Summary

This security update resolves address space layout randomization (ASLR) security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these ASLR bypasses together with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. The update addresses the ASLR bypasses by helping to make sure that affected versions of JScript and VBScript correctly implement the ASLR security feature. 

Introduction

Microsoft has released security bulletin MS15-053. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:Support for Microsoft UpdateSecurity solutions for IT professionals:TechNet Security Troubleshooting and SupportHelp protect your Windows-based computer from viruses and malware:Virus Solution and Security CenterLocal support according to your country:International Support

More Information

Known issues and more information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.

  • 3050941 MS15-053: Description of the security update for VBScript and JScript 5.8: May 12, 2015

  • 3050945 MS15-053: Description of the security update for VBScript and JScript 5.7: May 12, 2015

  • 3050946 MS15-053: Description of the security update for VBScript and JScript 5.6: May 12, 2015

Windows Server 2003 (all editions)Reference TableThe following table contains the security update information for this software.

Security update file names

For JScript 5.6 and VBScript 5.6 on all supported 32-bit editions of Windows Server 2003:WindowsServer2003-KB3050946-x86-ENU.exe

For JScript 5.6 and VBScript 5.6 on all supported x64-based editions of Windows Server 2003:WindowsServer2003-KB3050946-x64-ENU.exe

For JScript 5.6 and VBScript 5.6 on all supported Itanium-based editions of Windows Server 2003:WindowsServer2003-KB3050946-ia64-ENU.exe

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Server 2003:WindowsServer2003-KB3050945-x86-ENU.exe

For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Server 2003:WindowsServer2003-KB3050945-x64-ENU.exe

For JScript 5.7 and VBScript 5.7 on all supported Itanium-based editions of Windows Server 2003:WindowsServer2003-KB3050945-ia64-ENU.exe

Installation switches

See Microsoft Knowledge Base Article 262841

Update log file

For JScript 5.6 and VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:KB3050946.log

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:KB3050945.log

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

For JScript 5.6 and VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3050946$\Spuninst folder.

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:Use the Add or Remove Programs item in Control Panel, or use the Spuninst.exe utility that is located in the %Windir%\$NTUninstallKB3050945$\Spuninst folder.

File information

See the file information section of the related KB article.

Registry key verification

For JScript 5.6 and VBScript 5.6 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3050946\Filelist

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3050945\Filelist

Windows Vista (all editions)Reference TableThe following table contains the security update information for this software.

Security update file names

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Vista:Windows6.0-KB3050945-x86.msu

For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Vista:Windows6.0-KB3050945-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section of the related KB article.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)Reference TableThe following table contains the security update information for this software.

Security update file names

For JScript 5.7 and VBScript 5.7 on all supported 32-bit editions of Windows Server 2008:Windows6.0-KB3050945-x86.msu

For JScript 5.7 and VBScript 5.7 on all supported x64-based editions of Windows Server 2008:Windows6.0-KB3050945-x64.msu

For JScript 5.7 and VBScript 5.7 on all supported Itanium-based editions of Windows Server 2008:Windows6.0-KB3050945-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section of the related KB article.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)Reference TableThe following table contains the security update information for this software.

Security update file name

For JScript 5.8 and VBScript 5.8 on all supported Server Core installations of x64-based editions of Windows Server 2008 R2 only:Windows6.1-KB3050941-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, and then click System and Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section of the related KB article.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

