Exploring the Future Potential of AI-Enabled Smartphone Processors
Patch Tuesday Analysis - September 2015
1. Chris Goettl
Sr. Product Manager
Minimizing the Impact of Patch Tuesday
Wednesday, September 9th, 2015
Dial In: 1-855-749-4750 (US)
Attendees: 929 797 333
2. Shavlik Confidential
Feel free to ask questions via the online Q&A link in the WebEx
interface.
Questions may be answered during the presentation.
Unanswered questions will be resolved via email after the
presentation is over.
A copy of this presentation will be available at
http://www.shavlik.com/webinars/ after the webinar.
2
Logistics
3. Shavlik Confidential
September 2015 Patch Tuesday Overview
Review September 2015 Security Bulletins
Patch Recommendations
Other patches released since last Patch Tuesday
3
Agenda
4. Shavlik Confidential
12 Microsoft Security Bulletins / 56 Vulnerabilities Addressed
Adobe Shockwave Bulletin / 2 Vulnerabilities Addressed
Affected Products:
All supported Windows operating systems (Including Windows 10)
Internet Explorer, Edge
Microsoft Office 2010, 2013
.Net Framework
Microsoft Lync
Sharepoint
Exchange Server
Skype for Business
Lync Server
Adobe Shockwave
4
Patch Tuesday Overview for September 2015
5. Shavlik Confidential
Security Bulletins:
5 bulletin is rated as Critical.
7 bulletins are rated as Important.
Vulnerability Impact:
6 bulletins address vulnerabilities that could allow Remote Code Execution.
3 bulletins address vulnerabilities that could allow Elevation of Privileges.
1 bulletin addresses a vulnerability that could allow Information Disclosure.
1 bulletin addresses a vulnerability that could allow a Denial of Service attack.
1 bulletin addresses a vulnerability that could allow Security Feature Bypass.
5
Overview for Microsoft September 2015
6. Shavlik Confidential
Security Bulletins:
Adobe Shockwave (Priority 1)
Vulnerability Impact:
Adobe Shockwave resolves 2 vulnerabilities including Code Execution.
6
Overview for 3rd Party Vendors September 2015
7. Shavlik Confidential
Maximum Severity: Critical
Affected Products: Windows 10, Internet Explorer, Edge, .Net Framework
• Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in
Windows that are described in the following Microsoft security bulletins: MS15-094, MS15-095, MS15-097, MS15-098,
MS15-101, MS15-102, MS15-105. Windows 10 updates are cumulative. Therefore, this package contains all
previously released fixes.
Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass
Fixes 32 vulnerabilities:
CVE-2015-2483, CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-
2491, CVE-2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015-2501, CVE-
2015-2541, Publicly Disclosed CVE-2015-2542, CVE-2015-2485, CVE-2015-2486, CVE-2015-2494, CVE-2015-2506, CVE-2015-
2507, CVE-2015-2508, CVE-2015-2510, CVE-2015-2511, CVE-2015-2512, CVE-2015-2517, CVE-2015-2518, CVE-2015-2527,
Publicly Disclosed CVE-2015-2529, Exploited in Wild CVE-2015-2546
Replaces: CSWU-007
Restart Required: Requires Restart
7
CSWU-007: Cumulative update for Windows 10: September 8, 2015
8. Shavlik Confidential
Maximum Severity: Critical
Affected Products: Internet Explorer
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the
vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.
Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those
who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 17 vulnerabilities:
CVE-2015-2483, CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-
2015-2490, CVE-2015-2491, CVE-2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-
2499, CVE-2015-2500, CVE-2015-2501, CVE-2015-2541, Publicly Disclosed CVE-2015-2542
Replaces: 3087985 in MS15-093, 3081444 in MS15-093
Restart Required: Requires Restart
8
MS15-094: Cumulative Security Update for Internet Explorer (3089548)
9. Shavlik Confidential
Maximum Severity: Critical
Affected Products: Windows, Edge
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities
could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who
successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose
accounts are configured to have fewer user rights on the system could be less impacted than those who operate with
administrative user rights.
