Infos zum Microsoft August 2015 Patchday

Ist mal wieder so weit – zweiter Dienstag im Monat – und trotzdem trifft es mich immer wieder unvorbereitet. Am 11. August 2015 war Patchday bei Microsoft und es hat mal wieder “gerappelt”. Hier die “Nachlesen”, “Vorschau” oder wie immer ihr das interpretieren wollt. 14 Patches rollt Microsoft aus.


Anzeige

Fangen wir mit den kritischen Sicherheits-Bulletins an, die Microsoft für Windows und weitere Produkte ausrollt. Die vollständige Beschreibung lässt sich auf dieser Microsoft-Seite einsehen.

MS15-079: Kumulatives Sicherheitsupdate für den Internet Explorer (3082442)

Kritisches Sicherheits-Update MS15-079, welches eine Remote Code Execution-Lücke schließen soll. Erfordert einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Betroffene Software:

– Windows Vista Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
– Windows Vista x64 Edition Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
– Windows Server 2008 for 32-bit Systems Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
(Windows Server 2008 Server Core Installation nicht betroffen)
– Windows Server 2008 for x64-based Systems Service Pack 2:
– Internet Explorer 7
– Internet Explorer 8
– Internet Explorer 9
(Windows Server 2008 Server Core Installation nicht betroffen)
– Windows Server 2008 for Itanium-based Systems Service Pack 2:
– Internet Explorer 7
– Windows 7 for 32-bit Systems Service Pack 1:
– Internet Explorer 8
– Internet Explorer 9
– Internet Explorer 10
– Internet Explorer 11
– Windows 7 for x64-based Systems Service Pack 1:
– Internet Explorer 8
– Internet Explorer 9
– Internet Explorer 10
– Internet Explorer 11
– Windows Server 2008 R2 for x64-based Systems
Service Pack 1:
– Internet Explorer 8
– Internet Explorer 9
– Internet Explorer 10
– Internet Explorer 11
(Windows Server 2008 R2 Server Core nicht betroffen)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1:
– Internet Explorer 8
– Windows 8 for 32-bit Systems:
– Internet Explorer 10
– Windows 8 for x64-based Systems:
– Internet Explorer 10
– Windows Server 2012:
– Internet Explorer 10
(Windows Server 2012 Server Core nicht betroffen)
– Windows RT:
– Internet Explorer 10
– Windows 8.1 for 32-bit Systems:
– Internet Explorer 11
– Windows 8.1 for x64-based Systems:
– Internet Explorer 11
– Windows Server 2012 R2:
– Internet Explorer 11
(Windows Server 2012 R2 Server Core nicht betroffen)
– Windows RT 8.1:
– Internet Explorer 11
– Windows 10 for 32-bit Systems
– Internet Explorer 11
– Windows 10 for x64-based Systems
– Internet Explorer 11
– Impact: Remote Code Execution
– Version Number: 1.0

MS15-080 Sicherheitslücke in Microsoft Graphics Komponenten (3078662) 

Kritisches Sicherheits-Update MS15-080, welches eine Remote Code Execution-Lücke in den Microsoft Grafikkomponenten schließen soll. Erfordert ggf. einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.

This security update is rated Critical for supported releases of Microsoft Windows and all affected editions of Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. For more information, see the Betroffene Software section.

The security update addresses the vulnerabilities by correcting how:

  • The Windows Adobe Type Manager Library handles OpenType fonts
  • The Windows DirectWrite library handles TrueType fonts.
  • Office handles OGL fonts
  • The Windows kernel handles memory addresses
  • User processes are terminated upon logoff
  • Windows validates impersonation levels
  • The Windows shell validates impersonation levels

For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3078662.