File information

File name

SHA1 hash

SHA256 hash

Windows6.0-KB3050945-ia64.msu

08623F5D87CD078016AB206B9EDB22908C4A7D71

054B9344D7BAC06CBD71EB9B6CA7074C66D9DC0BF8AEA3F07F3C2E40409140A7

Windows6.0-KB3050945-x64.msu

F8064C8CC6A18C45454751FC97B9E8CDD75E8D28

AFFFF3FD31D4BEA7D01AAF0586E8FBE19D76DA6227BFF83F422386ECACEF7775

Windows6.0-KB3050945-x86.msu

CA0CA8D45E8827DB875B47F14A1B1D27ADAA86F5

E924115BDA30CDF9CC45D50C67158A132DEE98E000CA81E4449D1AE9244F9E4F

Windows6.1-KB3050941-x64.msu

4C575F5599F5726412FC4BCC4D1D237D1B2A0399

AF407403EA17DB1D3198BE2A99D811E2613CFF3EE9A2213FC5FDF8B9EDEACAA9

WindowsServer2003-KB3050945-ia64-DEU.exe

AC7BEDFBAE861385C9A9FFC0784A3DF5290720E5

D1848EE68B7D648BEC3EE7D32C93F7600AAAA21CCC3A9B1F100ACAD86918515A

WindowsServer2003-KB3050945-ia64-ENU.exe

E03BD2B796E771892271C79A974DE278B1E3D7A3

F97C36063A5F0D91EF35D5DE31B3FB69E45C4CB20F66D4130552AD13E110E234

WindowsServer2003-KB3050945-ia64-FRA.exe

5E252BD2F2988CEA93B0CFF738729EAD8FBEBD08

DDEDBB292484FC2760D20FC1618784E230CC6BCD618A2CCD41230F7DE744D550

WindowsServer2003-KB3050945-ia64-JPN.exe

BC81464F7C21DAA439FC12382D8895EE839321AB

6FE5E6EE6006A88AA8ECAD1C5246ABD50A5715D64D750A00230A9BA1FAD743C8

WindowsServer2003-KB3050945-x64-CHS.exe

373392F1C84C6DAED3E618BF7F06FD801EFA6836

5813C7408517650E58FB2DB89702F124701705CC9DF84FD43856E62570A606B8

WindowsServer2003-KB3050945-x64-CHT.exe

079E0195A0565D3933B4CD3AD6D39C6CCCA7241D

A1CBE7670C47E5629623A0A2E15433648C3AA8AF70C26ED5E3E7C34D8DDD5616

WindowsServer2003-KB3050945-x64-DEU.exe

F1203F3FE2A868199D9B40F3D7A2E2BB3C5A95A4

92042B78D3212BE927DED5FC35F985CC8CF683C30FE855C98C3D8C21B7C2EDC4

WindowsServer2003-KB3050945-x64-ENU.exe

529F3FEB42DC6F6B6EBC0A421DDE9403CC7C4569

14B92DE15DFF68012729F46C35467AA8BC93FA179E75303D6AE2AB9503D62136

WindowsServer2003-KB3050945-x64-ESN.exe

78583406A1C4033567629D8B14E590808F76A3EF

A760945E3000D2C26E5C19B15896DA586B44B394DE36AF65AFCD17F302FF8A4E

WindowsServer2003-KB3050945-x64-FRA.exe

D60F050185BFE8DE49D06DEDBC7DD077388101F6

73B01240A6EBC1D06A9A45AF226F92862B38F18604A5B8BDDC7081FD58D82E44

WindowsServer2003-KB3050945-x64-ITA.exe

BEDA574DA12FB407F171FFBE8461399D26D57626

D36FFA654B4970FCB5EA5824C94C9462E1F50729C8869A2C9DA5FEEA736D4F0F

WindowsServer2003-KB3050945-x64-JPN.exe

0D252219A025B3E17338A50727BD95C1C7F8233B

6B86C2947A54CBB612FA8C9C72661359779B320CF39CB3243E4664DB00072649

WindowsServer2003-KB3050945-x64-KOR.exe

C65BA35DFE7B48E677EFA748E9A44D96608765A6

B8E5DDF103EF6C8DEF2D1F56A0D20C03B2DFF2C054522E7CFA14E83E3B69D59A

WindowsServer2003-KB3050945-x64-PTB.exe

AAEAC1CBB9893E63BB06801E0CDA5688EFCE8191

