You are currently offline, waiting for your internet to reconnect

MS15-088: Unsafe command-line parameter passing could allow information disclosure: August 11, 2015

Summary
This security update helps resolve an information disclosure vulnerability in Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability, an attacker would first have to use another vulnerability in Internet Explorer to run code in the sandboxed process. The attacker could then run Notepad, Visio, PowerPoint, Excel, or Word by using an unsafe command-line parameter to effect information disclosure. To be protected from the vulnerability, customers must apply the updates that are provided in this bulletin and also the update for Internet Explorer that is provided in MS15-079. Similarly, customers who are running an affected Office product must also install the applicable updates that are provided in MS15-081.

For more information about the updates that are required to address this vulnerability, see Microsoft Knowledge Base Article 3080057, Microsoft Knowledge Base Article 3080790, and Microsoft Knowledge Base Article 3082442.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-088.
More information
Important
  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Additional information about this security update
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3079757 MS15-088 Description of the security update for Windows, Internet Explorer, and Office: August 11, 2015
  • 3046017 MS15-088 Description of the security update for Windows, Internet Explorer, and Office: August 11, 2015
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, seeGet security updates automatically.

Note For Windows RT and Windows RT 8.1, this update is available only through Windows Update. 

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS15-088 that corresponds to the version of Windows that you are running.
More information

Security update deployment information

Windows Vista (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Vista:
Windows6.0-KB3046017-x86.msu
Windows6.0-KB3079757-x86.msu

For all supported x64-based editions of Windows Vista:
Windows6.0-KB3046017-x64.msu
Windows6.0-KB3079757-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3046017
See Microsoft Knowledge Base Article 3079757
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3046017-x86.msu
Windows6.0-KB3079757-x86.msu

For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3046017-x64.msu
Windows6.0-KB3079757-x64.msu

For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3046017-ia64.msu
Windows6.0-KB3079757-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3046017
See Microsoft Knowledge Base Article 3079757
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 7:
Windows6.1-KB3046017-x86.msu
Windows6.1-KB3079757-x86.msu

For all supported x64-based editions of Windows 7:
Windows6.1-KB3046017-x64.msu
Windows6.1-KB3079757-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3046017
See Microsoft Knowledge Base Article 3079757
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3046017-x64.msu
Windows6.1-KB3079757-x64.msu

For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3046017-ia64.msu
Windows6.1-KB3079757-ia64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3046017
See Microsoft Knowledge Base Article 3079757
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 8:
Windows8-RT-KB3046017-x86.msu

For all supported x64-based editions of Windows 8:
Windows8-RT-KB3046017-x64.msu

For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3046017-x86.msu

For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3046017-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3046017
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Windows Server 2012:
Windows8-RT-KB3046017-x64.msu

For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3046017-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3046017
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows RT and Windows RT 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.
DeploymentThese updates are available via Windows Update only.
Restart RequirementYes, you must restart your system after you apply this security update.
Removal InformationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File InformationSee Microsoft Knowledge Base Article 3046017

Windows 10 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported 32-bit editions of Windows 10:
KB3081436-Win10-RTM-X86-TSL.msu

For all supported x64-based editions of Windows 10:
KB3081436-Win10-RTM-X64-TSL.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3081436
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Internet Explorer (all editions)

Reference Table

The following table contains the security update information for this software.
Security update deployment informationSee Microsoft Knowledge Base Article 3082442 for deployment information for the Internet Explorer update.

Microsoft Office (all editions)

Reference Table

The following table contains the security update information for this software.
Security update deployment informationSee Microsoft Knowledge Base Article 3080790 for deployment information for the Internet Explorer update.

