MS15-038: Description of the security update for Windows: April 14, 2015

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Summary
This security update resolves vulnerabilities in Windows. These vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. To exploit the vulnerabilities, an attacker would first have to log on to the system. This security update addresses the vulnerabilities by correcting how Windows validates impersonation events. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS15-038.

To resolve the vulnerabilities, you may need to apply multiple updates depending on the version of Windows you are running, see the following table for more information:
Windows versionUpdates to install
Windows Server 2003 R2 SP23045685
Windows Vista SP2, Windows Server 2008 SP2
Windows 7 SP1, Windows Server 2008 R2 SP1
Windows 8, Windows RT, Windows Server 2012
Windows 8.1, Windows RT 8.1, Windows Server 2012 R2
3045685 and 3045999
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Windows RT and Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in the following table that corresponds to the version of Windows you are running.
More information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base Article 3049576.

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2003 R2 file information

  • The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x64-based versions of Windows Server 2003 R2

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Clfs.sys5.2.3790.5562366,59204-Mar-201501:11x64SP2SP2QFE
Clfsw32.dll5.2.3790.5562105,98404-Mar-201501:11x64SP2SP2QFE
Clfs.sys5.2.3790.5562366,59204-Mar-201501:11x64SP2SP2QFE\IA
Clfs.sys5.2.3790.5562366,59204-Mar-201501:11x64SP2SP2QFE\ID
Clfs.sys5.2.3790.5562366,59204-Mar-201501:11x64SP2SP2QFE\IS

For all supported x86-based versions of Windows Server 2003 R2

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Clfs.sys5.2.3790.5562204,28804-Mar-201500:54x86SP2SP2QFE
Clfs.sys5.2.3790.5562204,28804-Mar-201500:54x86SP2SP2QFE\IA
Clfsw32.dll5.2.3790.556279,36004-Mar-201502:07x86SP2SP2QFE\IA
Clfs.sys5.2.3790.5562204,28804-Mar-201500:54x86SP2SP2QFE\ID
Clfsw32.dll5.2.3790.556279,36004-Mar-201502:07x86SP2SP2QFE\ID
Clfs.sys5.2.3790.5562204,28804-Mar-201500:54x86SP2SP2QFE\IS
Clfsw32.dll5.2.3790.556279,36004-Mar-201502:07x86SP2SP2QFE\IS

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.0.6002.1933157,34405-Mar-201502:23x86
Clfsw32.dll6.0.6002.2363957,34405-Mar-201501:41x86
Clfs.mofNot applicable3,47218-Sep-200621:38Not applicable
Clfs.sys6.0.6002.19331244,15205-Mar-201502:32x86
Clfsuninstall.mofNot applicable12318-Sep-200621:39Not applicable
Clfs.mofNot applicable3,47207-May-201423:47Not applicable
Clfs.sys6.0.6002.23639244,15205-Mar-201501:46x86
Clfsuninstall.mofNot applicable12307-May-201423:47Not applicable

For all supported x64-based versions of Windows Vista and Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.0.6002.1933177,82405-Mar-201501:58x64
Clfsw32.dll6.0.6002.2363977,82405-Mar-201501:35x64
Clfs.mofNot applicable3,47218-Sep-200621:36Not applicable
Clfs.sys6.0.6002.19331360,38405-Mar-201502:14x64
Clfsuninstall.mofNot applicable12318-Sep-200621:36Not applicable
Clfs.mofNot applicable3,47207-May-201423:46Not applicable
Clfs.sys6.0.6002.23639360,38405-Mar-201501:51x64
Clfsuninstall.mofNot applicable12307-May-201423:46Not applicable
Clfsw32.dll6.0.6002.1933157,34405-Mar-201502:23x86
Clfsw32.dll6.0.6002.2363957,34405-Mar-201501:41x86

