Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-005: Vulnerability in Network Location Awareness service could allow security feature bypass: January 13, 2015


View products that this article applies to.

Summary

This security update resolves a vulnerability in Microsoft Windows that could allow security feature bypass by unintentionally relaxing the firewall policy or configuration of certain services. This unintentional behavior occurs when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic that is initiated by the victim.

↑ Back to the top


Introduction

Microsoft has released security bulletin MS15-005. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Note Windows Server 2003 is affected, but an update is not being issued for it. See the Update FAQ of bulletin MS15-005 for more information.

Security update deployment information

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Vista:
Windows6.0-KB3022777-x86.msu
For all supported x64-based editions of Windows Vista:
Windows6.0-KB3022777-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYes, you must restart your system after you apply this security update.

Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3022777
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3022777-x86.msu
For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3022777-x64.msu
For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3022777-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYes, you must restart your system after you apply this security update.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3022777
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 7:
Windows6.1-KB3022777-x86.msu
For all supported x64-based editions of Windows 7:
Windows6.1-KB3022777-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYes, you must restart your system after you apply this security update. Or, you can stop the nlasvc service, apply the security update, and then start the nlasvc service.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3022777
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3022777-x64.msu
For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3022777-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYes, you must restart your system after you apply this security update.

Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3022777
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 8:
Windows8-RT-KB3022777-x86.msu
For all supported x64-based editions of Windows 8:
Windows8-RT-KB3022777-x64.msu
For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3022777-x86.msu
For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3022777-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYes, you must restart your system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3022777
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Windows Server 2012:
Windows8-RT-KB3022777-x64.msu
For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3022777-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementYes, you must restart your system after you apply this security update.
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3022777
Registry key verificationNote A registry key does not exist to validate the presence of this update.

↑ Back to the top


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.


Windows Vista and Windows Server 2008 file information
  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6002.19xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.0.6002.1925093,18406-Dec-201403:14x86
Nlaapi.dll6.0.6002.1925048,64006-Dec-201403:14x86
Nlasvc.dll6.0.6002.19250174,08006-Dec-201403:14x86
Ncsi.dll6.0.6002.2355793,18406-Dec-201402:51x86
Nlaapi.dll6.0.6002.2355748,64006-Dec-201402:51x86
Nlasvc.dll6.0.6002.23557174,59206-Dec-201402:51x86

For all supported x64-based versions of Windows Vista and Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.0.6001.18000109,05619-Jan-200808:03x64
Nlaapi.dll6.0.6002.1925061,44006-Dec-201402:54x64
Nlasvc.dll6.0.6002.19250205,82406-Dec-201402:54x64
Ncsi.dll6.0.6002.23557109,05606-Dec-201402:35x64
Nlaapi.dll6.0.6002.2355761,44006-Dec-201402:36x64
Nlasvc.dll6.0.6002.23557206,84806-Dec-201402:36x64
Ncsi.dll6.0.6002.1925093,18406-Dec-201403:14x86
Nlaapi.dll6.0.6002.1925048,64006-Dec-201403:14x86
Ncsi.dll6.0.6002.2355793,18406-Dec-201402:51x86
Nlaapi.dll6.0.6002.2355748,64006-Dec-201402:51x86

For all supported IA-64-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.0.6001.18000269,82419-Jan-200808:29IA-64
Nlaapi.dll6.0.6001.18000150,01619-Jan-200808:29IA-64
Nlasvc.dll6.0.6002.19250451,58406-Dec-201402:38IA-64
Ncsi.dll6.0.6002.23557269,31206-Dec-201402:15IA-64
Nlaapi.dll6.0.6002.23557150,01606-Dec-201402:15IA-64
Nlasvc.dll6.0.6002.23557452,60806-Dec-201402:15IA-64
Ncsi.dll6.0.6002.1925093,18406-Dec-201403:14x86
Nlaapi.dll6.0.6002.1925048,64006-Dec-201403:14x86
Ncsi.dll6.0.6002.2355793,18406-Dec-201402:51x86
Nlaapi.dll6.0.6002.2355748,64006-Dec-201402:51x86

