Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-039: Vulnerability in XML Core Services could allow security feature bypass: April 14, 2015

View products that this article applies to.

Summary

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a user clicks a specially crafted link. However, in every case an attacker would have no way to force users to click a specially crafted link. An attacker would have to convince users to click the link, typically by way of an enticement in an email or Instant Messenger message.

↑ Back to the top

Introduction

Microsoft has released security bulletin MS15-039. To learn more about this security bulletin:

Home users:
https://www.microsoft.com/security/pc-security/updates.aspx
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now:
https://update.microsoft.com/microsoftupdate/
IT professionals:
https://technet.microsoft.com/library/security/MS15-039

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top

More Information

Security update deployment information

Windows Server 2003 (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file names	For all supported 32-bit editions of Windows Server 2003: WindowsServer2003-KB3046482-x86-ENU.exe
	For all supported x64-based editions of Windows Server 2003: WindowsServer2003-KB3046482-x64-ENU.exe
	For all supported Itanium-based editions of Windows Server 2003: WindowsServer2003-KB3046482-ia64-ENU.exe
Installation switches	See Microsoft Knowledge Base Article 934307
Update Log File	KB3046482.log
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal information	Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3046482$\Spuninst folder.
File information	See the file information section.
Registry key verification	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3046482\Filelist

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file names	For all supported 32-bit editions of Windows Vista: Windows6.0-KB3046482-x86.msu
	For all supported x64-based editions of Windows Vista: Windows6.0-KB3046482-x64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal information	WUSA.exe does not support the uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File information	See the file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file names	For all supported 32-bit editions of Windows Server 2008: Windows6.0-KB3046482-x86.msu
	For all supported x64-based editions of Windows Server 2008: Windows6.0-KB3046482-x64.msu
	For all supported Itanium-based editions of Windows Server 2008: Windows6.0-KB3046482-ia64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal information	WUSA.exe does not support the uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.
File information	See the file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file name	For all supported 32-bit editions of Windows 7: Windows6.1-KB3046482-x86.msu
	For all supported x64-based editions of Windows 7: Windows6.1-KB3046482-x64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal information	To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.
File information	Seethe file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file name	For all supported x64-based editions of Windows Server 2008 R2: Windows6.1-KB3046482-x64.msu
	For all supported Itanium-based editions of Windows Server 2008 R2: Windows6.1-KB3046482-ia64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.
Removal information	To uninstall an update installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.
File information	See the file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

↑ Back to the top

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2003 file information

The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x64-based versions of Windows Server 2003

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Msxml3.dll	8.100.1057.0	2,194,944	10-Mar-2015	18:13	x64	SP2	SP2QFE
Wmsxml3.dll	8.100.1057.0	1,187,840	10-Mar-2015	18:13	x86	SP2	SP2QFE\WOW

For all supported x86-based versions of Windows Server 2003

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.100.1057.0	1,187,840	10-Mar-2015	18:06	x86

For all supported IA-64-based versions of Windows Server 2003

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Msxml3.dll	8.100.1057.0	3,553,280	10-Mar-2015	18:13	IA-64	SP2	SP2QFE
Wmsxml3.dll	8.100.1057.0	1,187,840	10-Mar-2015	18:13	x86	SP2	SP2QFE\WOW

Windows Vista and Windows Server 2008 file information

The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Version Product Milestone Service branch
6.0.6002.18xxx Windows Vista SP2 and Windows Server 2008 SP2 SP2 GDR
6.0.6002.23xxx Windows Vista SP2 and Windows Server 2008 SP2 SP2 LDR
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.100.5010.0	1,249,280	09-Mar-2015	01:01	x86
Msxml3r.dll	8.20.8730.1	2,048	27-Aug-2014	00:55	x86
Msxml3.dll	8.100.5010.0	1,249,280	09-Mar-2015	00:32	x86
Msxml3r.dll	8.20.8730.1	2,048	09-Mar-2015	00:32	x86

For all supported x64-based versions of Windows Vista and Windows Server 2008

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.100.5010.0	1,869,824	09-Mar-2015	00:40	x64
Msxml3r.dll	8.20.8730.1	2,048	27-Aug-2014	00:41	x64
Msxml3.dll	8.100.5010.0	1,869,824	09-Mar-2015	00:35	x64
Msxml3r.dll	8.20.8730.1	2,048	09-Mar-2015	00:35	x64
Msxml3.dll	8.100.5010.0	1,249,280	09-Mar-2015	01:01	x86
Msxml3r.dll	8.20.8730.1	2,048	27-Aug-2014	00:55	x86
Msxml3.dll	8.100.5010.0	1,249,280	09-Mar-2015	00:32	x86
Msxml3r.dll	8.20.8730.1	2,048	09-Mar-2015	00:32	x86