Betroffene Software:
– Windows Vista Service Pack 2
– Windows Vista Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
– Microsoft .NET Framework 4.6
– Windows Vista x64 Edition Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
– Microsoft .NET Framework 4.6
– Windows Server 2008 for 32-bit Systems Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
– Microsoft .NET Framework 4.6
– Windows Server 2008 for x64-based Systems Service Pack 2
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft .NET Framework 3.0 Service Pack 2
– Microsoft .NET Framework 4
– Microsoft .NET Framework 4.5/4.5.1/4.5.2
– Microsoft .NET Framework 4.6
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for 32-bit Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
– Windows 7 for x64-based Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
– Microsoft .NET Framework 3.5.1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8 for 32-bit Systems
– Windows 8 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 8 for x64-based Systems
– Windows 8 for x64-based Systems
– Microsoft .NET Framework 3.5
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 8.1 for x64-based Systems
– Windows 8.1 for x64-based Systems
– Microsoft .NET Framework 3.5
– Windows Server 2012
– Windows Server 2012
– Microsoft .NET Framework 3.5
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
– Windows Server 2012 R2
– Microsoft .NET Framework 3.5
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for 32-bit Systems
– Microsoft .NET Framework 3.5
– Windows 10 for x64-based Systems
– Windows 10 for x64-based Systems
– Microsoft .NET Framework 3.5
– Microsoft Office 2007 Service Pack 3
– Microsoft Office 2010 Service Pack 2 (32-bit editions)
– Microsoft Office 2010 Service Pack 2 (64-bit editions)
– Microsoft Live Meeting 2007 Console
– Microsoft Lync 2010 (32-bit)
– Microsoft Lync 2010 (64-bit)
– Microsoft Lync 2010 Attendee (user level install)
– Microsoft Lync 2010 Attendee (admin level install)
– Microsoft Lync 2013 Service Pack 1 (32-bit) (Skype for
Business)
– Microsoft Lync Basic 2013 Service Pack 1 (32-bit) (Skype for
Business Basic)
– Microsoft Lync 2013 Service Pack 1 (64-bit) (Skype for
Business)
– Microsoft Lync Basic 2013 Service Pack 1 (64-bit) (Skype for
Business Basic)
– Microsoft Silverlight 5 when installed on Mac
– Microsoft Silverlight 5 Developer Runtime when installed
on Mac
– Microsoft Silverlight 5 when installed on all supported
releases of Microsoft Windows clients
– Microsoft Silverlight 5 Developer Runtime when installed
on all supported releases of Microsoft Windows clients
– Microsoft Silverlight 5 when installed on all supported
releases of Microsoft Windows servers
– Microsoft Silverlight 5 Developer Runtime when installed
on all supported releases of Microsoft Windows servers
– Impact: Remote Code Execution
– Version Number: 1.0

MS15-081 Sicherheitslücke in Office (KB3080790)

Kritisches Sicherheits-Update MS15-081, welches eine Remote Code Execution-Lücke in Microsoft Office schließen soll. Erfordert ggf. einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.


Werbung

Betroffene Software:
– Microsoft Office 2007 Service Pack 3
– Microsoft Office 2007 Service Pack 3
– Microsoft Excel 2007 Service Pack 3
– Microsoft PowerPoint 2007 Service Pack 3
– Microsoft Visio 2007 Service Pack 3
– Microsoft Word 2007 Service Pack 3
– Microsoft Office 2010 Service Pack 2 (32-bit editions)
– Microsoft Office 2010 Service Pack 2 (32-bit editions)
– Microsoft Excel 2010 Service Pack 2 (32-bit editions)
– Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
– Microsoft Visio 2010 Service Pack 2 (32-bit editions)
– Microsoft Word 2010 Service Pack 2 (32-bit editions)
– Microsoft Office 2010 Service Pack 2 (64-bit editions)
– Microsoft Office 2010 Service Pack 2 (64-bit editions)
– Microsoft Excel 2010 Service Pack 2 (64-bit editions)
– Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
– Microsoft Visio 2010 Service Pack 2 (64-bit editions)
– Microsoft Word 2010 Service Pack 2 (64-bit editions)
– Microsoft Office 2013 Service Pack 1 (32-bit editions)
– Microsoft Office 2013 Service Pack 1 (32-bit editions)
– Microsoft Excel 2013 Service Pack 1 (32-bit editions)
– Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
– Microsoft Visio 2013 Service Pack 1 (32-bit editions)
– Microsoft Word 2013 Service Pack 1 (32-bit editions)
– Microsoft Office 2013 Service Pack 1 (64-bit editions)
– Microsoft Office 2013 Service Pack 1 (64-bit editions)
– Microsoft Excel 2013 Service Pack 1 (64-bit editions)
– Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
– Microsoft Visio 2013 Service Pack 1 (64-bit editions)
– Microsoft Word 2013 Service Pack 1 (64-bit editions)
– Microsoft Office 2013 RT Service Pack 1
– Microsoft Office 2013 RT Service Pack 1
– Microsoft Excel 2013 RT Service Pack 1
– Microsoft PowerPoint 2013 RT Service Pack 1
– Microsoft Visio 2013 RT Service Pack 1
– Microsoft Word 2013 RT Service Pack 1
– Microsoft Office for Mac 2011
– Microsoft Office for Mac 2016
– Microsoft Office Compatibility Pack Service Pack 3
– Microsoft Word Viewer
– Microsoft SharePoint Server 2010 Service Pack 2
– Word Automation Services
– Microsoft SharePoint Server 2013 Service Pack 1
– Word Automation Services
– Microsoft Office Web Apps 2010 Service Pack 2
– Microsoft Office Web Apps Server 2013 Service Pack 1
– Impact: Remote Code Execution
– Version Number: 1.0

