Microsoft updates for May 2015

I have update KB3022345 I downloaded it on 5-2-2015. I just tested it by plugging in a flash drive and I don't get a pop-up saying "USB Device Not Recognized"

 

KB 3054476 -- According to Microsoft, this update for stream.sys driver-based applications in Windows 7 or Windows Server 2008 R2 "helps Microsoft improve the experiences when users run stream.sys driver-based applications in Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 SP1, such as the performance and the quality improvements."

 

Article ID: 3050514 ><<This security update resolves a vulnerability in Microsoft Windows that could allow security feature bypass if an attacker logs on to an affected system and runs a specially crafted application >><

How does an attacker log on to my system and run a specially crafted application without my knowledge...?

Article ID: 3051768 ><<This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote, unauthenticated attacker convinces a user to open a share that contains a specially crafted .msc file. However, an attacker would have no way of forcing a user to visit the share or view the file.>><

Doh! attacker has no way to force user .... So, WTF is the vulnerability. What's an unauthenticated attacker vs an authenticated attacker
Good thing there's an update to resolve this vulnerability .....
So, the vulnerability is a compliant user....?

 

Article ID: 3055642 ><< This security update resolves a vulnerability in Windows Service Control Manager (SCM). This vulnerability is caused when SCM incorrectly verifies impersonation levels. The vulnerability could allow elevation of privilege if an attacker can first log on to the system and then run a specially crafted application that is designed to increase privileges >><

So, how does an attacker log on to my system and run a specially crafted application without my knowledge..?
Is this a real world threat...?

Article ID: 3061518 ><<This security update resolves a vulnerability in Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DHE) key length of 512 bits in an encrypted Transport Layer Security (TLS) session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. For an attack to be successful, a server has to support 512-bit DHE key lengths. Windows TLS servers send a default DHE key length of 1,024 bits >><

So, does my traffic come in contact with servers that supports 512-bit DHE key lengths.
Is this a real world threat..?

 

If an authenticated user runs malware, or a vulnerability is exploited.

 

Hi MrB
Please clarify = authenticated user. Is that a user that logs in legally. Or, I allow remote access.
Sorry, I'm so thick....
An exploited vulnerability allows an attacker to log in to my machine.... from somewhere and run malware... ? What about my anti-executable whitelist.
Um, and I won't know that malware is running or has been run...? Some form of Spyware.
Presumably this attack can only happen when pwr on.
The attacker would have to get through my router and firewall and my toys.
Presumably when I'm sitting in front of my machine...?

 

@bjm: From Zero-Day Vulnerabilities and What it Means to Your Organization:

However, if a vulnerability is exploited, then the code running could be running in the context of a user who has already authenticated (with a password, biometrics, etc.), so there needn't be an extra authentication step. You'll often see this text used by Microsoft for many of their vulnerabilities: "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights." Example: https://technet.microsoft.com/en-us/library/security/ms13-068.aspx.

Your anti-executable could be very useful because it could block non-initial execution stage(s) of an exploit.

 

Hi MrB
and I thought as a piddly little fish ... no one would have their sites on little ol' me....guess, I better install those four updates.

 

Microsoft releases info on which vulnerabilities it believes are most likely to be exploited. See section "Exploitability Index" at https://technet.microsoft.com/library/security/ms15-may, for example.

 

Yeah, I get the mailer. Just those darn bork'd updates has me examining and scrutinizing each one until they're too wore out to bork. Noted though, some of these vulnerabilities take years to be patched. and
Admittedly, I've never read the Microsoft Exploitability Index
Just some of these updates seem superfluous. Like the monthly MSRT.
Cheers

 

Microsoft issues patch KB 3065979 to fix Win7 GDI+ drawing problems brought on by KB 3045171

The author notes that it's not known if you will need to apply this patch manually.

 

Microsoft confirms patch KB 3022345 breaks SFC /scannow

 

Took them long enough to acknowledge this. I ran SFCFix over a week ago to correct this: http://thetechcookbook.com/automatic-sfc-corruption-repair-sfcfix-exe/

 

From MS-DEFCON 5: Time to get patched: