Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-053: Vulnerabilities in JScript and VBScript scripting engines could allow security feature bypass: May 12, 2015


View products that this article applies to.

Summary

This security update resolves address space layout randomization (ASLR) security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these ASLR bypasses together with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. 

The update addresses the ASLR bypasses by helping to make sure that affected versions of JScript and VBScript correctly implement the ASLR security feature. 

↑ Back to the top


Introduction

Microsoft has released security bulletin MS15-053. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Known issues and more information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 3050941 MS15-053: Description of the security update for VBScript and JScript 5.8: May 12, 2015
  • 3050945 MS15-053: Description of the security update for VBScript and JScript 5.7: May 12, 2015
  • 3050946 MS15-053: Description of the security update for VBScript and JScript 5.6: May 12, 2015
Security update deployment information

Windows Server 2003 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor JScript 5.6 and VBScript 5.6 on all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB3050946-x86-ENU.exe

For JScript 5.6 and VBScript 5.6 on all supported x64-based editions of Windows Server 2003:
WindowsServer2003-KB3050946-x64-ENU.exe

For JScript 5.6 and VBScript 5.6 on all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB3050946-ia64-ENU.exe

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB3050945-x86-ENU.exe

For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Server 2003:
WindowsServer2003-KB3050945-x64-ENU.exe

For JScript 5.7 and VBScript 5.7 on all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB3050945-ia64-ENU.exe
Installation switchesSee Microsoft Knowledge Base Article 262841
Update log fileFor JScript 5.6 and VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
KB3050946.log

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
KB3050945.log
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart. 
Removal informationFor JScript 5.6 and VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3050946$\Spuninst folder.

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3050945$\Spuninst folder.
File informationSee the file information section of the related KB article.
Registry key verificationFor JScript 5.6 and VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3050946\Filelist

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3050945\Filelist

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Vista:
Windows6.0-KB3050945-x86.msu

For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Vista:
Windows6.0-KB3050945-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart. 
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. 
File informationSee the file information section of the related KB article.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3050945-x86.msu

For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3050945-x64.msu

For JScript 5.7 and VBScript 5.7 on all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3050945-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart. 
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. 
File informationSee the file information section of the related KB article.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor JScript 5.8 and VBScript 5.8 on all supported Server Core installations of x64-based editions of Windows Server 2008 R2 only:
Windows6.1-KB3050941-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart. 
Removal informationTo uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, and then click System and Security. Under Windows Update, click View installed updates, and then select from the list of updates. 
File informationSee the file information section of the related KB article.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

