Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-019: Vulnerability in VBScript Scripting Engine could allow remote code execution: March 10, 2015


View products that this article applies to.

Summary

This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on by using administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then do the following:
  • Install programs
  • View, change, or delete data
  • Create new accounts that have full user rights 

↑ Back to the top


Introduction

Microsoft has released security bulletin MS15-019. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.

  • 3030630 MS15-019: Description of the security update for VBScript 5.8 Scripting Engine: March 10, 2015
  • 3030398 MS15-019: Description of the security update for VBScript 5.7 Scripting Engine: March 10, 2015
  • 3030403 MS15-019: Description of the security update for VBScript 5.6 Scripting Engine: March 10, 2015
Security update deployment information

Windows Server 2003 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor VBScript 5.6 on all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB3030403-x86-ENU.exe
For VBScript 5.6 on all supported x64-based editions of Windows Server 2003:
WindowsServer2003-KB3030403-x64-ENU.exe
For VBScript 5.6 on all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB3030403-ia64-ENU.exe
For VBScript 5.7 on all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB3030398-x86-ENU.exe
For VBScript 5.7 on all supported x64-based editions of Windows Server 2003:
WindowsServer2003-KB3030398-x64-ENU.exe
For VBScript 5.7 on all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB3030398-ia64-ENU.exe
Installation switchesSee Microsoft Knowledge Base Article 262841
Update log fileFor VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
KB3030403.log
For VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
KB3030398.log
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal informationFor VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3030403$\Spuninst folder.
For VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3030398$\Spuninst folder.
File informationSee the file information section
Registry key verificationFor VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3030403\Filelist
For VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3030398\Filelist

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor VBScript 5.7 on all supported 32-bit editions of Windows Vista:
Windows6.0-KB3030398-x86.msu
For VBScript 5.7 on all supported x64-based editions of Windows Vista:
Windows6.0-KB3030398-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee the file information section
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor VBScript 5.7 on all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3030398-x86.msu
For VBScript 5.7 on all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3030398-x64.msu
For VBScript 5.7 on all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3030398-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee the file information section
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor VBScript 5.8 on all supported Server Core installations of x64-based editions of Windows Server 2008 R2 only:
Windows6.1-KB3030630-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.
File informationSee the file information section
Registry key verificationNote A registry key does not exist to validate the presence of this update.

