MS15-005: Vulnerability in Network Location Awareness service could allow security feature bypass: January 13, 2015

Summary

This security update resolves a vulnerability in Microsoft Windows that could allow security feature bypass by unintentionally relaxing the firewall policy or configuration of certain services. This unintentional behavior occurs when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic that is initiated by the victim.

Introduction

Microsoft has released security bulletin MS15-005. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Note Windows Server 2003 is affected, but an update is not being issued for it. See the Update FAQ of bulletin MS15-005 for more information.

Windows Vista (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Vista:
Windows6.0-KB3022777-x86.msu

For all supported x64-based editions of Windows Vista:
Windows6.0-KB3022777-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3022777

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3022777-x86.msu

For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3022777-x64.msu

For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3022777-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3022777

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 7:
Windows6.1-KB3022777-x86.msu

For all supported x64-based editions of Windows 7:
Windows6.1-KB3022777-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update. Or, you can stop the nlasvc service, apply the security update, and then start the nlasvc service.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3022777

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3022777-x64.msu

For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3022777-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3022777

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 8:
Windows8-RT-KB3022777-x86.msu

For all supported x64-based editions of Windows 8:
Windows8-RT-KB3022777-x64.msu

For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3022777-x86.msu

For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3022777-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3022777

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:
Windows8-RT-KB3022777-x64.msu

For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3022777-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3022777

Registry key verification

Note A registry key does not exist to validate the presence of this update.


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.


  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.0.6002.19xxx

    Windows Vista SP2 and Windows Server 2008 SP2

    SP2

    GDR

    6.0.6002.23xxx

    Windows Vista SP2 and Windows Server 2008 SP2

    SP2

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.0.6002.19250

93,184

06-Dec-2014

03:14

x86

Nlaapi.dll

6.0.6002.19250

48,640

06-Dec-2014

03:14

x86

Nlasvc.dll

6.0.6002.19250

174,080

06-Dec-2014

03:14

x86

Ncsi.dll

6.0.6002.23557

93,184

06-Dec-2014

02:51

x86

Nlaapi.dll

6.0.6002.23557

48,640

06-Dec-2014

02:51

x86

Nlasvc.dll

6.0.6002.23557

174,592

06-Dec-2014

02:51

x86

For all supported x64-based versions of Windows Vista and Windows Server 2008

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.0.6001.18000

109,056

19-Jan-2008

08:03

x64

Nlaapi.dll

6.0.6002.19250

61,440

06-Dec-2014

02:54

x64

Nlasvc.dll

6.0.6002.19250

205,824

06-Dec-2014

02:54

x64

Ncsi.dll

6.0.6002.23557

109,056

06-Dec-2014

02:35

x64

Nlaapi.dll

6.0.6002.23557

61,440

06-Dec-2014

02:36

x64

Nlasvc.dll

6.0.6002.23557

206,848

06-Dec-2014

02:36

x64

Ncsi.dll

6.0.6002.19250

93,184

06-Dec-2014

03:14

x86

Nlaapi.dll

6.0.6002.19250

48,640

06-Dec-2014

03:14

x86

Ncsi.dll

6.0.6002.23557

93,184

06-Dec-2014

02:51

x86

Nlaapi.dll

6.0.6002.23557

48,640

06-Dec-2014

02:51

x86

For all supported IA-64-based versions of Windows Server 2008

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.0.6001.18000

269,824

19-Jan-2008

08:29

IA-64

Nlaapi.dll

6.0.6001.18000

150,016

19-Jan-2008

08:29

IA-64

Nlasvc.dll

6.0.6002.19250

451,584

06-Dec-2014

02:38

IA-64

Ncsi.dll

6.0.6002.23557

269,312

06-Dec-2014

02:15

IA-64

Nlaapi.dll

6.0.6002.23557

150,016

06-Dec-2014

02:15

IA-64

Nlasvc.dll

6.0.6002.23557

452,608

06-Dec-2014

02:15

IA-64

Ncsi.dll

6.0.6002.19250

93,184

06-Dec-2014

03:14

x86

Nlaapi.dll

6.0.6002.19250

48,640

06-Dec-2014

03:14

x86

Ncsi.dll

6.0.6002.23557

93,184

06-Dec-2014

02:51

x86

Nlaapi.dll

6.0.6002.23557

48,640

06-Dec-2014

02:51

x86


  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.7601.18xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    GDR