File hash information

File nameSHA1 hashSHA256 hash
excel2007-kb3054992-fullfile-x86-glb.exe08BC281E951AFA3561F5D64EB8733DAED0B336AFE272B986A11DF9376F79C305BA90136D5337BB7D690222AA703C128D0C6023F6
excel2010-kb3055044-fullfile-x64-glb.exeED5F67A6E172E200A90B2DC569E679D9B0DDE068E62C3DF6A23683F1DA11C50A719A68840D831363C59F0A212932FF4EC04F55E6
excel2010-kb3055044-fullfile-x86-glb.exe5EC9403B04A8649D78D6D435A6160AA282B8F7388DF7AFBC55CABC1F5E6599795D25B0E37E6C909714FA0DBB31C6E2139053AB32
excel2013-kb3054991-fullfile-x64-glb.exe03AB2F6B6339343E52549929D6654C9C593C7E70AA82829F29DDCD3766B7B1CEE76B095E989A2D66A75FDEC2F0C177BE23FB6557
excel2013-kb3054991-fullfile-x86-glb.exeAF94AC2E7EB5D4089166CAA263E24683EF7E79B25ADE1C1AD405772AD97F1DE995B354AA7F8277647FB191A64F4940885E2E607D
kb24286772010-kb3055037-fullfile-x64-glb.exe60DF86CD6967286A40C841EE29C14E76C8653F68E0EA25F2ACF53EF5D2944100F3A730F24108FAD7D55DF441D970FF30B00586A2
kb24286772010-kb3055037-fullfile-x86-glb.exe4C14190615DAB6AF9CE79B54355492E06BC32CCAAD24D9C8821500A811CFA66307FBCAB121A47619B2D066D8B7C5A23B766CF525
powerpoint2007-kb3055051-fullfile-x86-glb.exe3F31E4F34225E95F918C237199D515203436B1CCDA7B2B559CA64EEA41393FB712C66D27E57754AC7AB5BA556E45A6BC2EF5DABD
powerpoint2010-kb3055033-fullfile-x64-glb.exeB0C78459C37259B373F73B2FF9E95D323EC3A969C0B12877FBF2826FB4153995A6485ABC8FDBFB28BA7A56EA4877587BA44BCDC8
powerpoint2010-kb3055033-fullfile-x86-glb.exe861DF0D62D0C57C96308A5350F1673AB01BA01DE9263AFEDA54D682496B510B2F0FC3677F26D72B86D377B45274AF747BC908E84
powerpoint2013-kb3055029-fullfile-x64-glb.exeEED6D3722BC47C58585018F29212B5FA897A196E3995A289CE50CF15E0FBD5E6212E9316FF0ACDC2EA1E6FDAC84E4DCAC645DDAD
powerpoint2013-kb3055029-fullfile-x86-glb.exeABB8BD2CE24A1E4B93420454CDA83F7323C69FB8B7F55EBE9C6B726D38564FA75F8693458A3DD85D0539703D60B0FB933BF3318B
visio2007-kb2965280-fullfile-x86-glb.exe21C0FD0A1EDEDEDD56D62F1DF56922EE1BCA6CA04FE61FB56F509F15102555BF040C4BBDC910A3B8A59EE99F334297D7FE0302B2
visio2010-kb3054876-fullfile-x64-glb.exe5C7D77E6CA4D4AB1082E0C1394D15CA0EEDD6B258CDDEC9382E39D2ABF164EB5DC38EB8FE644537BE8F99238AED88029774E7A8A
visio2010-kb3054876-fullfile-x86-glb.exe7550BAEC3E0A6AA6B41016BC48D0809C7B391FF516280B69B7FA34B4B2779F29BCA6545B5200A068264689784F258FBB83E2F2E6
visio2013-kb3054929-fullfile-x64-glb.exeCDC4918C731C6F8E230A2F4D3CB17A96ADFAFC542320E9AA082D43C2DA20999D91534C8C97D008BAE096EB7BDFF54D4C6AEC8FCA
visio2013-kb3054929-fullfile-x86-glb.exe7EDEAC9C9A686A465FE9ABB71101F2C6889116B6D71DF885732D9D7A45F6FE469990F6AB79DE5BCCCF6F6257161E49C66FBE4497
Windows10.0-KB3046017-x64.msu77275A5632459C2FB2D3E9EE9FB52F8CC9C4AF86B8A0B907C0500222F4F47DC13AABEC702AF6AF3A4F6C3202B9894BC850872042
Windows6.0-KB3046017-ia64.msu6DD3974AB32EC879DEFCE670C6ED44792E61FB73C71F3023DE25DDF0CE915714CFDE3A2829C3FEEA74F3DED72DCD5AF666424738
Windows6.0-KB3046017-x64.msu61160D19679324B263648F56F35AEC5CCD873B43934312FDB19A4E74782C0BFA88B3AC265D2CDB40EB5F71881C46F7FC163AA654
Windows6.0-KB3046017-x86.msu5861893A0C17321E1C364BF09CF1E74FFA56E9167D93E248938C8E08AFF8450EEBF076322128EFB89B0842E48D576D4CF0CA850D