↑ Back to the top


File information

File hash information
File nameSHA1 hashSHA256 hash
Windows6.0-KB3030398-ia64.msu3D87F12976EDED901C6AAFE0499F7E2A5960A14CC22B85FFBFAAF5E7AC00CB02E3FD334C34EE556B41C7C152F152F67FA2956675
Windows6.0-KB3030398-x64.msuE322000F8335D0735225712DCDA4E237907E7EE31554428862323AE4AB03F553CE9CF88E6390CE053FD69843BB4C322B073F9879
Windows6.0-KB3030398-x86.msuAF2901597239D343E96C9181F6BD6734C83FC2BF088BA031DA86AD4D0B1EC1C2121E611D3C7581F44272A01530A87FF0963B1CFB
Windows6.1-KB3030630-x64.msu6E3B21D1196C6B50D78169E07C789146096DB05E89BE07772EE18813B6DFBE8B0D8E7FDCD4C6938AD7C47B1CDDC287E5123FE7EA
WindowsServer2003-KB3030398-ia64-DEU.exe313AB49AE33A3C229D0A02B35E0687C9B33E9C390C8C2068E8FE647B44A80D253AECFBBCEDA43A6C9D8BD9778BC5BE54ED6191B9
WindowsServer2003-KB3030398-ia64-ENU.exeCFB33C25A6021850C4B0C0C7B7D4742FCC63951F91A76D425D26F8889753025525203A2A63E62B5870C67B8E80CC3DBFC32077C9
WindowsServer2003-KB3030398-ia64-FRA.exeC74F3B3E7F907EA0D6725BD4C06DBD285E5DF79D407D2E1677B0EFCAB3DBEE8E008F0E53B8D41AF3490A445B5012DC62FC90E012
WindowsServer2003-KB3030398-ia64-JPN.exe22595760F963D5017FFF28B943B787026E68958DDF9B91B4BDD80006C9DACD779E975FA1C621586F4377E0DAAE57EE5A529E6543
WindowsServer2003-KB3030398-x64-CHS.exe5F03AF8158778924F0EE08DFB568A69D829B94496A34578812463201C32DC791E14745809DAD5A970FC757BD8938134CA6A3C598
WindowsServer2003-KB3030398-x64-CHT.exe08EBECE7E3BD63EC19117C7C57C0C2BDCC68EC7E3DA5492CDDC2F19631ED56ED59440A861E17F60745C5489AC5BDBA5817F6B750
WindowsServer2003-KB3030398-x64-DEU.exeBE2C81E7FAAFA6EEE7D143E4E6176E89339D1F52AAC4EF3D53190ED0CC988AE0D22D83A9D7D3922955B5BA21A48F9A183E9C62AB
WindowsServer2003-KB3030398-x64-ENU.exeA92F1D9730016A6233A14B5FB63791459D7BDE2140D957537F47C4460D70FFF6634873CE30D0475B15D91830FFEA15BBE679F157
WindowsServer2003-KB3030398-x64-ESN.exe3FC030FAD1EBAE794065DF0FD34635123FF033C97FAF3F00C5C92E75EED4714E4027A4534354329E43CD6D7AE37CD89B250FB8D8
WindowsServer2003-KB3030398-x64-FRA.exe7B3457C96FB948778B441DEA1801F069EAC499242FB6D22DF07792EA314237C0273D02380D0891BF4ADDEE03BAA250E578CD5AD6
WindowsServer2003-KB3030398-x64-ITA.exeB2475D8851B907FD694EFAD3071ED8A4B90FECA248120F1A9F98577FCD5388A5429F91ADA0B7F632041B1635BE51CBC4792EDF63
WindowsServer2003-KB3030398-x64-JPN.exeE957B0F19871F63F5FC38B896332C824DEF8E8D014A0B1F6C5D03E738DA9E17E049092A274FD81829DD4C33BADD73DC0C543AFD4
WindowsServer2003-KB3030398-x64-KOR.exe9A1F9C329DD0F01E50398085DFC25C131782B8389245583EFB0B610750F101C2FB6E654AE5587EF7A8B258DAB81C14F8154EA5CA
WindowsServer2003-KB3030398-x64-PTB.exeE93629B3AB6524FC98C2199B458C5F1977E8E96CA68E9559AF2AD82435F9A79FB89D3B85ECA5A41A0487BA807AE0E4C907BDAA90