MS15-091 Kumulatives Sicherheits-Update für Microsoft Edge (3084525)

Kritisches Sicherheits-Update MS15-091, welches eine Remote Code Execution-Lücke in Edge schließen soll. Erfordert einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Betroffene Software:

– Windows 10 for 32-bit Systems
– Microsoft Edge
– Windows 10 for x64-based Systems
– Microsoft Edge
– Impact: Remote Code Execution
– Version Number: 1.0

Zudem wurden folgende wichtige Sicherheits-Update durch Microsoft bereitgestellt.

MS15-082 Sicherheitslücke in RDP (KB3080348)

Wichtiges Sicherheits-Update MS15-082, welches eine Remote Code Execution-Lücke in Windows schließen soll. Erfordert einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Betroffene Software:

– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8 for 32-bit Systems
– Windows 8 for x64-based Systems
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Windows RT 8.1
– Impact: Remote Code Execution
– Version Number: 1.0

MS15-083 Vulnerability in Server Message Block (3073921)

Wichtiges Sicherheits-Update MS15-083, welches eine Remote Code Execution-Lücke in Windows schließen soll. Erfordert einen Neustart.

Beschreibung: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted string to SMB server error logging.

Betroffene Software:

– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Impact: Remote Code Execution
– Version Number: 1.0

MS15-084 Sicherheitslücke in XML Core Services (3080129)

Wichtiges Sicherheits-Update MS15-084, welches eine Datenausspähung (Information Disclosure) in Windows und Office stoppen soll. Erfordert ggf. einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft Windows and Microsoft Office. The vulnerabilities could allow information disclosure by either exposing memory addresses if a user clicks a specially crafted link or by explicitly allowing the use of Secure Sockets Layer (SSL) 2.0. However, in all cases an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.

Betroffene Software:

– Windows Vista Service Pack 2
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Vista x64 Edition Service Pack 2
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows 7 for 32-bit Systems Service Pack 1
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows 7 for x64-based Systems Service Pack 1
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows 8 for 32-bit Systems
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows 8 for x64-based Systems
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows 8.1 for 32-bit Systems
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows 8.1 for x64-based Systems
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows Server 2012
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Windows RT 8.1
– Microsoft XML Core Services 3.0 and Microsoft XML Core
Services 6.0
– Microsoft Office 2007 Service Pack 3
– Microsoft XML Core Services 5.0
– Microsoft InfoPath 2007 Service Pack 3
– Microsoft XML Core Services 5.0
– Impact: Information Disclosure
– Version Number: 1.0

MS15-085 Elevation of Privilege Lücke im Mount Manager (3082487)

Wichtiges Sicherheits-Update MS15-085, welches eine Erhöhung der Privilegien in Windows verhindern soll. Erfordert einen Neustart.

Beschreibung: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker inserts a malicious USB device into a target system. An attacker could then write a malicious binary to disk and execute it.

Betroffene Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8 for 32-bit Systems
– Windows 8 for x64-based Systems
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Impact: Elevation of Privilege
– Version Number: 1.0

MS15-086 Elevation of Privilege-Lücke im System Center Operations Manager (3075158)

Wichtiges Sicherheits-Update MS15-086, welches eine Erhöhung der Privilegien in Windows Server verhindern soll. Erfordert keinen Neustart.

Beschreibung: This security update resolves a vulnerability in Microsoft System Center Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.