Windows 7 and Windows Server 2008 R2 file information
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7601.18xxxWindows 7 and Windows Server 2008 R2SP1GDR
    6.1.7601.22xxxWindows 7 and Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.1.7601.17964156,67203-Oct-201216:42x86
Nlaapi.dll6.1.7601.1796452,22403-Oct-201216:42x86
Nlasvc.dll6.1.7601.18685242,68806-Dec-201403:50x86
Nlasvc.ptxmlNot Applicable2,49413-Jul-200920:54Not Applicable
Ncsi.dll6.1.7601.22893162,30406-Dec-201404:18x86
Nlaapi.dll6.1.7601.2213752,22418-Oct-201219:37x86
Nlasvc.dll6.1.7601.22893242,68806-Dec-201404:18x86
Nlasvc.ptxmlNot Applicable2,49413-Jul-200920:54Not Applicable

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.1.7601.17964216,57603-Oct-201217:44x64
Nlaapi.dll6.1.7601.1796470,65603-Oct-201217:44x64
Nlasvc.dll6.1.7601.18685303,61606-Dec-201404:17x64
Nlasvc.ptxmlNot Applicable2,49403-Oct-201211:47Not Applicable
Ncsi.dll6.1.7601.22893223,74406-Dec-201404:31x64
Nlaapi.dll6.1.7601.2213770,65618-Oct-201220:31x64
Nlasvc.dll6.1.7601.22893303,61606-Dec-201404:31x64
Nlasvc.ptxmlNot Applicable2,49418-Oct-201214:47Not Applicable
Ncsi.dll6.1.7601.17964156,67203-Oct-201216:42x86
Nlaapi.dll6.1.7601.1796452,22403-Oct-201216:42x86
Ncsi.dll6.1.7601.22893162,30406-Dec-201404:18x86
Nlaapi.dll6.1.7601.2213752,22418-Oct-201219:37x86
Ncsi.dll6.1.7601.18685156,67206-Dec-201403:50x86
Nlaapi.dll6.1.7601.1868552,22406-Dec-201403:50x86
Wow64_nlasvc.ptxmlNot Applicable2,49406-Dec-201401:07Not Applicable
Ncsi.dll6.1.7601.22893162,30406-Dec-201404:18x86
Nlaapi.dll6.1.7601.2289352,22406-Dec-201404:18x86
Wow64_nlasvc.ptxmlNot Applicable2,49406-Dec-201401:08Not Applicable

For all supported IA-64-based versions of Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.1.7601.17964480,76803-Oct-201216:30IA-64
Nlaapi.dll6.1.7601.18685156,67206-Dec-201403:30IA-64
Nlasvc.dll6.1.7601.18685603,64806-Dec-201403:30IA-64
Nlasvc.ptxmlNot Applicable2,49403-Oct-201211:40Not Applicable
Ncsi.dll6.1.7601.22893485,88806-Dec-201403:19IA-64
Nlaapi.dll6.1.7601.22893156,67206-Dec-201403:19IA-64
Nlasvc.dll6.1.7601.22893603,64806-Dec-201403:19IA-64
Nlasvc.ptxmlNot Applicable2,49418-Oct-201214:40Not Applicable
Ncsi.dll6.1.7601.18685156,67206-Dec-201403:50x86
Nlaapi.dll6.1.7601.1868552,22406-Dec-201403:50x86
Wow64_nlasvc.ptxmlNot Applicable2,49406-Dec-201401:07Not Applicable
Ncsi.dll6.1.7601.22893162,30406-Dec-201404:18x86
Nlaapi.dll6.1.7601.2289352,22406-Dec-201404:18x86
Wow64_nlasvc.ptxmlNot Applicable2,49406-Dec-201401:08Not Applicable

Windows 8 and Windows Server 2012 file information
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.2.920 0.17 xxxWindows 8 and Windows Server 2012RTMGDR
    6.2.920 0.21 xxxWindows 8 and Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.2.9200.17199284,16006-Dec-201406:09x86
Nlaapi.dll6.2.9200.1719955,29606-Dec-201406:09x86
Nlasvc.dll6.2.9200.17199287,23206-Dec-201406:09x86
Nlasvc.ptxmlNot Applicable4,07520-Sep-201201:48Not Applicable
Ncsi.dll6.2.9200.20623283,13602-Feb-201307:03x86
Nlaapi.dll6.2.9200.1638455,29626-Jul-201203:19x86
Nlasvc.dll6.2.9200.21316286,72006-Dec-201405:41x86
Nlasvc.ptxmlNot Applicable4,07525-Jul-201220:36Not Applicable