WindowsServer2003-KB3030398-x64-RUS.exe830635323DF7A8C8BE02F4A65450DF2297599B3B83803D75C72252F5C9849BF84304852C94F89AB809CD1E50CEB2CAB4DE9FE0B5
WindowsServer2003-KB3030398-x86-CHS.exe44B218A77FF61BDD6E480F2B883E4689AF4F60819E4967607C210D37E416DDFB0CB07CC3B5FD1D20FBA26F053AB3BB86286F7C7D
WindowsServer2003-KB3030398-x86-CHT.exeC4EAA80013083595C0C05EB575915AE0DB282D9818CD14AB36F5DA23B428CB2A11985EDBEC00F906CD8EF35145FE0B0E7BE8560A
WindowsServer2003-KB3030398-x86-CSY.exeD517354A6E3A746264C9A9E49DA28B2594F1BEA3F418D4FBCD981288D4509724F3D44E9F3C009842532E7924BFA7BA6972C55175
WindowsServer2003-KB3030398-x86-DEU.exeADA8D78D82C316E7A4C61F42B926BDD7AB866BE7F0D7F5C10DF8D1E7FCA6F50CF65652A4BF687A7C841553380C299A4DF94481B9
WindowsServer2003-KB3030398-x86-ENU.exe5A88FB7E9B4523C072EC2B3BE337D7A0E5C0419C9CEFA50905548A7D1F8468227808D186C40A97954BB29FC6A4DA6FF11C1C6F41
WindowsServer2003-KB3030398-x86-ESN.exe0E50042AB389C9E5657EBF82D3A8AA45A80D4CFC4012948B64D07378C3A734F445DBAA4AAD20FDFE68FACE72660C2CA7398A1F8B
WindowsServer2003-KB3030398-x86-FRA.exe33CCAAC9A3D9EA6B054989E9E5F85667F834ECB702971492B1EB2705E48CAE52CD08197DF7BAC29006FFE98A5B92540570C16723
WindowsServer2003-KB3030398-x86-HUN.exe7A72C252E2DC3B6FE5E8CDD29B43C624A6181595DABB0BC7F81D9D01F6C40F6A1D51D80F1B63580C349713BC4CEE805F68F985D6
WindowsServer2003-KB3030398-x86-ITA.exe8AEFD50AFAF9B0E75EEB6ED5B0F61D4A54026FF43937F92B31729CC442EBFA7B27211E035623C5C2C5869ED18784702B22471743
WindowsServer2003-KB3030398-x86-JPN.exeE104C611292BF7456C2533D1ADA7DCC4BCC2E472BECAFB47363860E6E987648273C93AD47155889701643A9A754C71315E39C934
WindowsServer2003-KB3030398-x86-KOR.exe251CC541FB6E2185515114A99AFC86A82868D95C68484FBEDA653F5548096FE0A0F4CB0D4BC9A6E0A159559D6276FCD2811AD303
WindowsServer2003-KB3030398-x86-NLD.exe4C32081B6AF2DA28DD65D6DF16362B29A5CBF8C10A2B19081EE7F522581558949E6FB9D2EC98B086D97108397AC94DE798DF026C
WindowsServer2003-KB3030398-x86-PLK.exe73A713C399972EEE2E7FF38FCB2ED9D1A945BF23E04C9521E7F249AD1BFDABA53411BF8422266E0CA5761B47FAD543A4EC87F163
WindowsServer2003-KB3030398-x86-PTB.exe196F95D2EAA6024302ACCAA623F95D1FC177B7BAD2E0D2BE7FDA0A757B3556B4949008C93DEB14839A252B95A287BE8ABC1773E2
WindowsServer2003-KB3030398-x86-PTG.exeDF8B9498EAB28749581F9D3AAB1AE7DBBA6AD750DC683FBEB81E0E0154E4E6FC2A6C07517F6EB73B1F48E10D7C32F14579AEAC37
WindowsServer2003-KB3030398-x86-RUS.exe40343FBB8AE8B4D363326CB725379C2DF3D2925DC834F43F3FE91CA0A31915D2EDC6C06B6928531EAEC60B13E45CD62A8D121B18
WindowsServer2003-KB3030398-x86-SVE.exeC0B02C1D4D655651044EDF335BE0095D05D4D4DB5F73DA0BD3C8DBD52419E14FF21C287B67260C81B109CD8CBED518EF6079C6CC