Betroffene Software:
– Microsoft System Center 2012 Operations Manager
– Microsoft System Center 2012 Operations Manager Service Pack 1
– Microsoft System Center 2012 Operations Manager R2
– Impact: Elevation of Privilege
– Version Number: 1.0

MS15-087 Elevation of Privilege Lücke in UDDI Services (3082459)

Wichtiges Sicherheits-Update MS15-087, welches eine Erhöhung der Privilegien in Windows und Windows Server verhindern soll. Erfordert keinen Neustart.

Beschreibung: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.

Betroffene Software:

– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft BizTalk Server 2010
– Microsoft BizTalk Server 2013
– Microsoft BizTalk Server 2013 R2
– Impact: Elevation of Privilege
– Version Number: 1.0

MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)

Wichtiges Sicherheits-Update MS15-088, welches einen Datenzugriff in Windows verhindern soll. Erfordert ggf. einen Neustart.

Beschreibung: This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates provided in this bulletin, as well as the update for Internet Explorer provided in MS15-079. Likewise, customers running an affected Microsoft Office product must also install the applicable updates provided in MS15-081.

Betroffene Software:

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8 for 32-bit Systems
– Windows 8 for x64-based Systems
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Windows RT 8.1
– Windows 10 for 32-bit Systems
– Windows 10 for x64-based Systems
– Impact: Information Disclosure
– Version Number: 1.0

MS15-089 Information Disclosure-Lücke in WebDAV (3076949

Wichtiges Sicherheits-Update MS15-089, welches einen Datenzugriff in Windows verhindern soll. Erfordert ggf. einen Neustart.

Beschreibung: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker forces an encrypted Secure Socket Layer (SSL) 2.0 session with a WebDAV server that has SSL 2.0 enabled and uses a man-in-the-middle (MiTM) attack to decrypt portions of the encrypted traffic.

Betroffene Software:

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation not affected)
– Windows 8 for 32-bit Systems
– Windows 8 for x64-based Systems
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation not affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation not affected)
– Windows RT
– Windows RT 8.1
– Impact: Information Disclosure
– Version Number: 1.0

MS15-090 Elevation of Privilege-Lücke in Windows (3060716)

Wichtiges Sicherheits-Update MS15-090, welches eine Erhöhung der Privilegien in Windows verhindern soll. Erfordert einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application or convinces a user to open a specially crafted file that invokes a vulnerable sandboxed application, allowing an attacker to escape the sandbox.

Betroffene Software:

– Affected Software:
– Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems Service Pack 1
– Windows 7 for x64-based Systems Service Pack 1
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
– Windows 8 for 32-bit Systems
– Windows 8 for x64-based Systems
– Windows 8.1 for 32-bit Systems
– Windows 8.1 for x64-based Systems
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Windows RT
– Windows RT 8.1
– Impact: Elevation of Privilege
– Version Number: 1.0

MS15-092 Elevation of Privilege Lücke in .NET Framework (3086251)

Wichtiges Sicherheits-Update MS15-090, welches eine Erhöhung der Privilegien in .NET Framework verhindern soll. Erfordert einen Neustart.

Beschreibung: This security update resolves vulnerabilities in Microsoft .NET Framework. The vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

Betroffene Software:

– Windows Vista Service Pack 2
– Microsoft .NET Framework 4.6
– Windows Vista x64 Edition Service Pack 2
– Microsoft .NET Framework 4.6
– Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft .NET Framework 4.6
– Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
– Microsoft .NET Framework 4.6
– Windows 7 for 32-bit Systems Service Pack 1
– Microsoft .NET Framework 4.6
– Windows 7 for x64-based Systems Service Pack 1
– Microsoft .NET Framework 4.6
– Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
– Microsoft .NET Framework 4.6
– Windows 8 for 32-bit Systems
– Microsoft .NET Framework 4.6
– Windows 8 for x64-based Systems
– Microsoft .NET Framework 4.6
– Windows 8.1 for 32-bit Systems
– Microsoft .NET Framework 4.6
– Windows 8.1 for x64-based Systems
– Microsoft .NET Framework 4.6
– Windows Server 2012
(Windows Server 2012 Server Core installation affected)
– Microsoft .NET Framework 4.6
– Windows Server 2012 R2
(Windows Server 2012 R2 Server Core installation affected)
– Microsoft .NET Framework 4.6
– Windows RT
– Microsoft .NET Framework 4.6
– Windows RT 8.1
– Microsoft .NET Framework 4.6
– Windows 10 for 32-bit Systems
– Microsoft .NET Framework 4.6
– Windows 10 for x64-based Systems
– Microsoft .NET Framework 4.6
– Impact: Elevation of Privilege
– Version Number: 1.0

