Microsoft Patch Tuesday, March 2015

March comes in like a lion this Microsoft Patch Tuesday with 14 bulletins including four rated Critical and ten rated Important. All told this release covers 45 individual vulnerabilities. Continuing an almost non-stop flow of patches, Internet Explorer accounts for fifteen of those vulnerabilities. Like months past, the majority of them are memory corruption bugs, the worst of which could result in remote code execution.

This release also patches the recently disclosed FREAK vulnerability. To exploit the vulnerability a man in the middle attack can be performed that causes the connection to use downgraded encryption. In this case the attacker would force the HTTPS connection to downgrade to using 512-bit RSA Export keys. These export keys are a left over from the 1990s when the United States had very strict laws surrounding encryption software.

At first it appeared that only Android, iOS and OS X devices were vulnerable to the encryption downgrade, but it quickly became apparent that Microsoft's Schannel encryption library was also vulnerable.

This month's release also patches critical vulnerabilities in Microsoft's VBScripting Engine and in the Adobe Font Driver.

MS15-018
Critical
CVE-2015-0032, CVE-2015-0056, CVE-2015-0072, CVE-2015-0099, CVE-2015-0100, CVE-2015-1622, CVE-2015-1623, CVE-2015-1624, CVE-2015-1625, CVE-2015-1626, CVE-2015-1627, CVE-2015-1634
Cumulative Security Update for Internet Explorer

This bulletin patches twelve vulnerabilities in Internet Explorer the majority of which are memory corruption flaws. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user running IE.

This security update covers Internet Explorer 6 (IE 6) through Internet Explorer 11 (IE 11) and is rated Critical on affected Windows clients and Moderate for affected Windows servers.

MS15-019
Critical
CVE-2015-0032
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

This bulletin patches a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Critical for affected versions of the VBScript scripting engine on Windows Vista and Moderate for affected versions of the VBScript scripting engine on Windows Server 2003 and Windows Server 2008.

MS15-020
Critical
CVE-2015-0081, CVE-2015-0096
Vulnerability in Windows Shell Could Allow Remote Code Execution

This patches two vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to navigate to a specially crafted website or working directory. The two vulnerabilities exist when DLLs are loaded that improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the logged-on user.

This security update is rated Critical for all supported releases of Microsoft Windows

MS15-021
Critical
CVE-2015-0074, CVE-2015-0087, CVE-2015-0088, CVE-2015-0089, CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, CVE-2015-0093
Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution

This bulletin patches eight vulnerabilities in Microsoft Windows. All of the vulnerabilities exist in the Adobe Font Driver and the most severe of these could allow remote code execution if a user views a specially crafted file or website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

This security update is rated Critical for all supported releases of Microsoft Windows.

MS15-022
Important
CVE-2015-0085, CVE-2015-0086, CVE-2015-0097, CVE-2015-1633, CVE-2015-1636
Vulnerabilities in Microsoft Office could allow Elevation of Privilege

This bulletin patches five vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could vulnerability could run arbitrary code in the context of the current user.

This security update is rated Critical for all supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013.

MS15-023
Important
CVE-2015-0077, CVE-2015-0078, CVE-2015-0094, CVE-2015-0095
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege

This bulletin patches four vulnerabilities in Microsoft Windows Kernel-Mode Driver. The most severe of these vulnerabilities could allow Elevation of Privilege if an attacker logs on to the system and runs a specially crafted application designed to increase privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

This security update is rated Important for all supported releases of Microsoft Windows

MS15-024
Important
CVE-2015-0080
Vulnerability in PNG Processing Could Allow Information Disclosure

This bulletin patches a vulnerability in how Microsoft Windows processes PNG image files. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an affected system or convinces a user to visit a website that contains specially crafted PNG images. An attacker who successfully exploited this vulnerability would be able to read data which was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

This security update is rated Important for all supported releases of Microsoft Windows

MS15-025
Important
CVE-2015-0073, CVE-2015-0075
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

This bulletin patches two reported vulnerabilities in Microsoft Windows kernel. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the account of another user who is logged on to the affected system.

This security update is rated Important for all supported releases of Microsoft Windows

MS15-026
Important
CVE-2015-1628, CVE-2015-1629, CVE-2015-1630, CVE-2015-1631, CVE-2015-1632
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege

This security update resolves five privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. Among the bugs patched are multiple XSS vulnerabilities and the ability to spoof meeting requests.

This security update is rated Important for all supported editions of Microsoft Exchange Server 2013

MS15-027
Important
CVE-2015-0005
Vulnerability in NETLOGON Could Allow Spoofing

This bulletin patches a vulnerability in the Microsoft Windows NETLOGON service. The vulnerability could allow spoofing if an attacker, who is logged onto a domain-joined system, runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged onto a domain-joined system and be able to observe network traffic.

This security update is rated Important for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 2012, and Windows 2012 R2.

MS15-028
Important
CVE-2015-0084
Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass

This bulletin patches a vulnerability in Microsoft Windows Task Scheduler. The vulnerability could allow a user with limited privileges on an affected system to leverage Task Scheduler to execute files that they do not have permissions to run. An attacker who successfully exploited this vulnerability could bypass ACL checks and run privileged executables.

This security update is rated Important for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.

MS15-029
Important
CVE-2015-0076
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure

This bulletin patches a vulnerability in the Microsoft Windows Graphics Component. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted JPEG XR (.JXR) image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

This security update is rated Important for all supported releases of Microsoft Windows.

MS15-030
Important
CVE-2015-0079
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

This bulletin patches a vulnerability in the Microsoft Windows Remote Desktop Protocol (RDP). The vulnerability could allow denial of service if an attacker creates multiple RDP sessions, which fail to properly dereference certain pointers in memory. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

This security update is rated Important for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Window 8.1, and Windows Server 2012 R2.

MS15-031
Important
CVE-2015-1637
Vulnerability in Schannel Could Allow Security Feature Bypass

This bulletin patches a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected.

This security update is rated Important for all supported releases of Microsoft Windows.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.