For all supported IA-64-based versions of Windows Server 2008

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.100.5010.0	3,163,648	09-Mar-2015	00:23	IA-64
Msxml3r.dll	8.20.8730.1	2,048	27-Aug-2014	00:23	IA-64
Msxml3.dll	8.100.5010.0	3,164,672	09-Mar-2015	00:03	IA-64
Msxml3r.dll	8.20.8730.1	2,048	09-Mar-2015	00:03	IA-64
Msxml3.dll	8.100.5010.0	1,249,280	09-Mar-2015	01:01	x86
Msxml3r.dll	8.20.8730.1	2,048	27-Aug-2014	00:55	x86
Msxml3.dll	8.100.5010.0	1,249,280	09-Mar-2015	00:32	x86
Msxml3r.dll	8.20.8730.1	2,048	09-Mar-2015	00:32	x86

Windows 7 and Windows Server 2008 R2 file information

The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Version Product Milestone Service branch
6.1.7601.18xxx Windows 7 and Windows Server 2008 R2 SP1 GDR
6.1.7601.22xxx Windows 7 and Windows Server 2008 R2 SP1 LDR
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.110.7601.18782	1,237,504	10-Mar-2015	03:08	x86
Msxml3r.dll	8.110.7601.18782	2,048	10-Mar-2015	03:05	x86
Msxml3.dll	8.110.7601.22986	1,236,992	10-Mar-2015	03:15	x86
Msxml3r.dll	8.110.7601.22986	2,048	10-Mar-2015	03:12	x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.110.7601.18782	1,882,624	10-Mar-2015	03:25	x64
Msxml3r.dll	8.110.7601.18782	2,048	10-Mar-2015	03:21	x64
Msxml3.dll	8.110.7601.22986	1,881,088	10-Mar-2015	03:29	x64
Msxml3r.dll	8.110.7601.22986	2,048	10-Mar-2015	03:25	x64
Msxml3.dll	8.110.7601.18782	1,237,504	10-Mar-2015	03:08	x86
Msxml3r.dll	8.110.7601.18782	2,048	10-Mar-2015	03:05	x86
Msxml3.dll	8.110.7601.22986	1,236,992	10-Mar-2015	03:15	x86
Msxml3r.dll	8.110.7601.22986	2,048	10-Mar-2015	03:12	x86

For all supported IA-64-based versions of Windows Server 2008 R2

File name	File version	File size	Date	Time	Platform
Msxml3.dll	8.110.7601.18782	3,150,336	10-Mar-2015	02:24	IA-64
Msxml3r.dll	8.110.7601.18782	2,048	10-Mar-2015	02:21	IA-64
Msxml3.dll	8.110.7601.22986	3,149,824	10-Mar-2015	02:21	IA-64
Msxml3r.dll	8.110.7601.22986	2,048	10-Mar-2015	02:17	IA-64
Msxml3.dll	8.110.7601.18782	1,237,504	10-Mar-2015	03:08	x86
Msxml3r.dll	8.110.7601.18782	2,048	10-Mar-2015	03:05	x86
Msxml3.dll	8.110.7601.22986	1,236,992	10-Mar-2015	03:15	x86
Msxml3r.dll	8.110.7601.22986	2,048	10-Mar-2015	03:12	x86

