May Patch Tuesday Round-Up
There were a lot of updates released this month. A lot of the updates from Microsoft overlap each other. There is even a case of one patch replacing another within the 13 patches released this month. Here are some things to know as you continue through your patch process:
Several patches may apply multiple times to the same system. MS15-044 applies to multiple products including the OS, .Net, Office, Lync, and Silverlight. MS15-047 for Microsoft Silverlight is another update that overlaps what files are being updated. MS15-048 for .Net is also overlaps many of the other updates and could show missing multiple times on the same system.
MS15-052 is replaced by MS15-055. On Windows 8 and Server 2012 you need to install 052 before 055. With Shavlik Protect you would just see MS15-055 in this case as it replaces MS15-052.
MS15-043 (Cumulative IE) includes additional defense-in-depth updates to help improve security-related features. For systems with IE7 and earlier, the JScript and VBScript vulnerabilities are resolved through MS15-053.
MS15-045 resolves two vulnerabilities that have been publicly disclosed, which increases the risk that they will be exploited significantly.
MS15-050 is vulnerable on Windows 2003, but there is not updated offered for this OS as the changes required would require significant re-architecture. As 2003 reaches its End-of-Life the number of unpatched vulnerabilities will increase.
MS15-055 resolves vulnerabilities in Schannel, but also includes additional security-related changes to TLS including increasing the minimum allowable DHE key length to 1024 bits.