Microsoft Security Bulletin Release for March 2015

[Corrine]

Microsoft released fourteen (14) bulletins. Five (5) bulletins are identified as Critical and the remaining nine (9) are rated Important in severity. The updates address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange and Internet Explorer. Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

Security Bulletin MS15-031 addresses the vulnerability in Security Advisory 3046015 which relates to the SSL/TLS issue referred being referred to as “FREAK” (Factoring attack on RSA-EXPORT Keys).

In addition to providing information about the additional families added to the MSRT, information regarding Superfish and steps by Microsoft, Lenovo and others is available in the MMPC blog post, MSRT March: Superfish cleanup.

Microsoft Security Bulletin for March 2015

 

[Corrine]

Someone on another forum received a failed message for KB 3035131. In helping track down the source of the problem, In Microsoft Security Bulletin MS15-025 - Important, I found the following footnote by KB 3035131 in the Update FAQ:

For Windows 7 and Windows Server 2008 R2, the 3035131 update discussed in this bulletin shares affected binaries with the update being released simultaneously via Security Advisory 3033929. This overlap in affected binaries necessitates that one update supersede the other and in this case it is advisory update 3033929 that supersedes update 3035131. Customers with automatic updating enabled should experience no unusual installation behavior; both updates should install automatically and both should appear in the list of installed updates. However, for customers who download and install updates manually, the order in which the updates are installed will determine the observed behavior as follows:

Scenario 1 (preferred): Customer first installs update 3035131 and then installs advisory update 3033929.
Result: Both updates should install normally and both updates should appear in the list of installed updates.

Scenario 2: Customer first installs advisory update 3033929 and then attempts to install update 3035131.
Result: The installer notifies the user that the 3035131 update is already installed on the system; and the 3035131 update is NOT added to the list of installed updates.

Thus, if you manually install updates, it is best to install KB 3035131 first, followed by KB 3033929.

 

[Corrine]

I guess Adobe is tired after all the updates last month. As indicated in Microsoft Security Advisory 2755801, only Windows 8.x and Windows RT are getting the Adobe Flash Player ActiveX security update today. All other operating systems, including the plugin will be available on Thursday, March 12.