WindowsServer2003-KB3030398-x86-TRK.exe61C9CDF1F069E502A7496F7E5D0EA99609CF3F7E708374F12C4F7D9B6E694E4F4E72CFCB206307C163C045FEEF9F24B60F41B0F8
WindowsServer2003-KB3030403-ia64-DEU.exe608CD2DC69E8280577EF01742A6FE04F111469826D8B103144556CCFD15D626475F3EDB3B114EF621E362BFD7FC519AC92B01AE3
WindowsServer2003-KB3030403-ia64-ENU.exe0193A1145AAFD8B3636D7D0C1DEDBFEA00D5F3F161D8F103E45B75A251CABD65A6014CE39C31A26AA161F9F8D8710727FDA64646
WindowsServer2003-KB3030403-ia64-FRA.exeD85C556588999D22A65CF164CAAB3251ADFD25228C55DAFE5D83D6A36A1246B71ECE52D33174A28201A2715C97CD81CFE6D9B391
WindowsServer2003-KB3030403-ia64-JPN.exe9C803078279E47A4345A52F7743314BDF40B44E215C6A623103FBACFDD42F3C1C4DC68F49D5CCCA630A6D382E7A953C4C8294501
WindowsServer2003-KB3030403-x64-CHS.exeD1FCCC49029083405A2E21D0174B192C4D85B46AECE348636F126DB4D4D52991E686AD14BC2F1AF857CBBB3E2DAA66D7069B2B79
WindowsServer2003-KB3030403-x64-CHT.exeEA83D8F95DBB0D6D467430F4A8F5477341D79D12E6634EB9C33419317FE1BA2495E2EEAB54308CC5275E8BAA3BD50533F7A7AD73
WindowsServer2003-KB3030403-x64-DEU.exeE907DC70DD935E63598A0494FA6EE7FE715ABC43123A56AAA473B29B4DC41A99792DF976718864B8BBD0C67C4BA816DAF52DD169
WindowsServer2003-KB3030403-x64-ENU.exe16A92E459C4ED225AEA528AC8A44BBCBBD8D3A6C626339FA10AC308D9E8246FBF5DC0426095B63D2E1A454ED0C6E924CA190FE2D
WindowsServer2003-KB3030403-x64-ESN.exe09F3F4A3EE793041D7AB9C85438D0ED02679412A4DB75B541FC27E47BF1E6A6EC5127B85CCF4E1AD448A26AA5560F89A413E0B63
WindowsServer2003-KB3030403-x64-FRA.exe369D29C08E8D5F474903493A24500F6DEB1A59D842E23E4A7EB155F3A5B6837DA2211D53231D67E63E4C8C1C429A0E211A1866DA
WindowsServer2003-KB3030403-x64-ITA.exeD315E658CA16E63ED5F775431C0169E6F3759AABF7432711D026E04BEFE3A4D6FDEB16AACEBD8FD82A4D821CF463E208B7DC9C37
WindowsServer2003-KB3030403-x64-JPN.exe578C9838E30F7A6632A9ECD141A1F000944F19C0198489928DF934A43C66C58592924BA562804374F432F6387B0FFF7E9CE1BFFE
WindowsServer2003-KB3030403-x64-KOR.exe1A2E5C5999CEB283F96303EAA5325DC0E3838CDC2025EE49CFADC5B0934C2FB7B9CFBB9F7A251598CEA432CBE3FA20C76AFBD278
WindowsServer2003-KB3030403-x64-PTB.exe6D36E5EA65D8CAEC966A6749DABEDFBEDD5CA9A5BB831080127FA7F46F7DE88DCEC45391A4B82ADC2EEED11604B69376A83783DD
WindowsServer2003-KB3030403-x64-RUS.exe292C16BFE9DAFC3A07B470455B6D938533D7D2E78E5456901A91B01F7C71DE8A6ACCF33F858B0CAEFAEEFBE171803AFF814F8ADF
WindowsServer2003-KB3030403-x86-CHS.exe35944DF21CB62333A35AC28CED68E1CCCA6BF2CBE296C4E9171D304959C21A0CF19E8C14AF04E659F3001C07463DB69E8BE07A01
WindowsServer2003-KB3030403-x86-CHT.exe316C8410A20D493F780E3C9D37976F97EBE4E0F8F146706869EBDA03B53126D7F658E2E15809F0BFF409D247F2B930BADA7DDA47