Impact: Remote Code Execution
Fixes 4 vulnerabilities:
CVE-2015-2485, CVE-2015-2486, CVE-2015-2494, Publicly Disclosed CVE-2015-2542
Replaces: 3081444,
Restart Required: Requires Restart
9
MS15-095: Cumulative Security Update for Microsoft Edge (3089665)
10. Shavlik Confidential
Maximum Severity: Critical
Affected Products: Windows, Office, Lync
Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft
Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted
document or visits an untrusted webpage that contains embedded OpenType fonts.
Impact: Remote Code Execution
Fixes 11 vulnerabilities:
CVE-2015-2506, CVE-2015-2507, CVE-2015-2508, CVE-2015-2510, CVE-2015-2511, CVE-2015-2512, CVE-
2015-2517, CVE-2015-2518, CVE-2015-2527, Publicly Disclosed CVE-2015-2529, Exploited in Wild CVE-2015-
2546
Replaces: 3079904 in MS15-078, 2957503 in MS14-036, 3081444,
Restart Required: May Require Restart
10
MS15-097: Vulnerabilities in Microsoft Graphics Component Could Allow
Remote Code Execution (3089656)
11. Shavlik Confidential
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the
vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose
accounts are configured to have fewer user rights on the system could be less impacted than users who operate with
administrative user rights.
Impact: Remote Code Execution
Fixes 5 vulnerabilities:
CVE-2015-2513, CVE-2015-2514, CVE-2015-2516, CVE-2015-2519, CVE-2015-2530
Replaces: 3046002 in MS15-045, 3081444
Restart Required: May Require Restart
11
MS15-098: Vulnerabilities in Windows Journal Could Allow Remote
Code Execution (3089669)
12. Shavlik Confidential
Maximum Severity: Critical
Affected Products: Office, Sharepoint
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities
could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who
successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose
accounts are configured to have fewer user rights on the system could be less impacted than those who operate with
administrative user rights.
Impact: Remote Code Execution
Fixes 5 vulnerabilities:
CVE-2015-2520, CVE-2015-2521, CVE-2015-2522, CVE-2015-2523, Exploited in Wild CVE-2015-2545
Replaces: 2863812 in MS15-059, 3054992 in MS15-081, 2863817 in MS15-059,
3055044 inMS15-081
Restart Required: May Require Restart
12
MS15-099: Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution (3089664)
13. Shavlik Confidential
Maximum Severity: Priority 1
Affected Products: Shockwave Player
Description: Adobe has released a security update for Adobe Shockwave Player. This update addresses critical
vulnerabilities that could potentially allow an attacker to take control of the affected system.
Impact: Code Execution
Fixes 2 vulnerabilities:
CVE-2015-6680, CVE-2015-6681
Replaces: 12.1.9.160 and earlier versions
Restart Required:
13
APSB15-22: Security update available for Adobe Shockwave Player
14. Shavlik Confidential
Maximum Severity: Important
Affected Products: Microsoft Windows
Description: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of
service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must
have an account that has privileges to join machines to the domain.
Impact: Denial of Service
Fixes 1 vulnerabilities:
CVE-2015-2535
Replaces: 2923392 in MS14-016,
Restart Required: Requires Restart
14
MS15-096: Vulnerability in Active Directory Service Could Allow Denial
of Service (3072595)
15. Shavlik Confidential
Maximum Severity: Important
Affected Products: Microsoft Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow
remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references
malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current
user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than
those who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 1 vulnerabilities:
Publicly Disclosed CVE-2015-2509
Replaces: None
Restart Required: May Require Restart
15
MS15-100: Vulnerability in Windows Media Center Could Allow
Remote Code Execution (3087918)
16. Shavlik Confidential
Maximum Severity: Important
Affected Products: Microsoft Windows, .Net Framework
Description: This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the
vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all
cases, an attacker would have no way to force users to run the application; an attacker would have to convince users
to do so.
Impact: Elevation of Privilege
Fixes 2 vulnerabilities:
Publicly Disclosed CVE-2015-2504, CVE-2015-2526
Replaces: 3074541 – 2656374 inMS12-025, 3074554, 3074233
Restart Required: Does Not Require Restart
16
MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of
Privilege (3089662)
17. Shavlik Confidential
Maximum Severity: Important
Affected Products: Microsoft Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow
elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Impact: Elevation of Privilege
Fixes 3 vulnerabilities:
CVE-2015-2524, CVE-2015-2525, CVE-2015-2528
Replaces: 2988948 in MS14-054, 3081444
Restart Required: Does Not Require Restart
17
MS15-102: Vulnerabilities in Windows Task Management Could Allow
Elevation of Privilege (3089657)
18. Shavlik Confidential
Maximum Severity: Important
Affected Products: Exchange Server
Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the
vulnerabilities could allow information disclosure if Outlook Web Access (OWA) fails to properly handle web requests,
and sanitize user input and email content.
Impact: Information Disclosure
Fixes 3 vulnerabilities:
CVE-2015-2505, CVE-2015-2543, CVE-2015-2544
Replaces: 3062157 in MS15-064
Restart Required: May Require Restart
18
MS15-103: Vulnerabilities in Microsoft Exchange Server Could Allow
Information Disclosure (3089250)
19. Shavlik Confidential
Maximum Severity: Important
Affected Products: Skype for Business, Lync Server
Description: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server.
The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL. An
attacker would have to convince users to click a link in an instant messenger or email message that directs them to an
affected website by way of a specially crafted URL.
Impact: Elevation of Privilege
Fixes 3 vulnerabilities:
CVE-2015-2531, CVE-2015-2532, CVE-2015-2536
Replaces: 2982390 in MS14-055
Restart Required: Does Not Require Reboot
19
MS15-104: Vulnerabilities in Skype for Business Server and Lync
Server Could Allow Elevation of Privilege (3089952)
20. Shavlik Confidential
Maximum Severity: Important
Affected Products: Hyper-V
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow
security feature bypass if an attacker runs a specially crafted application that could cause Windows Hyper-V to
incorrectly apply access control list (ACL) configuration settings. Customers who have not enabled the Hyper-V role
are not affected.
Impact: Security Feature Bypass
Fixes 1 vulnerabilities:
CVE-2015-2534
Replaces: 3081444
Restart Required: Does Not Require Reboot
20
MS15-105: Vulnerability in Windows Hyper-V Could Allow Security
Feature Bypass (3091287)
23. Shavlik Confidential23
Patch Day Summary
Company Bulletin Software Affected CVE Count Vulnerability Impact Vendor Severity Threat Risk Notes
Microsoft MS15-094
Microsoft Windows, Internet
Explorer
17 Remote Code Execution Critical MediumHigh Publicly disclosed CVE-2015-2542
Microsoft MS15-095 Microsoft Windows, Edge 4 Remote Code Execution Critical MediumHigh Publicly disclosed CVE-2015-2542
Microsoft MS15-096 Microsoft Windows 1 Denial of Service Important Medium
Microsoft
MS15-097
Microsoft Windows, Office,
Lync
11 Remote Code Execution Critical High
Publicly disclosed and Exploited in Wild CVE-2015-
2546, Publicly disclosed CVE-2015-2529
Microsoft MS15-098 Microsoft Windows 5 Remote Code Execution Critical MediumHigh
Microsoft
MS15-099
Microsoft Office,
SharePoint
5 Remote Code Execution Critical High Exploited in Wild CVE-2015-2545
Microsoft MS15-100 Microsoft Windows 1 Remote Code Execution Important MediumHigh Publicly disclosed CVE-2015-2509
Microsoft
MS15-101
Microsoft Windows, .Net
Framework
2 Elevation of Privilege Important MediumHigh Publicly disclosed CVE-2015-2504
Microsoft MS15-102 Microsoft Windows 3 Elevation of Privilege Important Medium
Microsoft MS15-103 Microsoft Exchange Server 3 Information Disclosure Important Medium
Microsoft
MS15-104
Skype for Business, Lync
Server
3 Elevation of Privilege Important Medium
Microsoft MS15-105 Microsoft Windows 1 Security Feature Bypass Important Medium
Adobe APSB15-22 Shockwave 2 Code Execution Priority 1 MediumHigh
25. Shavlik Confidential
• Server 2003 End of Life - http://blog.shavlik.com/server-2003-end-life-September-14-2015-
whats-plan/
• We are looking for Protect 9.2 Field Test and Beta Test customers. If you are interested in a
demo of what is coming and participating in the test process contact Beta@Shavlik.com.