For all supported x64-based versions of Windows 8 and Windows Server 2012

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.2.9200.17199384,00006-Dec-201407:52x64
Nlaapi.dll6.2.9200.1719972,19206-Dec-201407:52x64
Nlasvc.dll6.2.9200.17199357,37606-Dec-201407:52x64
Nlasvc.ptxmlNot Applicable4,07520-Sep-201201:45Not Applicable
Ncsi.dll6.2.9200.20623385,02402-Feb-201306:54x64
Nlaapi.dll6.2.9200.1638472,19226-Jul-201203:06x64
Nlasvc.dll6.2.9200.21316356,35206-Dec-201406:41x64
Nlasvc.ptxmlNot Applicable4,07525-Jul-201220:32Not Applicable
Nlaapi.dll6.2.9200.1719955,29606-Dec-201406:09x86
Wow64_nlasvc.ptxmlNot Applicable4,07502-Feb-201303:12Not Applicable
Nlaapi.dll6.2.9200.2062355,29602-Feb-201307:03x86
Wow64_nlasvc.ptxmlNot Applicable4,07502-Feb-201301:41Not Applicable

Windows 8.1 and Windows Server 2012 R2 file information

For all supported x86-based versions of Windows 8.1

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.3.9600.17550273,40806-Dec-201402:36x86
Nlaapi.dll6.3.9600.1741565,53629-Oct-201401:01x86
Nlasvc.dll6.3.9600.17550314,88006-Dec-201401:28x86
Nlasvc.ptxmlNot Applicable4,07521-Aug-201323:41Not Applicable

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatform
Ncsi.dll6.3.9600.17550360,44806-Dec-201403:17x64
Nlaapi.dll6.3.9600.1741586,01629-Oct-201401:24x64
Nlasvc.dll6.3.9600.17550391,68006-Dec-201401:41x64
Nlasvc.ptxmlNot Applicable4,07522-Aug-201306:46Not Applicable
Nlaapi.dll6.3.9600.1741565,53629-Oct-201401:01x86
Wow64_nlasvc.ptxmlNot Applicable4,07521-Aug-201323:41Not Applicable

File hash information
Windows6.0-KB3022777-ia64.msu8B670AB57FB1D43B45006916F6EB9AF7AD12080F65886D03A6303BDDC0DC3F23413EB54A8566B629ED86371D01CB92BD6A3D31CF
Windows6.0-KB3022777-x86.msu52E88D1C428F9A0160BA895352FDAF3BE6EE0263050D2486826CC32137069FE36750D057459453A93E1885759F0AD1A65D4E7A0A
Windows6.1-KB3022777-ia64.msu34190DCAADA37F7143458108408AE8388D83020D6BD9D29C3D965A379B9CCBCBB09575599D5BD588CCA2119E9FFF60E627479FE1
Windows6.1-KB3022777-x86.msu8F68CAD0FDCF82B019582C0FDF1EECD1CBA672CD3F8DC08D1113BDD2E56546E4EACC6F7F1A4ED7B55A03B627E1BDAB616468A18B
Windows8.1-KB3022777-x86.msuBC3EEA48322EA52C9FC2B25D616BCE242A19C03F45883E63E92BEBC3E552258426248CB23E42692EFF6AD5D14E44C6173A1B5476
Windows8-RT-KB3022777-x86.msuDCE15556E802A436FCA33F4745EC96D9D9033757613CA55BE4BACAA23D50BFD74BDA342CF6FBDA297E1C787EA0A010B4B284ECC3
File nameSHA1 hashSHA256 hash

↑ Back to the top


Applies to:

↑ Back to the top

Keywords: kb, atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew

↑ Back to the top

Article Info
Article ID : 3022777
Revision : 1
Created on : 1/7/2017
Published on : 1/13/2015
Exists online : False
Views : 319