Windows6.0-KB3079757-ia64.msuF8489173A5314523D31B0FDE5EF33798252B40717AE792B21F46E3F03D9F723938DD30DED5304689E2A9091DDBC06B65226F51A3
Windows6.0-KB3079757-x64.msu1E9C4F9415F0ABBEED7EF729F1FC98D30BB82C0B3734D1046F9D47C8EF1EFCB0060F94A405627B089465F3E9D7E66C1F8FE1E6B8
Windows6.0-KB3079757-x86.msuA319066249C7321BAC1DD26B00478C0975F4AD5E9CA044F5287D897E8DE01FCABD2238ED2E8D3E2C3A22CA7F23092F32BE4BD065
Windows6.1-KB3046017-ia64.msu5BEE66E0CA2AD3B703AF1C384FF533E3C3EE8AFE3FAFDC3C10F6A1EE90C53BCC9B97C1C79346CCF360224F784133A3BFC228145A
Windows6.1-KB3046017-x64.msu5451208CCC96F656F55F35FCA5997801E1676BCB2178021D5B68584F77279FFF54DFBFFECC352A29C042B53D777F264BB17EDD57
Windows6.1-KB3046017-x86.msu3488CDF522E5EFAB03C0F9325BFD40D4F1C8B0E66A00886B9030F22AC2F8828C2BCACB74CA10436F1FC6F18869788DD97888F655
Windows6.1-KB3079757-ia64.msuFCFF5D1D92C3A253E462F78B8D93A1B14C0A7B302542CA3B02774FD4F9011FCDCB12C5A0580167F746A62C58C06E68F9707832FF
Windows6.1-KB3079757-x64.msuD236C9931D55ADB2AE73F39D19E809C02718E140D3C3DD3212314A7CB40D0BFA14540912D338B9FEA7598504AB6336454B544552
Windows6.1-KB3079757-x86.msuE4663807A213882B72C55276F4542678BE797AA360DE123D1F028330604010FF4F207B1922D8DCD2ACB0F20260A7712BA3B66DF0
Windows8.1-KB3046017-arm.msu4CF2B84D16A754A88EDFE13C77609585721165C8BD6C0624BA27624A75FAC964D1EECDF67BF7770DF3F1325E81DF26AD5FF93CF2
Windows8.1-KB3046017-x64.msuCFD784AE9E40BCD30ADF46D822BF48A601B218CB35E5CF31A089EA45738331F68EF77C6AA7D3DF1FB7C7121C9D469B9F62E4C09F
Windows8.1-KB3046017-x86.msuA9F1C0E3B41898BC3BE41DFEB313725CD7386D2A03F65A42C2268721A01EC4378584DDB796CF06186D4181C34D9A6F35EEAA7009
Windows8-RT-KB3046017-arm.msuC7109615EB83E75C25008DBF324A2513CBAF64AA65F26744F944550BDF8319A1FEECEDCE3D91D0C770826629B5D00EB80F9B3AEB
Windows8-RT-KB3046017-x64.msu07875D4B4B52A1DE1BCF00497FE952E811DE289C60ADBF15BB00255A142638D51CEA187B773436654C5EFDC9E8CF5E664536C687
Windows8-RT-KB3046017-x86.msu624A1EC2D60F36201C740ED7CE43AF1E1DCB23F084E50A9022DC5EF36187415E329693A98659B71A9F701A1850F29F39E6C2D1FE
word2007-kb3055052-fullfile-x86-glb.exeCEA6A24F76A0E6B625D9C4C1279B41DC52E99CD23DFB2975B2E0F1697B7052D8E258F4AD484A50A53A097D26D9B29EDECB3E87F3
word2010-kb3055039-fullfile-x64-glb.exeD0EEE3B6AB235929F9B84698D80BA81FE6861A57A3A9ABAC6B2AC2A9C4555A83133C355D2FB1ECF9261B9D74488759501D05DF10
word2010-kb3055039-fullfile-x86-glb.exe3FE60D1C245EBB81849F928BC26EE82B36CD97BAB4B5AD42E9160C979FAAD96BCF47E524C6122EDC1C5130CAE519DF6CC119F518
word2013-kb3055030-fullfile-x64-glb.exe301864D002B730FA3E29940A38B30C1A57AC5E738ADF612175B69AC0854EFBE9A2D895F72404A3DB56FAC474F45682A032B0BF15
word2013-kb3055030-fullfile-x86-glb.exe7C0891EC48BF604F7F5005FA45C247358929C46B5E1A6209A784E5921DF9E4B8177FFD0B7B51CDAE16947836F40E29D645872E08

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
malicious attacker exploit
Properties

Article ID: 3082458 - Last Review: 08/11/2015 17:17:00 - Revision: 1.0

, , , , , , , , , , , , , , , , , Windows Server 2008 R2 Service Pack 1, Windows 7 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2, , , , ,

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB3082458
Feedback