Microsoft has just released the patches (also known as bulletins) for April. The details are available at – http://technet.microsoft.com/en-us/security/bulletin/ms15-apr
They are identified as MS15-032/MS15-042.
There are a total of eleven patches, four of which are classified as CRITICAL and seven are classified as IMPORTANT. The CRITICAL patches apply to the following Microsoft products: Internet Explorer; Microsoft Office; and Microsoft Windows
CRITICAL patches for April
There are a total of 10 vulnerabilities (five of which are remote code execution) patched in the bulletin (https://technet.microsoft.com/library/security/ms15-032 ) associated with Internet Explorer. As of this time, none are known to have been disclosed publicly prior to 4/14. The vulnerabilities are classified as CRITICAL for IE versions 6-11 on workstation operating systems and MODERATE for IE 6-11 on server operating systems.
There are a total of five vulnerabilities (depending on the application, the vulnerability could be either remote code execution or elevation of privilege ) being patched in the bulletin ( https://technet.microsoft.com/library/security/ms15-033 ) associated with MS-Office. The vulnerabilities are classified as CRITICAL for Microsoft Office 2007, 2010, Word Viewer and Office Compatibility pack SP3, SharePoint Server 2010 and Office Web Apps 2010. The classification is reduced to IMPORTANT for all newer versions of those products.
Bulletin MS15-034 addresses a single vulnerability in the http.sys module for all Windows workstation and server operating systems. The vulnerability is classified as CRITICAL for both workstation and server OSs and would enable remote code execution if successfully exploited. As of this time, no public exploits have been identified.
Bulletin MS15-035 addresses a single vulnerability in the Graphic component of Windows. The vulnerability is classified as CRITICAL for all supported versions of Windows workstation and server operating systems and would enable remote code execution if successfully exploited.
Bulletins MS15-036 through MS15-040, are classified as IMPORTANT regardless of operating system type or platform. They are elevation of privilege vulnerabilities and apply to the following products
IMPORTANT patches for April
MS15-036 – SharePoint Server- elevation of privilege
operating system/application: SharePoint Server 2010SP2 and SharePoint Server 2013SP1.
No public exploits are currently known
MS15-037 – Windows task scheduler – elevation of privilege
Operating system/application Windows 7; Server 2008R2 (including server core installations)
No public exploits are currently known
MS15-038 – Windows – elevation of privilege
Operating system/application: all currently supported Windows Server and Workstation operating systems.
No public exploits are currently known
MS15-039 – Windows XML 3.0 and 6.0 core services – elevation of privilege
Operating system/application: all currently supported versions of Windows workstation and server operating systems (including server core).
No public exploits are currently known
Bulletins MS15-040, and MS15-041 are information disclosure vulnerabilities and apply to the following products
MS15-040 – Windows Active Directory Federation Services version 3.0– information disclosure
Operating system/application: Windows server 2012R2, Windows server 2012R2 (server core installation)
No public exploits are currently known
MS15-041 – Windows .NET framework – information disclosure
Operating systems/application:
Windows Server 2003 SP1 and 2 – framework 1.1, 2.0, 4
Windows Server 2003 x64 SP2 – framework 2.0 and 4.;
Windows Server 2003 Itanium – 2.0 and 4.
Windows Vista SP2 – 2.0, 4, 4.5/4.51/4.52
Windows Vista x64 SP2 – 2.0, 4, 4.5/4.51/4.52
Windows Server 2008 (32 bit) SP2 – 2.0, 4, 4.5/4.51/4.52
Windows Server 2008 (64 bit) SP2 – 2.0, 4, 4.5/4.51/4.52
Windows Server 2008 Itanium SP2 – 2.0, 4, 4.5/4.51/4.52
Windows 7 (32 bit) SP1 – 3.51, 4, 4.5/4.51/4.52
Windows 7 (64 bit) SP1 – 3.51, 4, 4.5/4.51/4.52
Windows Server 2008 R2 (64 bit) SP1 – 3.51, 4, 4.5/4.51/4.52
Windows Server 2008 R2 Itanium SP1 – 3.51, 4
Windows 8 (32 bit) – 3.5, 4.5/4.51/4.52
Windows 8 (64 bit) – 3.5, 4.5/4.51/4.52
Windows 8.1 (32 bit) – 3.5, 4.51/4.52
Windows 8.1 (64 bit) – 3.5, 4.51/4.52
Windows Server 2012 – 3.5, 4.5/4.51/4.52
Windows Server 2012 R2 – 3.5, 4.5/4.51/4.52
Windows RT – 4.5/4.51/4.52
Windows RT 8.1 – 4.51/4.52
Server core installations
Windows Server 2008 R2 SP1 – 3.51, 4, 4.5/4.51/4.52
Windows Server 2012 – 3.5, 4.5/4.51/4.52
Windows Server 2012 R2 – 3.5, 4.51/4.52
Bulletin MS15-042 is a patch for a denial of service vulnerability in Windows Hyper-V
MS15-042 – Windows Hyper-V – denial of service
Operating systems/application: Windows workstation 8.1, Windows Server 2012 R2 (including server core)
No public exploits currently known
Update: Adobe has a patch for flash that was released on 4/14 also. The details are available at https://helpx.adobe.com/security/products/flash-player/apsb15-06.html The new version of flash should be 17.0.0.169.
Update2 April 16 8:00 a.m.
From everything I am reading this morning, the vulnerabilities associated with Microsoft patch MS15-034 are being tested with proof of concept code. The code is generally limited to denial of service attacks as of this time.
If any of you have IIS on your production servers I suggest you consider disabling kernel caching as soon as possible and apply the patch during maintenance intervals. Kernel caching is enabled by default for IIS version 7.