Lucene search

K
mskbMicrosoftKB3155413
HistoryMay 10, 2016 - 7:00 a.m.

MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016

2016-05-1007:00:00
Microsoft
support.microsoft.com
98

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.965

Percentile

99.6%

MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016

Summary

This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploits these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-053.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update

The following article contains additional information about this security update as it relates to individual product versions. The article may contain known issue information.

  • 3155533 MS16-051: Cumulative Security update for Internet Explorer: May 10, 2016

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

__

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Note You must be running Microsoft Internet Explorer 6.0 or later.

More Information

__

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

File Information

__

File hash information

File name SHA1 hash SHA256 hash
Windows6.1-KB3155413-x86.msu 11BAF6B49890CB1A3A24987720A17F3BFFD22D5A 10AD2E2D8EC482F783AEABE81F89BF722B263788FFB5A1CEB2E3CE8FFB44B575
Windows6.1-KB3155413-ia64.msu 27F0B1691330AF4ECEC47737AF3F911171164B6D 9E8FF367B93CC585CDA53E98AE0EA2FDD1EE1090CFBEAFAB5937B8419CCCE2EF
Windows6.1-KB3155413-x64.msu 62E2AC38494C7B30840F55B03E383207B41AF20C D947285DA7AEDAD289CB54BB43E403F448D41BA3727846FA4B6D1CFBB740FDC0

__

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.Windows 7 and Windows Server 2008 R2 file informationNotes

* The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:Version Product Milestone Service branch
6.1.760 1.18xxx Windows 7 or Windows Server 2008 R2 SP1 GDR
6.1.760 1.23 xxx Windows 7 or Windows Server 2008 R2 SP1 LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
For all supported x86-based versionsFile name File version File size Date Time Platform
Jscript.dll 5.8.7601.23435 717,312 22-Apr-2016 15:16 x86
Vbscript.dll 5.8.7601.23435 431,616 22-Apr-2016 15:16 x86
For all supported ia64-based versionsFile name File version File size Date Time Platform
β€” β€” β€” β€” β€” β€”
Jscript.dll 5.8.7601.23435 1,771,520 22-Apr-2016 15:15 IA-64
Vbscript.dll 5.8.7601.23435 1,164,288 22-Apr-2016 15:15 IA-64
Jscript.dll 5.8.7601.23435 717,312 22-Apr-2016 15:16 x86
Vbscript.dll 5.8.7601.23435 431,616 22-Apr-2016 15:16 x86
For all supported x64-based versionsFile name File version File size Date Time Platform
β€” β€” β€” β€” β€” β€”
Jscript.dll 5.8.7601.23435 910,848 22-Apr-2016 17:05 x64
Vbscript.dll 5.8.7601.23435 589,824 22-Apr-2016 17:05 x64
Jscript.dll 5.8.7601.23435 717,312 22-Apr-2016 15:16 x86
Vbscript.dll 5.8.7601.23435 431,616 22-Apr-2016 15:16 x86
Jscript.dll 5.8.7601.23435 717,312 22-Apr-2016 15:16 x86

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.965

Percentile

99.6%