74B4ECDE9B7F3B2BF83079D76D87A1733F12F0C895FA20627C18A031AB4B782D

WindowsServer2003-KB3050945-x64-RUS.exe

FF193A3F3807BE0A7971273407D0F31BE90EDFAF

59E573BCFB470D0E0D17EC60DB5579817D3499CA0C22C57FD196E15E562CBD22

WindowsServer2003-KB3050945-x86-CHS.exe

19747AF9350616312BA9CA2007164B014291E25A

4CFA3A73AB22E7F8D4836FFF0C3055BB4CC45865C86EA6A57A835D5BC017C581

WindowsServer2003-KB3050945-x86-CHT.exe

92F7BCD80B13711DE4B56F99178DDCFA153D486A

5FB39FA816D0076EB83AF64B562A1513EF59AA266969889D530905EAD4838686

WindowsServer2003-KB3050945-x86-CSY.exe

B3C780143CCC8B52119D722994C3D75A51128403

9050C45B8179F2ABC17CDEA819BCAD08C5ED329BEEA6163E2E449DF3E18ECF01

WindowsServer2003-KB3050945-x86-DEU.exe

7A4804FA7EBA160A7183ADF3C87177E35FFB4EAD

28F77F113B547F66FADBC306ED30F1D70105A5FEA80833A839B17709B151F459

WindowsServer2003-KB3050945-x86-ENU.exe

C718DBC7E2CB7FFB0A3039D76435E0E9738872B0

691E8AFD6DFB4EE0453C71EAE18F38F391EDFD6FE960EBAF0D3A7E9A724752A2

WindowsServer2003-KB3050945-x86-ESN.exe

DA99B1EC40014475EA09870C569DA46B3DCF0070

5868E9D2BAFD51749B54A0B53E252D240D41D703264B93FC884ED601E25C451D

WindowsServer2003-KB3050945-x86-FRA.exe

F59092AF66391C19BBD5C72943C36D36583D5712

A2D4F158D745E28267A915E678FDEDA3D772E42570022FE93E943DE3C2E32F32

WindowsServer2003-KB3050945-x86-HUN.exe

2F7AA953BAE057D3F4778E4826C63AFA21CB0945

020010A67246B7EC6E6554B536B93EF49D9E9AE4A8BF68312BB922A97A61238A

WindowsServer2003-KB3050945-x86-ITA.exe

F49B3CCC2079446557E87C0134B93FC7EA9604AB

83B24EE50268D80E26B540D2C9C3AF3F7842AC02FAFC0CC1C12C9100705A17BA

WindowsServer2003-KB3050945-x86-JPN.exe

20E62D300EFFE74183A9558CDA5BE70EC3E1BB30

8085AE4BED88CFDF4A200407E21886217821B1738B7870143B89024BCF859684

WindowsServer2003-KB3050945-x86-KOR.exe

6B60DBD8C323AC8AB81A135698455D92D3F35B3B

DCB28225503D7B5E28BBD028826CABC969A22FF35EA78022848FAC826A08BF29

WindowsServer2003-KB3050945-x86-NLD.exe

A58D6F000EF32893735D818F8FAB7FF1CE630408

C2A95214C7B4ECD2A07326A498ED54C2B6D254C4A414764BC1BC8D278F2E8DAC

WindowsServer2003-KB3050945-x86-PLK.exe

FD56041238A96B5AFD13A724BDCB754676F241B5

C3019D3777348107ACA5EBA1F44C1514FC9811884574D113CBAC7A5C081F04D8

WindowsServer2003-KB3050945-x86-PTB.exe

B1AA1D1DCE628DB597EABD243CCD513187A60F2A

AD495CC267AB290551AD6E6FDAFDC8EE6424F167608BAD76ACA88CA6CB62FCD2

WindowsServer2003-KB3050945-x86-PTG.exe

15DDA44310AF2C5ED153E3D498B6B9A7140772C5

FE2D746B7E68C49788357E1C4EF345A75125BCB43B7FA157F0635478B5D24F5B

WindowsServer2003-KB3050945-x86-RUS.exe

5D9F6ADF689AAEB66464AD5C41F56A8F4DE5213A

3658670608EA74ABD4A3EE2ADA94BDC41036FAA05EAA94E6F651DF2C1F7A908E

WindowsServer2003-KB3050945-x86-SVE.exe