    6.1.7601.22xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.1.7601.17964

156,672

03-Oct-2012

16:42

x86

Nlaapi.dll

6.1.7601.17964

52,224

03-Oct-2012

16:42

x86

Nlasvc.dll

6.1.7601.18685

242,688

06-Dec-2014

03:50

x86

Nlasvc.ptxml

Not Applicable

2,494

13-Jul-2009

20:54

Not Applicable

Ncsi.dll

6.1.7601.22893

162,304

06-Dec-2014

04:18

x86

Nlaapi.dll

6.1.7601.22137

52,224

18-Oct-2012

19:37

x86

Nlasvc.dll

6.1.7601.22893

242,688

06-Dec-2014

04:18

x86

Nlasvc.ptxml

Not Applicable

2,494

13-Jul-2009

20:54

Not Applicable

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.1.7601.17964

216,576

03-Oct-2012

17:44

x64

Nlaapi.dll

6.1.7601.17964

70,656

03-Oct-2012

17:44

x64

Nlasvc.dll

6.1.7601.18685

303,616

06-Dec-2014

04:17

x64

Nlasvc.ptxml

Not Applicable

2,494

03-Oct-2012

11:47

Not Applicable

Ncsi.dll

6.1.7601.22893

223,744

06-Dec-2014

04:31

x64

Nlaapi.dll

6.1.7601.22137

70,656

18-Oct-2012

20:31

x64

Nlasvc.dll

6.1.7601.22893

303,616

06-Dec-2014

04:31

x64

Nlasvc.ptxml

Not Applicable

2,494

18-Oct-2012

14:47

Not Applicable

Ncsi.dll

6.1.7601.17964

156,672

03-Oct-2012

16:42

x86

Nlaapi.dll

6.1.7601.17964

52,224

03-Oct-2012

16:42

x86

Ncsi.dll

6.1.7601.22893

162,304

06-Dec-2014

04:18

x86

Nlaapi.dll

6.1.7601.22137

52,224

18-Oct-2012

19:37

x86

Ncsi.dll

6.1.7601.18685

156,672

06-Dec-2014

03:50

x86

Nlaapi.dll

6.1.7601.18685

52,224

06-Dec-2014

03:50

x86

Wow64_nlasvc.ptxml

Not Applicable

2,494

06-Dec-2014

01:07

Not Applicable

Ncsi.dll

6.1.7601.22893

162,304

06-Dec-2014

04:18

x86

Nlaapi.dll

6.1.7601.22893

52,224

06-Dec-2014

04:18

x86

Wow64_nlasvc.ptxml

Not Applicable

2,494

06-Dec-2014

01:08

Not Applicable

For all supported IA-64-based versions of Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.1.7601.17964

480,768

03-Oct-2012

16:30

IA-64

Nlaapi.dll

6.1.7601.18685

156,672

06-Dec-2014

03:30

IA-64

Nlasvc.dll

6.1.7601.18685

603,648

06-Dec-2014

03:30

IA-64

Nlasvc.ptxml

Not Applicable

2,494

03-Oct-2012

11:40

Not Applicable

Ncsi.dll

6.1.7601.22893

485,888

06-Dec-2014

03:19

IA-64

Nlaapi.dll

6.1.7601.22893

156,672

06-Dec-2014

03:19

IA-64

Nlasvc.dll

6.1.7601.22893

603,648

06-Dec-2014

03:19

IA-64

Nlasvc.ptxml

Not Applicable

2,494

18-Oct-2012

14:40

Not Applicable

Ncsi.dll

6.1.7601.18685

156,672

06-Dec-2014

03:50

x86

Nlaapi.dll

6.1.7601.18685

52,224

06-Dec-2014

03:50

x86

Wow64_nlasvc.ptxml

Not Applicable

2,494

06-Dec-2014

01:07

Not Applicable

Ncsi.dll

6.1.7601.22893

162,304

06-Dec-2014

04:18

x86

Nlaapi.dll

6.1.7601.22893

52,224

06-Dec-2014

04:18

x86

Wow64_nlasvc.ptxml

Not Applicable

2,494

06-Dec-2014

01:08

Not Applicable


  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.17 xxx

    Windows 8 and Windows Server 2012

    RTM

    GDR

    6.2.920 0.21 xxx

    Windows 8 and Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.2.9200.17199

284,160

06-Dec-2014

06:09

x86

Nlaapi.dll

6.2.9200.17199

55,296

06-Dec-2014

06:09

x86

Nlasvc.dll

6.2.9200.17199

287,232

06-Dec-2014

06:09

x86

Nlasvc.ptxml

Not Applicable

4,075

20-Sep-2012

01:48

Not Applicable

Ncsi.dll

6.2.9200.20623

283,136

02-Feb-2013

07:03

x86

Nlaapi.dll

6.2.9200.16384

55,296

26-Jul-2012

03:19

x86

Nlasvc.dll

6.2.9200.21316

286,720

06-Dec-2014

05:41

x86

Nlasvc.ptxml

Not Applicable

4,075

25-Jul-2012

20:36

Not Applicable

For all supported x64-based versions of Windows 8 and Windows Server 2012

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.2.9200.17199

384,000

06-Dec-2014

07:52

x64

Nlaapi.dll

6.2.9200.17199

72,192

06-Dec-2014

07:52

x64

Nlasvc.dll

6.2.9200.17199

357,376

06-Dec-2014

07:52

x64

Nlasvc.ptxml

Not Applicable

4,075

20-Sep-2012

01:45

Not Applicable

Ncsi.dll

6.2.9200.20623

385,024

02-Feb-2013

06:54

x64

Nlaapi.dll

6.2.9200.16384

72,192

26-Jul-2012

03:06

x64

Nlasvc.dll

6.2.9200.21316

356,352

06-Dec-2014

06:41

x64

Nlasvc.ptxml

Not Applicable

4,075

25-Jul-2012

20:32

Not Applicable

Nlaapi.dll

6.2.9200.17199

55,296

06-Dec-2014

06:09

x86

Wow64_nlasvc.ptxml

Not Applicable

4,075

02-Feb-2013

03:12

Not Applicable

Nlaapi.dll

6.2.9200.20623

55,296

02-Feb-2013

07:03

x86

Wow64_nlasvc.ptxml

Not Applicable

4,075

02-Feb-2013

01:41

Not Applicable


For all supported x86-based versions of Windows 8.1

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.3.9600.17550

273,408

06-Dec-2014

02:36

x86

Nlaapi.dll

6.3.9600.17415

65,536

29-Oct-2014

01:01

x86

Nlasvc.dll

6.3.9600.17550

314,880

06-Dec-2014

01:28

x86

Nlasvc.ptxml

Not Applicable

4,075

21-Aug-2013

23:41

Not Applicable

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File name

File version

File size

Date

Time

Platform

Ncsi.dll

6.3.9600.17550

360,448

06-Dec-2014

03:17

x64

Nlaapi.dll

6.3.9600.17415

86,016

29-Oct-2014

01:24

x64

Nlasvc.dll

6.3.9600.17550

391,680

06-Dec-2014

01:41

x64

Nlasvc.ptxml

Not Applicable

4,075

22-Aug-2013

06:46

Not Applicable

Nlaapi.dll

6.3.9600.17415

65,536

29-Oct-2014

01:01

x86

Wow64_nlasvc.ptxml

Not Applicable

4,075

21-Aug-2013

23:41

Not Applicable


Windows6.0-KB3022777-ia64.msu

8B670AB57FB1D43B45006916F6EB9AF7AD12080F

65886D03A6303BDDC0DC3F23413EB54A8566B629ED86371D01CB92BD6A3D31CF

Windows6.0-KB3022777-x86.msu

52E88D1C428F9A0160BA895352FDAF3BE6EE0263

050D2486826CC32137069FE36750D057459453A93E1885759F0AD1A65D4E7A0A

Windows6.1-KB3022777-ia64.msu

34190DCAADA37F7143458108408AE8388D83020D

6BD9D29C3D965A379B9CCBCBB09575599D5BD588CCA2119E9FFF60E627479FE1

Windows6.1-KB3022777-x86.msu

8F68CAD0FDCF82B019582C0FDF1EECD1CBA672CD

3F8DC08D1113BDD2E56546E4EACC6F7F1A4ED7B55A03B627E1BDAB616468A18B

Windows8.1-KB3022777-x86.msu

BC3EEA48322EA52C9FC2B25D616BCE242A19C03F

45883E63E92BEBC3E552258426248CB23E42692EFF6AD5D14E44C6173A1B5476

Windows8-RT-KB3022777-x86.msu

DCE15556E802A436FCA33F4745EC96D9D9033757

613CA55BE4BACAA23D50BFD74BDA342CF6FBDA297E1C787EA0A010B4B284ECC3


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×