File hash information

Package Name	Package Hash SHA1	Package Hash SHA2
Windows6.0-KB3046482-ia64.msu	EA6BA8A60185D68B2C3A1E4BAAE5C3BCE70B4607	989952ECF2B9960C1103C46BF25DA089033C7E77951FF224A3B97365DEA28600
Windows6.0-KB3046482-x64.msu	6ADA813269F3C9B43681609975C68AC54FE46781	048C316EF8FC513F954F34FA6F28931B065436FE0F427E9D49C367B28B26A685
Windows6.0-KB3046482-x86.msu	F3474C72E8635DF44F4A8196DFB6DE2F5B627CED	C374B5CF20D44C6C16B696FD338D1207F628FB5335B1D7913E38E3A5E9D505D2
Windows6.1-KB3046482-ia64.msu	50D0EFFCBD421E5332CE7275E1727378EC225A1D	2B735E6834F07B26C0B33CE8DE9CB812EF11F8012FFAB781244E7C7A24D0A1D5
Windows6.1-KB3046482-x64.msu	3AB00699A17C6F819C4935548ABD820B0D5279B6	472AC4E314C805257EE8371311355B4402F388542CC81D5AE49107C79A1C4E91
Windows6.1-KB3046482-x86.msu	3B5C086CFD04938461B1E630BDBD886C93E1AE6C	929541ACE79F9813EA736F01A194FF8D76A29C28A562C59F23E5242049763878
WindowsServer2003-KB3046482-ia64-DEU.exe	9EF09B546A0F0C86AB00912B2EF761D314E19EAD	7F36363C29B4A7B55925C3359AFD02A848B47F379D399F161D5865FDA5FC38E0
WindowsServer2003-KB3046482-ia64-ENU.exe	B09E099F1BA2397CAE662709AEAD9FFCE7759071	DF11C75DA9EB0EAFA51ECCFFF2F95860BA4AA50D0DB64302E171BCCF013764CB
WindowsServer2003-KB3046482-ia64-FRA.exe	2F43E0257DA5DDA582E6DC833EC31BD6D8271568	778CC9D51AB30A30033480430E016864582B265745894F9C2F8A5617FEC2F569
WindowsServer2003-KB3046482-ia64-JPN.exe	865D98A0C7532054A2FC2AECD8B1A9AB2487AA37	42033C08C7ECD9AFC76830CABD9768CB476F3FF37592D3FC4877BDFF217B0CFD
WindowsServer2003-KB3046482-x64-CHS.exe	DA637B3E2E91CFAFCCC9E95A0F85107DD0F96EC1	2A72FC5D374AAE2E3FF38F9B8D24528631C917AB02CFBE242F6695E73E1225F2
WindowsServer2003-KB3046482-x64-CHT.exe	06292724E93CF1EF13D0174DC7D951F932ED3831	AB077FC801D4475B398F95C286E3B95A88E4B48CB53BC053C382F2A1D14CEEC7
WindowsServer2003-KB3046482-x64-DEU.exe	4D4C8169D59D30A442763BCC6A9C3651D62E7D1A	DEF44F02E4A7F6B16D26BEC39DD51EAB5A2CBB2196DA7DC259A56C4E7F36E0F3
WindowsServer2003-KB3046482-x64-ENU.exe	C97987B66E381B56AA3B2F9C3689411D36B7979F	26B5F96FA1B40C79D83BFD87C79D995B5EC7BB1F4819CEEC3A38280493E0FE48
WindowsServer2003-KB3046482-x64-ESN.exe	ED853700CA577A720D271316144BB1E14FD3F11A	63B3AF10D91120E811E7C90629E9BDC907D15A9B4794CC428B803035040BD2F0
WindowsServer2003-KB3046482-x64-FRA.exe	D11BD3CC720FBA2F2DEC1114212BD19DA3387C5B	2F1C70C3511869ECA4EC2E21C46C36B5042E1BCCFCC7D9AC33B6A03ABA7B86D6
WindowsServer2003-KB3046482-x64-ITA.exe	7584C73F6621C902519826CFF08F277E1C8DAD31	F0D940830C966CDF7CC2507D84582B662C558012FDE0889E289AFC6A1FE6050F
WindowsServer2003-KB3046482-x64-JPN.exe	98613E7C2FE100C3090033648BF04B778192BFC9	2D6625BA05524FC33BE8D8E14385DBEDCCC4A799E1DFD7BC390500D947C9CA55
WindowsServer2003-KB3046482-x64-KOR.exe	4E6BB284E242E7EBA021E4B5F26FE574A2D55B4D	64CCBA05ECCF867C5FEF7E0604956B471E3BC2588C370DD1DEAF065C3C4B25CD
WindowsServer2003-KB3046482-x64-PTB.exe	161F9D36086725F4A92BD091B6E53B8413B27E6C	616E0FB0A28375E2E34F20940B16D535351603B10EEC143C6987F3B45C65548A
WindowsServer2003-KB3046482-x64-RUS.exe	D25FAE5ED6F7D40CF0E5E60D2E4D3EC245B21366	372BFF5F7C503562DF06F045B8B48AD24EC4707BA6CBD93D9B3FA72BB9292969