813E9BB1C1142689950CF9A364DEAFA51B8EFAAE

26D52F17E1BEBBE5AE7F2FDF3884781B126784C95D3ACCF745CAB6D9839DF3FD

WindowsServer2003-KB3050945-x86-TRK.exe

EC06A3964ACB7E7D0C3E148710ADDC50806420E8

A5B278644BB095DC5D2087995CEEAFD773C8EA1458D3F7A8D02EE2B86DD3DAA2

WindowsServer2003-KB3050946-ia64-DEU.exe

08624A7AEB32949B57D2DFB8A9E3B19F08F52E12

582E6F656C15E4F2223AF9A82A8CEDD32BFAD60907D6D05B54117714B9F3F824

WindowsServer2003-KB3050946-ia64-ENU.exe

52A33392904CC9FF05ED4A0A7F2FDB2248F673E0

D7EA886C2DFA287079539FB720AFEF87C350FB8D826F8910915B0E94E033F3CE

WindowsServer2003-KB3050946-ia64-FRA.exe

D88899ED2F6EF9BEFA00812AE8EEC205BA9FB84B

8CF78C8B3A7CA805A4E1ABABCC17EFF10D78BD7E0A58E8CEB236F577E5518D83

WindowsServer2003-KB3050946-ia64-JPN.exe

A3E279A0ABA0C2FBD35C171D0CB76C8A550AF8B7

0A24067DF0286363AF9BC2162B4ADF16D16F12068CFB5A93D5FBB03C5E4FD227

WindowsServer2003-KB3050946-x64-CHS.exe

B757772589AC82E13B208D3F63EFA34244F38DE1

FDE38638494A2E1A86A9449663A269F0DD82E9F3AE017D545828364C5570AA17

WindowsServer2003-KB3050946-x64-CHT.exe

FCC6328084D9F6B19BE930D0239C53C67F107F2D

AE60339F480F0B72BC828627D0F18ADBDC05CFA5CCA47328844806CF26B1151F

WindowsServer2003-KB3050946-x64-DEU.exe

CBAABED10E0D49BE246D9137C1D9D508394BF829

4027E9FE7130200049DBF31778193F8B6207937C437B5E3E7B99A43CBE45C51C

WindowsServer2003-KB3050946-x64-ENU.exe

FDB81DCC106FFCE2E5FC67378017A7FDD9A84C8E

2AD7D18DAB06E3BA9F7BB4E6495E21DD88C82E11DFE7357FC70606404125D709

WindowsServer2003-KB3050946-x64-ESN.exe

4C15F8BE6D71BA19C7327842744E12C99739C164

C6FC4D616BF21A491B35F4CB8357C6C1EECCAC8D75E2FD90381B95DE03447E13

WindowsServer2003-KB3050946-x64-FRA.exe

36B76F514414BDF100A80BBCCDB1BD9E71D6A779

3BC5D570C8E63A19B9EA5BCCBE138F1D6F0BD8ADB45BDE114FA14D67F2CFA103

WindowsServer2003-KB3050946-x64-ITA.exe

15E788CFB8F9E13900AACB5EC3DA3DD4885EA798

62FAD8FEF053DDDFD160696A8A663623A17B377C35A25F73087DAD224A93C41E

WindowsServer2003-KB3050946-x64-JPN.exe

2DD1D7D556AC24056100CDBE414A4CD91FF748B0

B1A10AD99B2583D51D9F0214C24870375247848172C2AABFC1E0AC91DC851D63

WindowsServer2003-KB3050946-x64-KOR.exe

93D06F0AD46C377638382022925FD4E913791A5E

95015B5F16C789AA35F49CE406CC40A0FC4E3C47E576330963B94E681B8BC8A1

WindowsServer2003-KB3050946-x64-PTB.exe

461F96946895FACBCD37CEA792E0CE43818399EF

5F12461B704EF3E3D8EFF0D7F357E09D0C0D209F226930C1618906BFB5610112

WindowsServer2003-KB3050946-x64-RUS.exe

45A2DB89D9C19461FF6648E3934E49DEA6F58CEA

C8B271FD87DC4C4FEB711EFE58A3F079078BBAEF2A71EE8A0A5B2CCD2D0B59C3

WindowsServer2003-KB3050946-x86-CHS.exe

0824FBCC2B143CC02A2242C3708FEADDAA1561B7

