Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Microsoft Security Bulletin Summary for March 2015

Mar 10, 2015 3:58AM PDT

Published : March 10, 2015

Microsoft released 14 new security updates today. Five (5) are rated Critical and Nine (9) are rated Important. They address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer..

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 5

MS15-018 - Cumulative Security Update for Internet Explorer (3032359)
MS15-019 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)
MS15-020 - Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
MS15-021 - Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323)
MS15-022 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)

Important: 9

MS15-23 - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege (3034344)
MS15-24 - Vulnerability in PNG Processing Could Allow Information Disclosure (3035132)
MS15-25 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (3038680)
MS15-26 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3040856)
MS15-27 - Vulnerability in NETLOGON Could Allow Spoofing (3002657)
MS15-28 - Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
MS15-29 - Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126)
MS15-30 - Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (3039976)
MS15-31 - Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

Security Bulletin: https://technet.microsoft.com/library/security/ms15-mar

Discussion is locked

- Collapse -
Security Advisories Updated or Released Today
Mar 10, 2015 4:06AM PDT
* Microsoft Security Advisory (3033929)
- Title: Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/library/security/3033929
- Revision Note: V1.0 (March 10, 2015): Advisory published.

* Microsoft Security Advisory (3046015)
- Title: Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.microsoft.com/library/security/3046015
- Revision Note: V2.0 (March 10, 2015): Advisory updated to reflect publication of security bulletin.

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/library/security/2755801
- Revision Note: V38.0 (March 10, 2015): Added the 3044132 update to the Current Update section.
- Collapse -
MSRT March: Superfish cleanup
Mar 11, 2015 3:40AM PDT

Geoff McDonald @ the Microsoft Malware Protection Center (MMPC) blog:

10 Mar 2015

This month we added two new families to the Microsoft Malicious Software Removal Tool: Win32/CompromisedCert and Win32/Alinaos.

The Alinaos trojan family targets point-of-sale terminals to steal credit card information. This blog will discuss the security risk presented by Superfish, an ad-injecting application that we detect as CompromisedCert.

Some new Lenovo consumer notebooks sold between September 2014 and February 2015 had Superfish pre-installed. In February, it was discovered that this application exposes a machine to man-in-the-middle (MiTM) attacks because of a security vulnerability involving a self-signed root certificate used by Superfish. Lenovo customers concerned about pre-installed versions of Superfish should refer to Lenovo's security advisory.

Additional Information : http://blogs.technet.com/b/mmpc/archive/2015/03/10/msrt-march-superfish-cleanup.aspx

- Collapse -
Interesting: The Newest Removal Tool Isn't Available Yet
Mar 11, 2015 7:46AM PDT

Although Windows Updates will download it and run it, the newest manual tool available for download is the 5.21 version available in February.. Visiting the normal download site at the link below shows the older version plus text that says: "The Malicious software removal tool currently available for download is the February 2015 version. The March 2015 version will be available in the next couple of weeks."

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx?id=16

Usually, the downloadable tool is available on the same days it's released. Although most folks don't care about this, I usually keep the manual tool available for running on remote computers which don't have internet access. Not a big deal, but it is a curious thing.

Hope this helps.

Grif

- Collapse -
The Newest MSRT Offline Version Is Now Available
Mar 17, 2015 6:32AM PDT
- Collapse -
Microsoft Security Advisory 3046310
Mar 17, 2015 3:50AM PDT
Improperly Issued Digital Certificates Could Allow Spoofing

Published: March 16, 2015

Version: 1.0

Executive Summary:

Microsoft is aware of an improperly issued SSL certificate for the domain "live.fi" that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

To help protect customers from potentially fraudulent use of this digital certificate, it has been revoked by the issuing CA and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory.

Advisory continued : https://technet.microsoft.com/library/security/3046310
- Collapse -
Microsoft Security Advisory 3046310 - Version 2.0
Mar 20, 2015 6:56AM PDT
* Microsoft Security Advisory (3046310)
- Title: Improperly Issued Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/library/security/3046310
- Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions of Windows Server 2003 is now available. See Knowledge Base Article 3046310 for more information and download links.
- Collapse -
Microsoft Security Advisory 3050995
Mar 25, 2015 12:56AM PDT
Improperly Issued Digital Certificates Could Allow Spoofing

Published: March 24, 2015

Version: 1.0

Executive Summary

Microsoft is aware of digital certificates that were improperly issued from the subordinate CA, MCS Holdings, which could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The improperly issued certificates cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.

To help protect customers from the potentially fraudulent use of these improperly issued certificates, Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA. Microsoft is working on an update for Windows Server 2003 customers and will release it once fully tested. For more information about these certificates, see the Frequently Asked Questions section of this advisory.

Advisory continued : https://technet.microsoft.com/library/security/3050995