MS15-029: Vulnerability in Windows Photo Decoder component could allow information disclosure: March 10, 2015

Summary

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website that contains a specially crafted JPEG XR (.JXR) image. This vulnerability would not allow an attacker to execute code or to elevate his or her user rights directly. But this vulnerability could be used to obtain information that could be used to try to further compromise the affected system. 

Introduction

Microsoft has released security bulletin MS15-029. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Windows Vista (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Vista:
Windows6.0-KB3035126-x86.msu


For all supported x64-based editions of Windows Vista:
Windows6.0-KB3035126-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

WUSA.exe does not support the uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3035126-x86.msu


For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3035126-x64.msu


For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3035126-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

WUSA.exe does not support the uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 7:
Windows6.1-KB3035126-x86.msu


For all supported x64-based editions of Windows 7:
Windows6.1-KB3035126-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3035126-x64.msu


For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3035126-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 8:
Windows8-RT-KB3035126-x86.msu


For all supported x64-based editions of Windows 8:
Windows8-RT-KB3035126-x64.msu


For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3035126-x86.msu


For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3035126-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:
Windows8-RT-KB3035126-x64.msu


For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3035126-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows RT and Windows RT 8.1 (all editions)Reference Table

The following table contains the security update information for this software.

Deployment

These updates are available via Windows Update only.

Restart Requirement

Yes, you must restart your system after you apply this security update.

Removal Information

Click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File Information

See the file information section.


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.




  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.0.6002.18xxx

    Windows Vista SP2 and Windows Server 2008 SP2

    SP2

    GDR

    6.0.6002.23xxx

    Windows Vista SP2 and Windows Server 2008 SP2

    SP2

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

7.0.6002.19299

369,664

29-Jan-2015

02:06

x86

Wmphoto.dll

7.0.6002.23609

369,664

29-Jan-2015

01:35

x86

For all supported x64-based versions of Windows Vista and Windows Server 2008

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

7.0.6002.19299

449,024

29-Jan-2015

01:42

x64

Wmphoto.dll

7.0.6002.23609

449,024

29-Jan-2015

01:33

x64

Wmphoto.dll

7.0.6002.19299

369,664

29-Jan-2015

02:06

x86

Wmphoto.dll

7.0.6002.23609

369,664

29-Jan-2015

01:35

x86

For all supported IA-64-based versions of Windows Server 2008

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

7.0.6002.19299

793,600

29-Jan-2015

01:25

IA-64

Wmphoto.dll

7.0.6002.23609

793,600

29-Jan-2015

01:05

IA-64

Wmphoto.dll

7.0.6002.19299

369,664

29-Jan-2015

02:06

x86

Wmphoto.dll

7.0.6002.23609

369,664

29-Jan-2015

01:35

x86


  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.7601.18xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    GDR

    6.1.7601.22xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.1.7601.18742

318,464

04-Feb-2015

02:54

x86

Wmphoto.dll

6.1.7601.22949

318,464

04-Feb-2015

03:24

x86

Wmphoto.dll

6.2.9200.17254

417,792

04-Feb-2015

02:54

x86

Wmphoto.dll

6.2.9200.21371

417,792

04-Feb-2015

03:23

x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.1.7601.18742

392,192

04-Feb-2015

03:16

x64

Wmphoto.dll

6.1.7601.22949

392,192

04-Feb-2015

03:46

x64

Wmphoto.dll

6.2.9200.17254

465,920

04-Feb-2015

03:16

x64

Wmphoto.dll

6.2.9200.21371

465,920

04-Feb-2015

03:46

x64

Wmphoto.dll

6.1.7601.18742

318,464

04-Feb-2015

02:54

x86

Wmphoto.dll

6.1.7601.22949

318,464

04-Feb-2015

03:24

x86

Wmphoto.dll

6.2.9200.17254

417,792

04-Feb-2015

02:54

x86

Wmphoto.dll

6.2.9200.21371

417,792

04-Feb-2015

03:23

x86

For all supported IA-64-based versions of Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.1.7601.18742