776D548EDBA4AB7E7CEF5190BDD260FDEBD2FCE89D7FAAEB3DCB2FBB6F3ABD27

WindowsServer2003-KB3050946-x86-CHT.exe

D4E8B970EA6F44CE6BD64F4583A5D602569ED3A4

D6C2112730CD64927369FFCB609F288CB30CD0F2B6F5CB85686C9F88099C438E

WindowsServer2003-KB3050946-x86-CSY.exe

60DC24BDE74CF1C7EC23AF5A37B62C2971FEA0D9

29DA0EBF9D3725C4991BBB27F31D2E6AB1D3F313E937729B10CA15BAD29CFBC1

WindowsServer2003-KB3050946-x86-DEU.exe

09FF09D9D1BF68C39E0EAB1815035D9E1079DF5B

189FFF3CEAE00469AF012F66FA458288E9CD12E2818DD257337D2CF81D1170E4

WindowsServer2003-KB3050946-x86-ENU.exe

4939EF095CDF5822429CF2A2E722228AA6EDBE8D

F7AFBCD1BC08AD8EA48CEC6D33E7FF23F368CEDBA51115F17971E2D5D921990B

WindowsServer2003-KB3050946-x86-ESN.exe

B5B9FC6A82CC337B1CE05AEF77E22BF18AAB8FB6

9EB680F035045F64F5AF90AF40ECF1FB021DE20EBF1EAFCE4E80C2F7C30648DE

WindowsServer2003-KB3050946-x86-FRA.exe

8F5CF8FA727DFCE57DD2A31F1DD22BA619353024

6B2CD0845C68F9AA5FA1687DE36AA1382F7BEB699F42DB40160349320FF20A39

WindowsServer2003-KB3050946-x86-HUN.exe

25D77B7D79C671F5A78ACF68C28D3E3F5B5DA928

5F5EF32ED7329908826C0B097C792E4A7ECF07B9B584E14E52C2C2D733C78A74

WindowsServer2003-KB3050946-x86-ITA.exe

023C96F694BBA0E59BCC83457912CA508E036278

F2AC951E263DD6CA6D3BD8E84CD193BFE1AF6922AFC3612C5E50F1DE3B91BC48

WindowsServer2003-KB3050946-x86-JPN.exe

251C13B56B9BE47177B7D5E3887D8E36AD418FEF

9AD080F980F074436CB5CEED98108BABE8A5E0AD9711A1BDC0601F8AD1BBC5CA

WindowsServer2003-KB3050946-x86-KOR.exe

EC3A541A72C34F7EF8CC873A5DD2C0CBB5E907F3

D58C73FB5C2C57350C60F4ED2AEC839A73D3544879DE398E0A1137F31D2853EE

WindowsServer2003-KB3050946-x86-NLD.exe

06232DA0662BCA64354D14A42AE24B2CE00F9B50

E331A23DE284E7BAB1E3F4066A0FD6975B79E20395E24BA6BDFBA50140ACAC35

WindowsServer2003-KB3050946-x86-PLK.exe

A5C5D0AAAD50FFA1789AB1E89296FBB17EB7065C

33F39F85C8A23CE784707FDB51A3D824D988AF49919011552F83C315000A9680

WindowsServer2003-KB3050946-x86-PTB.exe

FDB3859E40B0408F3139F6466C7103EDDD97697B

9B2BF4D88E0F74B0D4C30B9DA09300DF8879A375F41A87B9A3DEE0DB496E76D8

WindowsServer2003-KB3050946-x86-PTG.exe

429D922D29E35F3B41D6B69A3135EE5ADAB97C1A

37A9DC90D6CFD83528DBA1DD1C792EA0854836C945FE2BA4FA830E58D948F19A

WindowsServer2003-KB3050946-x86-RUS.exe

34E222CAD1EAA0EDB14F08A60A1DD263EFCDDEEA

127859902C3CE119EF4D51E87D0074797A8D17FD264117472B3FF4FB096123B4

WindowsServer2003-KB3050946-x86-SVE.exe

1DFD76A3F92E7C2ACFD155B92EB5EBBC3F998607

F07F3A37E439F52BF56CB4D4C2F51D0AFEE1EAFB551080C224CC15EA0F974DE0

WindowsServer2003-KB3050946-x86-TRK.exe

E3491FD774A21E633EB0C242C101EFCEB93E79B9

5E04589FE8CA780E52AF5C8A38210B3F0C36FCFB55DAD16192B7DCB162B2F825

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.