Ähnliche Artikel:
Infos zum Microsoft Juli 2015 Patchday


Anzeige

Dieser Beitrag wurde unter Update, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server abgelegt und mit , , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

14 Responses to Infos zum Microsoft August 2015 Patchday

  1. Ralf sagt:

    Zumindest unter Windows 8.1 ein problemloser Patchday – Und auch keine optionalen Updates, bei denen man überlegen musste, ob man sie ausblenden oder doch installieren kann. Und das alles ohne Zwang :-))

  2. Günter Born sagt:

    Nachtrag: Beim Mount Manager wurde auch eine USB-Lücke geschlossen (siehe)

  3. Werbung

  4. Jürgen sagt:

    Was ist dran an den Meldungen, dass sich bei manchen Windows 7 Rechnern mit dem August 2015 Patchday das Windows 10 Upgrade ungefragt selbst installiert haben soll?
    Auf diese Meldungen hin habe ich auf dem Notebook, an dem ich geradezu tun hatte, das Update KB3035583 deinstalliert und ausgeblendet. Mit dem Abschalten der automatischen Updates war ich allerdings etwas zu langsam. Diese installierten sich alle beim Herunterfahren und mit dem nächsten Neustart.
    Anschließend kontrollierte ich den Updateverlauf. Dort standen in der Reihenfolge für den 12.08.2015 zuerst ein “Windows 10 Upgrade Home fehlgeschlagen” und dann alle weiteren August Updates erfolreich.

  5. Dekre sagt:

    jetzt bin ich mir “fast” sicher – mit hoher Wahrscheinlichkeit gibt es dort inrgendetwas , was den MSE bei einer vollständigen Suche irgendwie stoppt. Es ist nicht möglich einen vollständigen Scan durchzuführen. Es geht nur der Schnellscan.

    Bei einem PC war nach abgeschlossener INstallatin der MSE nicht mehr startbar, nur mit Neustart. Bei den andere verschiedenen 3 wird der MSE bei laufenden Betrieb plötzlich gestoppt. Das geht nur durch Neustart wieder weg. Bei MSE- Suche im vollständigen Modus hängt sich dieser irgendwann auf. Was kann das sein?
    Bei 4 unterschiedlichen PCs kann das nicht normal sein.

    Grüße

    • dekre sagt:

      Lieber Herr Born,
      Frage – kann es sein, dass MSE aufgrund der “Win10-upgrade” nicht funktioniert? So wie ich es gerade bei MS Community gesehen habe, ist das wohl kein Einzelfall. Sie hatten auch in Ihrem Blog geschrieben, das man bei Upgrade auf Win 10 den MSE deinstallieren sollte.
      Kann es eventuell damit zusammenhängen, wenn man Win7 nach wie vor hat, dass dann MS da etwas nicht bedacht hat?
      Grüße

      • Günter Born sagt:

        Kann ich nicht bestätigen, hier läuft MSE auf diversen Win 7 Rechnern. Ich gehe dem (bei etwas Zeit) mal nach.

      • Dekre sagt:

        Also das Problem liegt tatsächlich bei Microsoft. Bitte den dortigen Link von MS-Community, den ich eingestellte habe, verfolgen.
        Es gibt mit KB3092627 ein Reparatur-Update:

        https://support.microsoft.com/de-de/kb/3092627

        Das ist das Reparatur-Update für die August-“Welle” von MS. Hätte nicht Jemand darauf verwiesen, so wäre man wieder am verzweifeln gewesen. MS hat das wohl am/ zum 01.09.2015 eingestellt. Da es nicht über die normale Update-Suche angeboten wird, so sollte man es wohl installieren (betrifft Win7). Seit dem keine Probleme mit MSE mit Vollprüfung etc.
        Mit Java ist ein Java-Problem, da habe ich die Update-Funktion herausgenommen.

        Grüße

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.