Microsoft Security Bulletin MS15-010 - Critical

Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)

Published: February 10, 2015 | Updated: February 18, 2015

Version: 1.1

Executive Summary

This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts.

This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1; it is rated Important for all supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver validates certain parameters against registered objects, validates and enforces impersonation levels, handles objects in memory, validates data returned from user mode functions before being executed, handles TrueType Font error checking, and checks font widths prior to loading fonts into memory. For more information about the vulnerability, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3036220.

Affected Software

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Operating System Maximum Security Impact Aggregate Severity Rating Updates Replaced
Windows Server 2003
Windows Server 2003 Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2003 Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2003 x64 Edition Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2003 x64 Edition Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2003 with SP2 for Itanium-based Systems (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2003 with SP2 for Itanium-based Systems (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Vista
Windows Vista Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Vista Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Vista x64 Edition Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Vista x64 Edition Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2008 for 32-bit Systems Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2008 for x64-based Systems Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2008 for x64-based Systems Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2008 for Itanium-based Systems Service Pack 2 (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2008 for Itanium-based Systems Service Pack 2 (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows 7
Windows 7 for 32-bit Systems Service Pack 1 (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows 7 for 32-bit Systems Service Pack 1 (3023562) Security Feature Bypass Important 2785220 in MS13-006
Windows 7 for x64-based Systems Service Pack 1 (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows 7 for x64-based Systems Service Pack 1 (3023562) Security Feature Bypass Important 2785220 in MS13-006
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3023562) Security Feature Bypass Important 2785220 in MS13-006
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3023562) Security Feature Bypass Important 2785220 in MS13-006
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows 8 for 32-bit Systems (3023562) Security Feature Bypass Important None
Windows 8 for x64-based Systems (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows 8 for x64-based Systems (3023562) Security Feature Bypass Important None
Windows 8.1 for 32-bit Systems (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows 8.1 for 32-bit Systems (3023562) Security Feature Bypass Important None
Windows 8.1 for x64-based Systems (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows 8.1 for x64-based Systems (3023562) Security Feature Bypass Important None
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2012 (3023562) Security Feature Bypass Important None
Windows Server 2012 R2 (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2012 R2 (3023562) Security Feature Bypass Important None
Windows RT and Windows RT 8.1
Windows RT[1](3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows RT[1](3023562) Security Feature Bypass Important 3003743 in MS14-074
Windows RT 8.1[1](3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows RT 8.1[1](3023562) Security Feature Bypass Important 3003743 in MS14-074
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3013455) Elevation of Privilege Important 3002885 in MS14-079
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3023562) Security Feature Bypass Important 2992611 in MS14-066
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3023562) Security Feature Bypass Important 2785220 in MS13-006
Windows Server 2012 (Server Core installation) (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2012 (Server Core installation) (3023562) Security Feature Bypass Important None
Windows Server 2012 R2 (Server Core installation) (3013455) Remote Code Execution Critical 3002885 in MS14-079
Windows Server 2012 R2 (Server Core installation) (3023562) Security Feature Bypass Important None

Note The 3013455 update is available for Windows Technical Preview and Windows Server Technical Preview. Customers running these operating systems are encouraged to apply the update via Windows Update. [1]This update is available via Windows Update only.

Update FAQ

For the 3013455 update, why are there two packages on the Microsoft Download Center pages for affected editions of Windows Server 2003, Windows Server 2008, and Windows Vista?  An additional, non-security update was implemented for affected editions of Windows Server 2003, Windows Server 2008, and Windows Vista to address problems with text quality degradation that some customers experienced after installing the 3013455 update. Note that the additional package (3037639) is not needed to be protected from the vulnerabilities addressed by the 3013455 update; it simply corrects the text quality problem. Customers should also be aware that the 3037639 update does require a system restart after installation.

Severity Ratings and Vulnerability Identifiers

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the February bulletin summary.

Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Affected Software Win32k Elevation of Privilege Vulnerability - CVE-2015-0003 CNG Security Feature Bypass Vulnerability - CVE-2015-0010 Win32k Elevation of Privilege Vulnerability - CVE-2015-0057 Windows Cursor Object Double Free Vulnerability - CVE-2015-0058 TrueType Font Parsing Remote Code Execution Vulnerability - CVE-2015-0059 Windows Font Driver Denial of Service Vulnerability - CVE-2015-0060 Aggregate Severity Rating
(3013455) (3023562) (3013455) (3013455) (3013455) (3013455)
Windows Server 2003
Windows Server 2003 Service Pack 2 Important\   Elevation of Privilege Important\   Security Feature Bypass Important\   Elevation of Privilege Not applicable Not applicable Moderate\   Denial of Service Important 
Windows Server 2003 x64 Edition Service Pack 2 Moderate\   Denial of Service Important\   Security Feature Bypass Important\   Elevation of Privilege Not applicable Not applicable Moderate\   Denial of Service Important 
Windows Server 2003 with SP2 for Itanium-based Systems Moderate\   Denial of Service Important \ Security Feature Bypass Important\   Elevation of Privilege Not applicable Not applicable Moderate \ Denial of Service Important 
Windows Vista
Windows Vista Service Pack 2 Important\   Elevation of Privilege Important\   Security Feature Bypass Important\   Elevation of Privilege Not applicable Not applicable Moderate\   Denial of Service Important 
Windows Vista x64 Edition Service Pack 2 Moderate\   Denial of Service Important\   Security Feature Bypass Important\   Elevation of Privilege Not applicable Not applicable Moderate\   Denial of Service Important 
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2 Important\   Elevation of Privilege Important\   Security Feature Bypass Important\   Elevation of Privilege Not applicable Not applicable Moderate\   Denial of Service Important 
Windows Server 2008 for x64-based Systems Service Pack 2 Moderate\   Denial of Service Important\   Security Feature Bypass Important  Elevation of Privilege Not applicable Not applicable Moderate  Denial of Service Important 
Windows Server 2008 for Itanium-based Systems Service Pack 2 Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Not applicable Moderate  Denial of Service Important 
Windows 7
Windows 7 for 32-bit Systems Service Pack 1 Important  Elevation of Privilege Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows 7 for x64-based Systems Service Pack 1 Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows 8 for x64-based Systems Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows 8.1 for 32-bit Systems Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Important  Elevation of Privilege Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows 8.1 for x64-based Systems Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Important  Elevation of Privilege Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows Server 2012 R2 Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Important  Elevation of Privilege Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows RT and Windows RT 8.1
Windows RT[1] Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows RT 8.1[1] Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Important  Elevation of Privilege Critical  Remote Code Execution Moderate  Denial of Service Critical
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Important  Elevation of Privilege Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Not applicable Moderate  Denial of Service Important 
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Not applicable Moderate  Denial of Service Important 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows Server 2012 (Server Core installation) Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Not applicable Critical  Remote Code Execution Moderate  Denial of Service Critical
Windows Server 2012 R2 (Server Core installation) Moderate  Denial of Service Important  Security Feature Bypass Important  Elevation of Privilege Important  Remote Code Execution Critical  Remote Code Execution Moderate  Denial of Service Critical

[1]This update is available via Windows Update only.

Vulnerability Information

Win32k Elevation of Privilege Vulnerability - CVE-2015-0003

An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. The update addresses the vulnerability by correcting how the kernel-mode driver validates certain parameters against registered objects.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

Mitigating Factors

The following mitigating factors may be helpful in your situation:

  • An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Workarounds

The following workarounds may be helpful in your situation:

  • Set up a Registry entry to disable NULL page mapping (Windows 7 only)

    Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

    1. Open Registry Editor.

    2. Locate and then click the following registry sub key:  

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
      
    3. On the Edit menu, click New, and then click DWORD.

    4. Type EnableLowVaAccess, and then press ENTER.

    5. On the Edit menu, click Modify to modify the EnableLowAvAccess registry entry.

    6. In the Value data box, type 0, and then click OK.

    7. Exit Registry Editor.

    8. Restart the system.   

    Impact of workaround. Some 16-bit applications may not work as expected.

    **How to undo the workaround. **

    1. Open Registry Editor.

    2. Locate and then click the following registry sub key:  

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
      
    3. On the Edit menu, click Delete.

    4. Click Yes when prompted.

    5. Exit Registry Editor.

    6. Restart the system. 

 

CNG Security Feature Bypass Vulnerability - CVE-2015-0010

A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user. The security update addresses the vulnerability by correcting how the kernel-mode driver validates and enforces impersonation levels.

This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2015-2010. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.  

Win32k Elevation of Privilege Vulnerability - CVE-2015-0057

An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. The update addresses the vulnerability by correcting how the kernel-mode driver handles objects in memory.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.  

