MS15-037: Vulnerability in Windows Task Scheduler could allow elevation of privilege: April 14, 2015

Summary

This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could take advantage of a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then do the following:

  • Install programs

  • View, change, or delete data

  • Create new accounts that have full user rights

Introduction

Microsoft has released security bulletin MS15-037. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Windows 7 (all editions)
Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 7:
Windows6.1-KB3046269-x86.msu


For all supported x64-based editions of Windows 7:
Windows6.1-KB3046269-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

This update does not require a restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3046269

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)
Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3046269-x64.msu


For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3046269-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

This update does not require a restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base Article 3046269

Registry key verification

Note A registry key does not exist to validate the presence of this update.


File name

SHA1 hash

SHA256 hash

Windows6.1-KB3046269-ia64.msu

AC68FED41565097A414BACAE196E4A29B2912E0F

8D0C0F6E45B8AAC7BE06327030201BBE6E2334CE7A346F845A491F9E77B1B25A

Windows6.1-KB3046269-x64.msu

9CDABEB9C2A859414C27C4F981D6B1334AEE0AD5

27C6571F92D7B220E0B3A7BDBBDF05B7762AF58468E77E2AA7F1F5D9278C367B

Windows6.1-KB3046269-x86.msu

DAD279443DC5E3446BB2B478252C90D5F115FAF1

5119EAF82A23ABE8A834C656F5D1AC9368F7642FF12A254E96FBC62A75144A05


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×