For all supported IA-64-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.0.6002.19331182,27205-Mar-201501:33IA-64
Clfsw32.dll6.0.6002.23639182,27205-Mar-201501:12IA-64
Clfs.mofNot applicable3,47203-Jan-200818:57Not applicable
Clfs.sys6.0.6002.19331843,19205-Mar-201501:49IA-64
Clfsuninstall.mofNot applicable12303-Jan-200818:57Not applicable
Clfs.mofNot applicable3,47207-May-201423:46Not applicable
Clfs.sys6.0.6002.23639843,19205-Mar-201501:22IA-64
Clfsuninstall.mofNot applicable12307-May-201423:46Not applicable
Clfsw32.dll6.0.6002.1933157,34405-Mar-201502:23x86
Clfsw32.dll6.0.6002.2363957,34405-Mar-201501:41x86

Windows 7 and Windows Server 2008 R2 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7601.18xxxWindows 7 and Windows Server 2008 R2SP1GDR
    6.1.7601.22xxxWindows 7 and Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.1.7601.1877758,88004-Mar-201504:10x86
Clfsw32.dll6.1.7601.2298158,88004-Mar-201504:15x86
Clfs.sys6.1.7601.18777249,78404-Mar-201504:16x86
Clfs.sys6.1.7601.22981249,79204-Mar-201504:19x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.1.7601.1877779,36004-Mar-201504:41x64
Clfsw32.dll6.1.7601.2298179,36004-Mar-201504:33x64
Clfs.sys6.1.7601.18777367,55204-Mar-201504:55x64
Clfs.sys6.1.7601.22981367,54404-Mar-201504:37x64
Clfsw32.dll6.1.7601.1877758,88004-Mar-201504:10x86
Clfsw32.dll6.1.7601.2298158,88004-Mar-201504:15x86

For all supported IA-64-based versions of Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.1.7601.18777187,39204-Mar-201503:38IA-64
Clfsw32.dll6.1.7601.22981187,39204-Mar-201503:39IA-64
Clfs.sys6.1.7601.18777846,78404-Mar-201503:42IA-64
Clfs.sys6.1.7601.22981846,77604-Mar-201503:44IA-64
Clfsw32.dll6.1.7601.1877758,88004-Mar-201504:10x86
Clfsw32.dll6.1.7601.2298158,88004-Mar-201504:15x86

Windows 8 and Windows Server 2012 file information

  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.2.920 0.16 xxxWindows 8 and Windows Server 2012RTMGDR
    6.2.920 0.20 xxxWindows 8 and Windows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.2.9200.1729157,85604-Mar-201504:52x86
Clfsw32.dll6.2.9200.2140857,85604-Mar-201504:23x86
Clfs.sys6.2.9200.17291256,83204-Mar-201505:22x86
Clfs.sys6.2.9200.21408256,83204-Mar-201505:07x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.2.9200.1729174,75204-Mar-201506:39x64
Clfsw32.dll6.2.9200.2140874,75204-Mar-201505:20x64
Clfs.sys6.2.9200.17291361,28004-Mar-201507:29x64
Clfs.sys6.2.9200.21408361,28004-Mar-201507:07x64
Clfsw32.dll6.2.9200.1729157,85604-Mar-201504:52x86
Clfsw32.dll6.2.9200.2140857,85604-Mar-201504:23x86

Windows 8.1 and Windows Server 2012 R2 file information

For all supported x86-based versions of Windows 8.1

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.3.9600.1771958,88004-Mar-201502:19x86
Clfs.sys6.3.9600.17719279,36004-Mar-201510:05x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatform
Clfsw32.dll6.3.9600.1771975,26404-Mar-201503:04x64
Clfs.sys6.3.9600.17719377,15204-Mar-201510:25x64
Clfsw32.dll6.3.9600.1771958,88004-Mar-201502:19x86

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 3045685 - Last Review: 07/07/2015 23:49:00 - Revision: 3.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows RT, Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2, Microsoft Windows Server 2003 Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3045685
Feedback