↑ Back to the top


File information

File hash information
File nameSHA1 hashSHA256 hash
Windows6.0-KB3050945-ia64.msu08623F5D87CD078016AB206B9EDB22908C4A7D71054B9344D7BAC06CBD71EB9B6CA7074C66D9DC0BF8AEA3F07F3C2E40409140A7
Windows6.0-KB3050945-x64.msuF8064C8CC6A18C45454751FC97B9E8CDD75E8D28AFFFF3FD31D4BEA7D01AAF0586E8FBE19D76DA6227BFF83F422386ECACEF7775
Windows6.0-KB3050945-x86.msuCA0CA8D45E8827DB875B47F14A1B1D27ADAA86F5E924115BDA30CDF9CC45D50C67158A132DEE98E000CA81E4449D1AE9244F9E4F
Windows6.1-KB3050941-x64.msu4C575F5599F5726412FC4BCC4D1D237D1B2A0399AF407403EA17DB1D3198BE2A99D811E2613CFF3EE9A2213FC5FDF8B9EDEACAA9
WindowsServer2003-KB3050945-ia64-DEU.exeAC7BEDFBAE861385C9A9FFC0784A3DF5290720E5D1848EE68B7D648BEC3EE7D32C93F7600AAAA21CCC3A9B1F100ACAD86918515A
WindowsServer2003-KB3050945-ia64-ENU.exeE03BD2B796E771892271C79A974DE278B1E3D7A3F97C36063A5F0D91EF35D5DE31B3FB69E45C4CB20F66D4130552AD13E110E234
WindowsServer2003-KB3050945-ia64-FRA.exe5E252BD2F2988CEA93B0CFF738729EAD8FBEBD08DDEDBB292484FC2760D20FC1618784E230CC6BCD618A2CCD41230F7DE744D550
WindowsServer2003-KB3050945-ia64-JPN.exeBC81464F7C21DAA439FC12382D8895EE839321AB6FE5E6EE6006A88AA8ECAD1C5246ABD50A5715D64D750A00230A9BA1FAD743C8
WindowsServer2003-KB3050945-x64-CHS.exe373392F1C84C6DAED3E618BF7F06FD801EFA68365813C7408517650E58FB2DB89702F124701705CC9DF84FD43856E62570A606B8
WindowsServer2003-KB3050945-x64-CHT.exe079E0195A0565D3933B4CD3AD6D39C6CCCA7241DA1CBE7670C47E5629623A0A2E15433648C3AA8AF70C26ED5E3E7C34D8DDD5616
WindowsServer2003-KB3050945-x64-DEU.exeF1203F3FE2A868199D9B40F3D7A2E2BB3C5A95A492042B78D3212BE927DED5FC35F985CC8CF683C30FE855C98C3D8C21B7C2EDC4
WindowsServer2003-KB3050945-x64-ENU.exe529F3FEB42DC6F6B6EBC0A421DDE9403CC7C456914B92DE15DFF68012729F46C35467AA8BC93FA179E75303D6AE2AB9503D62136
WindowsServer2003-KB3050945-x64-ESN.exe78583406A1C4033567629D8B14E590808F76A3EFA760945E3000D2C26E5C19B15896DA586B44B394DE36AF65AFCD17F302FF8A4E
WindowsServer2003-KB3050945-x64-FRA.exeD60F050185BFE8DE49D06DEDBC7DD077388101F673B01240A6EBC1D06A9A45AF226F92862B38F18604A5B8BDDC7081FD58D82E44
WindowsServer2003-KB3050945-x64-ITA.exeBEDA574DA12FB407F171FFBE8461399D26D57626D36FFA654B4970FCB5EA5824C94C9462E1F50729C8869A2C9DA5FEEA736D4F0F
WindowsServer2003-KB3050945-x64-JPN.exe0D252219A025B3E17338A50727BD95C1C7F8233B6B86C2947A54CBB612FA8C9C72661359779B320CF39CB3243E4664DB00072649
WindowsServer2003-KB3050945-x64-KOR.exeC65BA35DFE7B48E677EFA748E9A44D96608765A6B8E5DDF103EF6C8DEF2D1F56A0D20C03B2DFF2C054522E7CFA14E83E3B69D59A
WindowsServer2003-KB3050945-x64-PTB.exeAAEAC1CBB9893E63BB06801E0CDA5688EFCE819174B4ECDE9B7F3B2BF83079D76D87A1733F12F0C895FA20627C18A031AB4B782D
WindowsServer2003-KB3050945-x64-RUS.exeFF193A3F3807BE0A7971273407D0F31BE90EDFAF59E573BCFB470D0E0D17EC60DB5579817D3499CA0C22C57FD196E15E562CBD22
WindowsServer2003-KB3050945-x86-CHS.exe19747AF9350616312BA9CA2007164B014291E25A4CFA3A73AB22E7F8D4836FFF0C3055BB4CC45865C86EA6A57A835D5BC017C581
WindowsServer2003-KB3050945-x86-CHT.exe92F7BCD80B13711DE4B56F99178DDCFA153D486A5FB39FA816D0076EB83AF64B562A1513EF59AA266969889D530905EAD4838686
WindowsServer2003-KB3050945-x86-CSY.exeB3C780143CCC8B52119D722994C3D75A511284039050C45B8179F2ABC17CDEA819BCAD08C5ED329BEEA6163E2E449DF3E18ECF01
WindowsServer2003-KB3050945-x86-DEU.exe7A4804FA7EBA160A7183ADF3C87177E35FFB4EAD28F77F113B547F66FADBC306ED30F1D70105A5FEA80833A839B17709B151F459
WindowsServer2003-KB3050945-x86-ENU.exeC718DBC7E2CB7FFB0A3039D76435E0E9738872B0691E8AFD6DFB4EE0453C71EAE18F38F391EDFD6FE960EBAF0D3A7E9A724752A2
WindowsServer2003-KB3050945-x86-ESN.exeDA99B1EC40014475EA09870C569DA46B3DCF00705868E9D2BAFD51749B54A0B53E252D240D41D703264B93FC884ED601E25C451D
WindowsServer2003-KB3050945-x86-FRA.exeF59092AF66391C19BBD5C72943C36D36583D5712A2D4F158D745E28267A915E678FDEDA3D772E42570022FE93E943DE3C2E32F32
WindowsServer2003-KB3050945-x86-HUN.exe2F7AA953BAE057D3F4778E4826C63AFA21CB0945020010A67246B7EC6E6554B536B93EF49D9E9AE4A8BF68312BB922A97A61238A
WindowsServer2003-KB3050945-x86-ITA.exeF49B3CCC2079446557E87C0134B93FC7EA9604AB83B24EE50268D80E26B540D2C9C3AF3F7842AC02FAFC0CC1C12C9100705A17BA
WindowsServer2003-KB3050945-x86-JPN.exe20E62D300EFFE74183A9558CDA5BE70EC3E1BB308085AE4BED88CFDF4A200407E21886217821B1738B7870143B89024BCF859684
WindowsServer2003-KB3050945-x86-KOR.exe6B60DBD8C323AC8AB81A135698455D92D3F35B3BDCB28225503D7B5E28BBD028826CABC969A22FF35EA78022848FAC826A08BF29
WindowsServer2003-KB3050945-x86-NLD.exeA58D6F000EF32893735D818F8FAB7FF1CE630408C2A95214C7B4ECD2A07326A498ED54C2B6D254C4A414764BC1BC8D278F2E8DAC
WindowsServer2003-KB3050945-x86-PLK.exeFD56041238A96B5AFD13A724BDCB754676F241B5C3019D3777348107ACA5EBA1F44C1514FC9811884574D113CBAC7A5C081F04D8
WindowsServer2003-KB3050945-x86-PTB.exeB1AA1D1DCE628DB597EABD243CCD513187A60F2AAD495CC267AB290551AD6E6FDAFDC8EE6424F167608BAD76ACA88CA6CB62FCD2
WindowsServer2003-KB3050945-x86-PTG.exe15DDA44310AF2C5ED153E3D498B6B9A7140772C5FE2D746B7E68C49788357E1C4EF345A75125BCB43B7FA157F0635478B5D24F5B
WindowsServer2003-KB3050945-x86-RUS.exe5D9F6ADF689AAEB66464AD5C41F56A8F4DE5213A3658670608EA74ABD4A3EE2ADA94BDC41036FAA05EAA94E6F651DF2C1F7A908E
WindowsServer2003-KB3050945-x86-SVE.exe813E9BB1C1142689950CF9A364DEAFA51B8EFAAE26D52F17E1BEBBE5AE7F2FDF3884781B126784C95D3ACCF745CAB6D9839DF3FD