792,576

04-Feb-2015

02:36

IA-64

Wmphoto.dll

6.1.7601.22949

792,576

04-Feb-2015

02:40

IA-64

Wmphoto.dll

6.1.7601.18742

318,464

04-Feb-2015

02:54

x86

Wmphoto.dll

6.1.7601.22949

318,464

04-Feb-2015

03:24

x86


  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.16 xxx

    Windows 8 and Windows Server 2012

    RTM

    GDR

    6.2.920 0.20 xxx

    Windows 8 and Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.2.9200.17247

368,640

24-Jan-2015

05:00

x86

Wmphoto.dll

6.2.9200.21364

368,640

24-Jan-2015

04:46

x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.2.9200.17247

420,864

24-Jan-2015

06:43

x64

Wmphoto.dll

6.2.9200.21364

420,864

24-Jan-2015

05:40

x64

Wmphoto.dll

6.2.9200.17247

368,640

24-Jan-2015

05:00

x86

Wmphoto.dll

6.2.9200.21364

368,640

24-Jan-2015

04:46

x86


For all supported x86-based versions of Windows 8.1

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.3.9600.17668

357,376

28-Jan-2015

01:11

x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File name

File version

File size

Date

Time

Platform

Wmphoto.dll

6.3.9600.17668

402,432

28-Jan-2015

01:31

x64

Wmphoto.dll

6.3.9600.17668

357,376

28-Jan-2015

01:11

x86


File name

SHA1 hash

SHA256 hash

Windows6.0-KB3035126-ia64.msu

B519D6827D275E387BCE922486266E542F8E0DCD

5E87E0E824E2D714ACC37E2B9EC8E5B699C493F4AD98EAB8F2D1C01D0936A09B

Windows6.0-KB3035126-x64.msu

D579AB02F12C73FC75586A53B014B37706A5CC9B

CD5FD37AEFBD0A878D59F69C9D78A07FD9710A688FF23148AF3F6AFF68C761DD

Windows6.0-KB3035126-x86.msu

D82C89C73FE46B2DA47D3A7D8A74F736DA68CC59

F59AC48116EA9414656B6672BD772AA8CDEE80077E36A95822697CE5547DBC15

Windows6.1-KB3035126-ia64.msu

44BCB6E8DD0CB2642F3BCCEC980F809AB51A66EE

A5CA33DB0B1AA1E05B8377C426B6915DACE314E45B52F755E13CE449E8C4E18D

Windows6.1-KB3035126-ia64.msu

7D20A2BBFB997076EA4B2619D90BE0D3E72EDB1D

F222D112D895C04086CD81942BBBA774D775E7B5D193B2EE26E9A0427711AA8B

Windows6.1-KB3035126-ia64.msu

9C34E7EE499E35F5D275D67A603EC8648FE7CC30

703FFB5A7FA06AE15B0508530FB5F4F18ED5F77ABD7E961EFF95BBBEE28F2D00

Windows6.1-KB3035126-x64.msu

BA6BF5118BC60BE7F824C4DBA9131185E4755646

8AB8506D38F13FBFCFA75AA7643B493CC15806B8FB985F5378C9E16E548F230E

Windows6.1-KB3035126-x64.msu

C5388718E43DC346A6C4E53E5F7E4DFF446DD40C

86401F61D2E6104DE754C1E2C0752D6DFD83E44129AE12BD4105C613CACE13DF

Windows6.1-KB3035126-x64.msu

D2CE39B7B278B6464DF9E99BD9F2935ED1712B66

9639137C23A70A28B2E6B313B0EFEBDDB930F6C273BDE12B7EFD1BDE137D514A

Windows6.1-KB3035126-x86.msu

65E46B3D10323CEE458B2ED8906B4395A3407E55

E5B195F452E8BDB675E0C4E517A7D8CCA9DF2712A8BA54C87C464C0346EB5C21

Windows6.1-KB3035126-x86.msu

AE7082853EFE58AF790022E7279D1A96A810BD73

2AF9063F4E8700FC5858E48DB68B3456E9238BA532312EC2525EED9158C08384

Windows6.1-KB3035126-x86.msu

C357B359ED20306FB2A1E5182976C3786898732A

129FD85801179509C66422B4A4423D7CEEC660B820B18A54F2DEE16ADDC3B720

Windows8.1-KB3035126-x64.msu

6D9F28B676B7EE992BDD35C0297F8F95576C360F

AA2D3C4E01272D005E4219B6CBDB08C1FBF60466A7A2C4FA9EF3B984E44DA45D

Windows8.1-KB3035126-x86.msu

BB2255216C32C2BCEE7DB96B6A2CAD44C848A088

A78B46924716652A1D4CBEDEEC0A9D63C1207C703766528BE59E9B36DFD32748

Windows8-RT-KB3035126-x64.msu

5D6A620C7DEC64494A5CA180612B8EA5693956E3

6BF69E4E8B13040DDAA75B97B88774327FEF51584FF558D9DCCBF3E441E14E53

Windows8-RT-KB3035126-x86.msu

B765EA52630296CA1426CFEF32FEF99F86EB4F4E

CD23ED0F4A2051C0D1619A1515FF92C54C5F2AE0E0D65F55E31755106FEE5A3F


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×