WindowsServer2003-KB3030403-x86-CSY.exe723E16FEBDB4F6949A556F90933D0B771C45ECF21C7EE9A051849C10CC05141C966283719A49E6EEABE0270DD87941588F97BDC5
WindowsServer2003-KB3030403-x86-DEU.exeED38B933772BABC104F355197608BC1950A438F27ADC77DBD9FFCE70DC47F2CFF1A234B325C72A5B43E01DE82231B3DDB3C6764B
WindowsServer2003-KB3030403-x86-ENU.exeC63CDDC2D7B955E839F783AAEE0437C209D24D42C7E94E0288496E877F43C0955F6C68C0D18287BDF47DE241DA2F219AD627E70C
WindowsServer2003-KB3030403-x86-ESN.exeBCD8A91598D951AF155F222FA8774791200D2996FEF7760488C518A71E41E5304A0546E32F24D24C7652980FFD3F7B67387ED77C
WindowsServer2003-KB3030403-x86-FRA.exe3FB1C40BC759F4A04453A0ADBF9DE2014F15C2AA098E2448BAA2DE316FF12093EB2FB2AEA7135F39C7C2D6FDF96FA1DE899F082A
WindowsServer2003-KB3030403-x86-HUN.exe2B4005FCB395FD317D8A33DE0111A69B90A8B57E9BDA6F3E35BFF701493B491D24683C08895A6ED39B8ABA1ECCE5EF5C123CDB27
WindowsServer2003-KB3030403-x86-ITA.exe90B9BC292DB581CBDADDC7223F27D3A181DC23A0E7D3AFBC2EA316C975C854443F51A6E2D0704EFA6303271FF6FFCDD7E113F24A
WindowsServer2003-KB3030403-x86-JPN.exe46F1C3C5C551812F80E89DD779547228A4E1DFF5515B02626CBFCAEE61C0D5B0872819BD5BE7B0FF8B236F5C2447287059087F8D
WindowsServer2003-KB3030403-x86-KOR.exe1BD5EC9DCF14EDFB7F4F5800FCEE9A19B55B3EDE099F3375B5F71F76B8FBCA3544E843EE9A29A201E978BE7A68AD32038621FE0A
WindowsServer2003-KB3030403-x86-NLD.exe69CE9D0CC938680F3B8204B5B8B61C5B5D06314397935F163009AAD4827DFDE983D935BC701FBD0B2169FB6BAFBAE3C71373F08C
WindowsServer2003-KB3030403-x86-PLK.exe6135A0778A0683984342261B68ECF9A742DEBBD82EB07A2187E4D4F35E1A6286CA40C3286A6F0A86E2B8B08E105CD8D5394B1E2F
WindowsServer2003-KB3030403-x86-PTB.exeDD8A4E38EE226D35A7ECF29D8C8830BD29059E0AD095B5BE89780CF825DB2D4FBD40304F085DE80352E9B1C1C36F4D061ED40967
WindowsServer2003-KB3030403-x86-PTG.exe9B4484030035AD0B90DF987A46822D2DB6217B72101BA31CEE0CC9A53044A417DE901E5CBD2AA6ED45E6603E5C14FAB6F7959C40
WindowsServer2003-KB3030403-x86-RUS.exe7DAB2B3EC75FEAF1CC170F4610B98D4047119CF21F32E9EAE1477C3B46772DE4EFCD05693BCFE4F577B30066CE21468B383A4C5A
WindowsServer2003-KB3030403-x86-SVE.exeBE0D05C95746BD8AFD94F38B2978D78831886999268F35EDEA3183631234EBBCA1A6CA651AC58E73A892F2FF3980F8EAD765693D
WindowsServer2003-KB3030403-x86-TRK.exe8E62A68E72935F3428143423CA79DF933129EB096804F20B0BACB9B4A515397072297CDE8248F29355ED251FC9B3BFC1F84F5016

↑ Back to the top


Keywords: kb, atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew

↑ Back to the top

Article Info
Article ID : 3040297
Revision : 1
Created on : 1/7/2017
Published on : 3/10/2015
Exists online : False
Views : 348