• Slide deck and video playback available here: www.shavlik.com/Webinars
• Sign up for next months Patch Tuesday Webinar and view webinar playbacks:
http://www.shavlik.com/webinars/
• Sign up for Content Announcements:
• Email http://www.shavlik.com/support/xmlsubscribe/
• RSS http://protect7.shavlik.com/feed/
• Twitter @ShavlikXML
• Follow us on:
• Shavlik on LinkedIn
• Twitter @ShavlikProtect
• Shavlik blog -> www.shavlik.com/blog
• Chris Goettl on LinkedIn
• Twitter @ChrisGoettl
25
Resources and Webinars
Editor's Notes
5 public disclosures (across 4 bulletins) and 1 exploited in wild in Microsoft release
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Public Disclosure: CVE-2015-2542, CVE-2015-2529
Exploited in Wild: CVE-2015-2546
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Public Disclosure: CVE-2015-2542
An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from these vulnerabilities.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Public Disclosure: CVE-2015-2542
An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from these vulnerabilities.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Public Disclosure and Exploited in Wild: CVE-2015-2546
To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
Public Disclosure: CVE-2015-2529
An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.
Known Issues: https://support.microsoft.com/en-us/kb/3086255
After you install this security update, some programs may not run. (For example, some video games may not run.) To work around this issue, you can temporarily turn on the service for the secdrv.sys driver by running certain commands, or by editing the registry. Note When you no longer require the service to be running, we recommend that you turn off the service again. Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Shavlik did not release variations for Windows 8 x86/x64 and Server 2012 Gold due to issues encountered during testing. The ONLY scenario that worked without issue was a complete clean install with no patches applied yet. Shavlik has opened a ticket with Microsoft and will add support for these variations after a re-release.
For an attack to be successful, the vulnerabilities require that a user open a specially crafted Journal file with an affected version of Windows Journal. In an email attack scenario, an attacker could exploit the vulnerabilities by sending a specially crafted Journal file to the user and by convincing the user to open the file. The update addresses the vulnerabilities by modifying how Windows Journal parses Journal files.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Exploited in Wild: CVE-2015-2545
This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker could host a specially crafted website containing an Office file that is designed to exploit the vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.
If Microsoft Word is the selected email reader, which is the default setting, then an attacker could leverage Outlook for an email-based attack by sending a specially crafted file, containing an EPS image binary, to the targeted user. In this scenario this attack vector requires minimal user action (as in viewing a specially crafted email through the preview pane in Outlook) to be exploited.
Workstations and terminal servers that have Microsoft Office installed are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Public Disclosure: CVE-2015-2509
To exploit this vulnerability, an attacker must entice a user to install the .mcl file on the local machine. Malicious code referenced by the .mcl file could then be executed from an attacker-controlled location. The security update addresses the vulnerability by correcting how Media Center link files are handled.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
There will likely be multiple variations of MS15-101 missing on a given machine.
Public Disclosure: CVE-2015-2504
There are two attack scenarios possible for exploiting this vulnerability: a web browsing scenario and a Windows .NET application bypass of Code Access Security (CAS) restrictions. These scenarios are described as follows:
Web browsing attack scenario An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Windows .NET applications attack scenario This vulnerability could also be used by Windows .NET Framework applications to bypass Code Access Security (CAS) restrictions.
There are two types of systems at risk, which are described as follows:
Web browsing scenario Successful exploitation of this vulnerability requires a user to be logged on and visiting websites using a web browser capable of instantiating XBAPs. Therefore, any systems where a web browser is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability. Servers could be at more risk if administrators allow users to browse and read email on servers. However, best practices strongly discourage allowing this.
Windows .NET applications Workstations and servers that run untrusted Windows .NET Framework applications are also at risk from this vulnerability.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 3. Consider this update for testing and rollout when convenient.
Note:
Some 3rd party updates may be non-security, but are still classified in Protect as Security. This is due to the fact that the step from current to this version September include security fixes based on the version currently on a machine. It would only be considered non-security if you were up to the latest version before the non-security release was made available.
Windows 10 Cumulatives:
CSWU-004 – No additional security fixes
CSWU-005 - MS15-093: Security update for Internet Explorer: August 18, 2015
CSWU-006 – No additional security fixes
MS15-087 – Added support for UDDI 2012, 2013, 2013 R2
MS15-080 – Re-release for Vista, 2008, 7, 2008 R2
MS15-080 – Added support for 2003 for Custom Content subscribers
Added support for products:
Splunk Universal Forwarder, Boxy Sync 4,