JPCERT-AT-2015-0007 JPCERT/CC 2015-03-11 <<< JPCERT/CC Alert 2015-03-11 >>> Microsoft Security Bulletin for March 2015 (including 5 critical patches) https://www.jpcert.or.jp/english/at/2015/at150007.html I. Overview Microsoft has released its security bulletin for March, 2015. This bulletin contains three (5) updates that are rated as "critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code. Details on the vulnerabilities can be found at the following URL: Microsoft Security Bulletin Summary for March 2015 https://technet.microsoft.com/en-us/library/security/ms15-mar [Security update rated as "critical"] MS15-018 Cumulative Security Update for Internet Explorer (3032359) https://technet.microsoft.com/en-us/library/security/ms15-018 MS15-019 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297) https://technet.microsoft.com/en-us/library/security/ms15-019 MS15-020 Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836) https://technet.microsoft.com/en-us/library/security/ms15-020 MS15-021 Vulnerabilities in Adobe Font Driver Could Allow Remote Code Execution (3032323) https://technet.microsoft.com/en-us/library/security/ms15-021 MS15-022 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999) https://technet.microsoft.com/en-us/library/security/ms15-022 In addition, if you wish to apply the update on a system where any workaround for MS15-031(important) has been already placed, please refer to the following URL and complete the cancellation of the workaround. If this security update is applied without cancelling the workaround,it is possible that the majority of Internet service becomes unavailable. MS15-031 Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) https://technet.microsoft.com/en-us/library/security/ms15-031 II. Solution Please apply the security update programs through Microsoft Update, Windows Update, etc. as soon as possible. Microsoft Update http://www.update.microsoft.com/ Windows Update http://windowsupdate.microsoft.com/ * With the April 2014 update, Microsoft has ended the support for Windows XP and Office 2003. Concerns on security risk will rise henceforth, and therefore please consider updating to a newer OS and software. III. References Microsoft Microsoft Security Bulletin Summary for March 2015 https://technet.microsoft.com/en-us/library/security/ms15-mar Microsoft Microsoft Security Information for March 2015 (Monthly) - MS15-018 - MS15-031 (Japanese) http://blogs.technet.com/b/jpsecurity/archive/2015/03/11/201503-security-bulletin.aspx If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/