WindowsServer2003-KB3050945-x86-TRK.exeEC06A3964ACB7E7D0C3E148710ADDC50806420E8A5B278644BB095DC5D2087995CEEAFD773C8EA1458D3F7A8D02EE2B86DD3DAA2
WindowsServer2003-KB3050946-ia64-DEU.exe08624A7AEB32949B57D2DFB8A9E3B19F08F52E12582E6F656C15E4F2223AF9A82A8CEDD32BFAD60907D6D05B54117714B9F3F824
WindowsServer2003-KB3050946-ia64-ENU.exe52A33392904CC9FF05ED4A0A7F2FDB2248F673E0D7EA886C2DFA287079539FB720AFEF87C350FB8D826F8910915B0E94E033F3CE
WindowsServer2003-KB3050946-ia64-FRA.exeD88899ED2F6EF9BEFA00812AE8EEC205BA9FB84B8CF78C8B3A7CA805A4E1ABABCC17EFF10D78BD7E0A58E8CEB236F577E5518D83
WindowsServer2003-KB3050946-ia64-JPN.exeA3E279A0ABA0C2FBD35C171D0CB76C8A550AF8B70A24067DF0286363AF9BC2162B4ADF16D16F12068CFB5A93D5FBB03C5E4FD227
WindowsServer2003-KB3050946-x64-CHS.exeB757772589AC82E13B208D3F63EFA34244F38DE1FDE38638494A2E1A86A9449663A269F0DD82E9F3AE017D545828364C5570AA17
WindowsServer2003-KB3050946-x64-CHT.exeFCC6328084D9F6B19BE930D0239C53C67F107F2DAE60339F480F0B72BC828627D0F18ADBDC05CFA5CCA47328844806CF26B1151F
WindowsServer2003-KB3050946-x64-DEU.exeCBAABED10E0D49BE246D9137C1D9D508394BF8294027E9FE7130200049DBF31778193F8B6207937C437B5E3E7B99A43CBE45C51C
WindowsServer2003-KB3050946-x64-ENU.exeFDB81DCC106FFCE2E5FC67378017A7FDD9A84C8E2AD7D18DAB06E3BA9F7BB4E6495E21DD88C82E11DFE7357FC70606404125D709
WindowsServer2003-KB3050946-x64-ESN.exe4C15F8BE6D71BA19C7327842744E12C99739C164C6FC4D616BF21A491B35F4CB8357C6C1EECCAC8D75E2FD90381B95DE03447E13
WindowsServer2003-KB3050946-x64-FRA.exe36B76F514414BDF100A80BBCCDB1BD9E71D6A7793BC5D570C8E63A19B9EA5BCCBE138F1D6F0BD8ADB45BDE114FA14D67F2CFA103
WindowsServer2003-KB3050946-x64-ITA.exe15E788CFB8F9E13900AACB5EC3DA3DD4885EA79862FAD8FEF053DDDFD160696A8A663623A17B377C35A25F73087DAD224A93C41E
WindowsServer2003-KB3050946-x64-JPN.exe2DD1D7D556AC24056100CDBE414A4CD91FF748B0B1A10AD99B2583D51D9F0214C24870375247848172C2AABFC1E0AC91DC851D63
WindowsServer2003-KB3050946-x64-KOR.exe93D06F0AD46C377638382022925FD4E913791A5E95015B5F16C789AA35F49CE406CC40A0FC4E3C47E576330963B94E681B8BC8A1
WindowsServer2003-KB3050946-x64-PTB.exe461F96946895FACBCD37CEA792E0CE43818399EF5F12461B704EF3E3D8EFF0D7F357E09D0C0D209F226930C1618906BFB5610112
WindowsServer2003-KB3050946-x64-RUS.exe45A2DB89D9C19461FF6648E3934E49DEA6F58CEAC8B271FD87DC4C4FEB711EFE58A3F079078BBAEF2A71EE8A0A5B2CCD2D0B59C3
WindowsServer2003-KB3050946-x86-CHS.exe0824FBCC2B143CC02A2242C3708FEADDAA1561B7776D548EDBA4AB7E7CEF5190BDD260FDEBD2FCE89D7FAAEB3DCB2FBB6F3ABD27
WindowsServer2003-KB3050946-x86-CHT.exeD4E8B970EA6F44CE6BD64F4583A5D602569ED3A4D6C2112730CD64927369FFCB609F288CB30CD0F2B6F5CB85686C9F88099C438E
