MS15-108: Security update for JScript and VBScript to address remote code execution: October 13, 2015

View products that this article applies to.

Summary

This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or if an attacker leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control that is marked as "safe for initialization" in an application or a Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-108.

↑ Back to the top

More Information

Important

If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

↑ Back to the top

More information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.

3094995 MS15-108: Description of the security update for JScript and VBScript 5.8: October 13, 2015
3094996 MS15-108: Description of the security update for JScript and VBScript 5.7: October 13, 2015

↑ Back to the top

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

Method 2: Microsoft Download Center

↑ Back to the top

More Information

Security update deployment information

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file names	For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Vista: Windows6.0-KB3094996-x86.msu
	For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Vista: Windows6.0-KB3094996-x64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal information	WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
File information	See the file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file names	For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Server 2008: Windows6.0-KB3094996-x86.msu
	For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Server 2008: Windows6.0-KB3094996-x64.msu
	For JScript 5.7 and VBScript 5.7 on all supported Itanium-based editions of Windows Server 2008: Windows6.0-KB3094996-ia64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal information	WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
File information	See the file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.

Security update file name	For JScript 5.8 and VBScript 5.8 on all supported Server Core installations of x64-based editions of Windows Server 2008 R2: Windows6.1-KB3089659-x64.msu
Installation switches	See Microsoft Knowledge Base Article 934307
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.
Removal information	To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
File information	See the file information section.
Registry key verification	Note A registry key does not exist to validate the presence of this update.

File hash information

Package Name	Package Hash SHA 1	Package Hash SHA 2
Windows6.0-KB3083178-ia64.msu	99B91C0115DD225CAA949D6D9D987B032E0DD7F0	8FF7CFD7E865B3728E5E6FBF9DD3E76399B8D9C8C904B7099DC4C26B37E44093
Windows6.0-KB3083178-x64.msu	ED4B159B0499CA6D45203614F621DC818834ADA8	A5783938AE9A9E9EB85BCBC88EA6B390EF5185C68DFB06087D38390BA560FDF8
Windows6.0-KB3083178-x86.msu	12BF0F5E4617946D846CC2986F29291BB0E3094C	5649B1285196B30D8EEE7C82A04F6EB89C7050C1625C26E45AB043B8FC903261
Windows6.0-KB3094996-ia64.msu	4450F3F3444EC178B29AAEE274742066F7BFF25C	9DFDCEC0A35F020EE5DA5D91C65750311C52107D2A15730A428DB2160111DB3E
Windows6.0-KB3094996-x64.msu	688B00F348C2D405C087A5129F634207BA8CB0D1	1A8AB9459D64E30E67248313C28DF8B27381A1053223A45F08EA85438AF692C8
Windows6.0-KB3094996-x86.msu	C7E0F4C35FC496DDB4AEE6A449D5273EEED6203B	A48FB2AD303FA4EA63A8063C82720857091FA80A5988BF1B2D540F0C784552E6
Windows6.1-KB3089659-x64.msu	FCC8223960ECE28E5B313A24C1222D02603A50E8	7039CE796CC276F54AB69B8E69654EBA1A6A0BFB9F725C75D7E49C1EC0224E20

How to obtain help and support for this security update

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kb, atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew

↑ Back to the top

Article Info

Article ID	:	3089659
Revision	:	1
Created on	:	1/7/2017
Published on	:	10/16/2015
Exists online	:	False
Views	:	300

Microsoft KB Archive Search

MS15-108: Security update for JScript and VBScript to address remote code execution: October 13, 2015

Summary

More Information

More information about this security update

How to obtain and install the update

Method 1: Windows Update

More Information

Windows Vista (all editions)

Windows Server 2008 (all editions)

Windows Server 2008 R2 (all editions)

Applies to: