows Kernel
Impact: Elevation of Privilege

MS15-026: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)
Severity Rating: Important
Affected Software: Microsoft Exchange Server
Impact: Elevation of Privilege

MS15-027: Vulnerability in NETLOGON Could Allow Spoofing (3002657)
Severity Rating: Important
Affected Software: NETLOGON Component
Impact: Spoofing

MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
Severity Rating: Important
Affected Software: Windows Task Scheduler
Impact: Security Feature Bypass

MS15-029: Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
Severity Rating: Important
Affected Software: Windows Photo Decoder Component
Impact: Information Disclosure

MS15-030: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)
Severity Rating: Important
Affected Software: Remote Desktop Protocol
Impact: Denial of Service

MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)
Severity Rating: Important
Affected Software: Schannel
Impact: Security Feature Bypass

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

  • Veerendra GG