WindowsServer2003-KB3050946-x86-CSY.exe60DC24BDE74CF1C7EC23AF5A37B62C2971FEA0D929DA0EBF9D3725C4991BBB27F31D2E6AB1D3F313E937729B10CA15BAD29CFBC1
WindowsServer2003-KB3050946-x86-DEU.exe09FF09D9D1BF68C39E0EAB1815035D9E1079DF5B189FFF3CEAE00469AF012F66FA458288E9CD12E2818DD257337D2CF81D1170E4
WindowsServer2003-KB3050946-x86-ENU.exe4939EF095CDF5822429CF2A2E722228AA6EDBE8DF7AFBCD1BC08AD8EA48CEC6D33E7FF23F368CEDBA51115F17971E2D5D921990B
WindowsServer2003-KB3050946-x86-ESN.exeB5B9FC6A82CC337B1CE05AEF77E22BF18AAB8FB69EB680F035045F64F5AF90AF40ECF1FB021DE20EBF1EAFCE4E80C2F7C30648DE
WindowsServer2003-KB3050946-x86-FRA.exe8F5CF8FA727DFCE57DD2A31F1DD22BA6193530246B2CD0845C68F9AA5FA1687DE36AA1382F7BEB699F42DB40160349320FF20A39
WindowsServer2003-KB3050946-x86-HUN.exe25D77B7D79C671F5A78ACF68C28D3E3F5B5DA9285F5EF32ED7329908826C0B097C792E4A7ECF07B9B584E14E52C2C2D733C78A74
WindowsServer2003-KB3050946-x86-ITA.exe023C96F694BBA0E59BCC83457912CA508E036278F2AC951E263DD6CA6D3BD8E84CD193BFE1AF6922AFC3612C5E50F1DE3B91BC48
WindowsServer2003-KB3050946-x86-JPN.exe251C13B56B9BE47177B7D5E3887D8E36AD418FEF9AD080F980F074436CB5CEED98108BABE8A5E0AD9711A1BDC0601F8AD1BBC5CA
WindowsServer2003-KB3050946-x86-KOR.exeEC3A541A72C34F7EF8CC873A5DD2C0CBB5E907F3D58C73FB5C2C57350C60F4ED2AEC839A73D3544879DE398E0A1137F31D2853EE
WindowsServer2003-KB3050946-x86-NLD.exe06232DA0662BCA64354D14A42AE24B2CE00F9B50E331A23DE284E7BAB1E3F4066A0FD6975B79E20395E24BA6BDFBA50140ACAC35
WindowsServer2003-KB3050946-x86-PLK.exeA5C5D0AAAD50FFA1789AB1E89296FBB17EB7065C33F39F85C8A23CE784707FDB51A3D824D988AF49919011552F83C315000A9680
WindowsServer2003-KB3050946-x86-PTB.exeFDB3859E40B0408F3139F6466C7103EDDD97697B9B2BF4D88E0F74B0D4C30B9DA09300DF8879A375F41A87B9A3DEE0DB496E76D8
WindowsServer2003-KB3050946-x86-PTG.exe429D922D29E35F3B41D6B69A3135EE5ADAB97C1A37A9DC90D6CFD83528DBA1DD1C792EA0854836C945FE2BA4FA830E58D948F19A
WindowsServer2003-KB3050946-x86-RUS.exe34E222CAD1EAA0EDB14F08A60A1DD263EFCDDEEA127859902C3CE119EF4D51E87D0074797A8D17FD264117472B3FF4FB096123B4
WindowsServer2003-KB3050946-x86-SVE.exe1DFD76A3F92E7C2ACFD155B92EB5EBBC3F998607F07F3A37E439F52BF56CB4D4C2F51D0AFEE1EAFB551080C224CC15EA0F974DE0
WindowsServer2003-KB3050946-x86-TRK.exeE3491FD774A21E633EB0C242C101EFCEB93E79B95E04589FE8CA780E52AF5C8A38210B3F0C36FCFB55DAD16192B7DCB162B2F825

↑ Back to the top


Keywords: kb, atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew

↑ Back to the top

Article Info
Article ID : 3057263
Revision : 4
Created on : 4/17/2018
Published on : 4/17/2018
Exists online : False
Views : 281