Windows Cursor Object Double Free Vulnerability - CVE-2015-0058

An elevation of privilege vulnerability exists in the Windows kernel-mode driver (win32k.sys) due to a double-free condition. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. The update addresses the vulnerability by correcting how the kernel-mode driver validates data returned from user mode functions before being executed.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

 

TrueType Font Parsing Remote Code Execution Vulnerability - CVE-2015-0059

A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles TrueType fonts.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType Fonts. The update addresses the vulnerability by correcting how the kernel-mode driver handles TrueType fonts.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

The following workarounds may be helpful in your situation:

  • Deny access to T2EMBED.DLL

    For 32-bit systems, enter the following commands at an administrative command prompt:

    Takeown.exe /f "%windir%\system32\t2embed.dll"
    Icacls.exe "%windir%\system32\t2embed.dll" /deny everyone:(F)
    

    For 64-bit systems, enter the following commands at an administrative command prompt:

    Takeown.exe /f "%windir%\system32\t2embed.dll"
    Icacls.exe "%windir%\system32\t2embed.dll" /deny everyone:(F)
    Takeown.exe /f "%windir%\syswow64\t2embed.dll"
    Icacls.exe "%windir%\syswow64\t2embed.dll" /deny everyone:(F)
    

    Impact of workaround. Applications that rely on embedded font technology will fail to display properly.

    How to undo the workaround.

    For 32-bit systems, enter the following command at an administrative command prompt:

    Icacls.exe %WINDIR%\system32\t2embed.DLL /remove:d everyone
    

    For 64-bit systems, enter the following commands at an administrative command prompt:

    Icacls.exe %WINDIR%\system32\t2embed.DLL /remove:d everyone
    Icacls.exe %WINDIR%\syswow64\t2embed.DLL /remove:d everyone
    
     
    

Windows Font Driver Denial of Service Vulnerability - CVE-2015-0060

A denial of service vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when the Windows font mapper attempts to scale a font.

An attacker who successfully exploited this vulnerability could cause the user’s computer to stop responding. An attacker could attempt to exploit this vulnerability by convincing a user to open a malicious file or visit a malicious website link. The update addresses the vulnerability by correcting how the kernel-mode driver checks font widths prior to loading fonts into memory.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

The following workarounds may be helpful in your situation:

  • Deny access to T2EMBED.DLL

    For 32-bit systems, enter the following commands at an administrative command prompt:

    Takeown.exe /f "%windir%\system32\t2embed.dll"
    Icacls.exe "%windir%\system32\t2embed.dll" /deny everyone:(F)
    

    For 64-bit systems, enter the following commands at an administrative command prompt:

    Takeown.exe /f "%windir%\system32\t2embed.dll" 
    Icacls.exe "%windir%\system32\t2embed.dll" /deny everyone:(F)
    Takeown.exe /f "%windir%\syswow64\t2embed.dll" 
    Icacls.exe "%windir%\syswow64\t2embed.dll" /deny everyone:(F)
    

Impact of workaround. Applications that rely on embedded font technology will fail to display properly.

How to undo the workaround.

For 32-bit systems, enter the following command at an administrative command prompt:

```
  Icacls.exe %WINDIR%\system32\t2embed.DLL /remove:d everyone
```

For 64-bit systems, enter the following commands at an administrative command prompt:

  Icacls.exe %WINDIR%\system32\t2embed.DLL /remove:d everyone
  IIcacls.exe %WINDIR%\syswow64\t2embed.DLL /remove:d everyone
```      

Security Update Deployment
--------------------------

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced  in the Executive Summary.

Acknowledgments
---------------

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See [Acknowledgments](https://technet.microsoft.com/library/security/dn903755.aspx) for more information.

Disclaimer
----------

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions
---------

-   V1.0 (February 10, 2015): Bulletin published.
-   V1.1 (February 18, 2015): Bulletin revised to add an Update FAQ that explains why there are two packages on the Microsoft Download Center pages for affected editions of Windows Server 2003, Windows Server 2008, and Windows Vista. The additional package (3037639) is not needed to be protected from the vulnerabilities addressed by the 3013455 update; it simply corrects a text quality problem that some customers experienced after installing the 3013455 update on the indicated systems.

*Page generated 2015-02-18 15:39Z-08:00.*