WindowsServer2003-KB3046482-x86-CHS.exe	A1E2CBC36A9547ECFD8A303786476F46E4B851D6	AF146F0DD3ACDBE48D45B2999D4C073025B80E8080A7841A64DFDD6E83D8786C
WindowsServer2003-KB3046482-x86-CHT.exe	F3F1F5D9DBB106C694E735BC93484EDE1EAF388F	38448AA34D131506E201188DA30306BFE8F1AAE021E99C3AE64DE27994236E6C
WindowsServer2003-KB3046482-x86-CSY.exe	0015DBF9F22DA6966357C60EB8ADDCE492B19E5A	316DFD95A493636F2A82F936700F1BADD2C07D80039028FD572DA06DA2DA6796
WindowsServer2003-KB3046482-x86-DEU.exe	EC2C585CBD91F27B95C4D59714F9F363DC212129	8A6BEFB9ECA1F976F8A1C99A34F468FA7B26901BCF752C1182270A99449A7A7A
WindowsServer2003-KB3046482-x86-ENU.exe	4B9C72780391B90545268469EE9644A2CD53E44B	ABCA7CF3D5B3C1BACDA35174E2C2520C24A37EBD0628D9640838D8F6C2604756
WindowsServer2003-KB3046482-x86-ESN.exe	89BDA82FA99075B2580C7E292AD5C1530CF62749	F556B18C5D565F3051B9C608F31ECD19185D2CDAE86C8AE386785A7F279CA745
WindowsServer2003-KB3046482-x86-FRA.exe	B4B764AEC524F203D49C425F4F38A0635C9ECAED	97B7F69B753027595F4716E16EA059A9FE8CCB6F7846F8EAF0AA50AA2BDA9608
WindowsServer2003-KB3046482-x86-HUN.exe	B0C2769331B38AB5698078FA1C0B705DE2F34BD3	8AE0F93FF63518895678C571260DE387256658A160E20A149C83F20C557AF043
WindowsServer2003-KB3046482-x86-ITA.exe	66DC61CA540DE3D60C6CC80559C6D44B6410B625	35BF1A0C478EFC94F39AE2FB1F07E2740B4698BCF7A98E57F663CA53AE3C9DD3
WindowsServer2003-KB3046482-x86-JPN.exe	6A8196E0636AE02307D472138F503E946B8D588D	95E5B4FBA570717BC34ADDF1F4C69D00A5B1497003B7D32D8090C419C3F82B95
WindowsServer2003-KB3046482-x86-KOR.exe	B7919E5CB92B8DA3239539832A792E01EC8ADB34	E9C7C1816592CD81C286D3FFFBE88893147E80CA4C2A9A430373B87F730E8933
WindowsServer2003-KB3046482-x86-NLD.exe	56134B5151F1BD7A9385DBD55F6570BBB8836AA2	3ED148C9CEE843DD112D2CDFA47C3EF2ED4D6C25B9FC5BD4E2C9B4AAE571A041
WindowsServer2003-KB3046482-x86-PLK.exe	C77883257A2538CA1DD9EEB5E80C71FCE69F95B6	AA195C0D7D975FC18713AAB61CBDD242FB5308B0F63C3BCC7F02E7CD2740E3CE
WindowsServer2003-KB3046482-x86-PTB.exe	CC086BE58E026514A639BEDF937E8C137AF9B058	535DBDBE8DF4F2DB0EC55A9EB800D9B8B3750C957D4E8F6BE48B41EE796BE12F
WindowsServer2003-KB3046482-x86-PTG.exe	232306C202A24E3426E4BB59A9FBD17395D286A6	2D15EE5D50048A0B4CAC5B0DC66DA0618745E62E6ACA72F2D99DE0527BDE1EC7
WindowsServer2003-KB3046482-x86-RUS.exe	6632E1CFBD293AEB7A7322A56469A95733A031BA	7EB966603057001B4CC372D274FBA48626BCC5E9A49266A3F2DA68CB542C70BA
WindowsServer2003-KB3046482-x86-SVE.exe	7B3FC46AD5C001C09FBB164E71ADD68468292E66	7BEF15F918CC7ABCE07869969C1344FDE6EFD2FBFC2AB8A5207F5FFF5309FC59
WindowsServer2003-KB3046482-x86-TRK.exe	44266B57B3FA7E160346F58BFBC1ADAC2CAEE100	B95956592E809C8A266188EFC7AC12124D52F4FE998EE688FBAD5D650AD96BC5

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbsecreview, kbsurveynew, kbsecvulnerability, kbsecurity, kbsecbulletin, atdownload, kblangall, kbfix, kbexpertiseinter, kbbug, kb, kbmustloc

↑ Back to the top

Article Info

Article ID	:	3046482
Revision	:	1
Created on	:	1/7/2017
Published on	:	4/14/2015
Exists online	:	False
Views	:	248