MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016

2017-01-07T22:39:32
ID KB3155413
Type mskb
Reporter Microsoft
Modified 2016-05-10T17:02:46

Description

<html><body><p>Resolves vulnerabilities in Windows that could allow remote code execution if a user visits a specially crafted website.</p><h2>Summary</h2><div class="kb-summary-section section">This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploits these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. <br/><br/>To learn more about the vulnerability, see <a href="https://technet.microsoft.com/library/security/ms16-053" id="kb-link-2" target="_self">Microsoft Security Bulletin MS16-053</a>. </div><h2>More Information</h2><div class="kb-moreinformation-section section"><span class="text-base">Important </span><ul class="sbody-free_list"><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href="https://technet.microsoft.com/en-us/library/hh825699" id="kb-link-3" target="_self">Add language packs to Windows</a>.<br/></li></ul></div><h2>Additional information about this security update</h2><div class="kb-moreinformation-section section"><br/>The following article contains additional information about this security update as it relates to individual product versions. The article may contain known issue information.<br/><ul class="sbody-free_list"><li><a href="https://support.microsoft.com/help/3155533" id="kb-link-5" target="_self">3155533</a> MS16-051: Cumulative Security update for Internet Explorer: May 10, 2016</li></ul></div><h2>How to obtain and install the update</h2><div class="kb-resolution-section section"><a class="bookmark" id="obtaintheupdate"></a><h3 class="sbody-h3">Method 1: Windows Update</h3><div class="kb-collapsible kb-collapsible-expanded">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <br/><a href="https://www.microsoft.com/security/pc-security/updates.aspx" id="kb-link-6" target="_self">Get security updates automatically</a>. <br/></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">Method 2: Microsoft Update Catalog</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed">To get the stand-alone package for this update, go to the <a href="http://catalog.update.microsoft.com/v7/site/search.aspx?q=3155413" id="kb-link-7" target="_self"> Microsoft Update Catalog</a> website. <br/><br/><br/><span class="text-base">Note </span> You must be running Microsoft Internet Explorer 6.0 or later.<br/> <br/></div><br/></span></div></div></div></div><h2>More Information</h2><div class="kb-moreinformation-section section"><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">How to obtain help and support for this security update</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed">Help for installing updates: <a href="https://support.microsoft.com/ph/6527" id="kb-link-8" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href="https://technet.microsoft.com/security/bb980617.aspx" id="kb-link-9" target="_self">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-10" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href="https://www.microsoft.com/en-us/locale.aspx" id="kb-link-11" target="_self">International Support</a></div><br/></span></div></div></div><a class="bookmark" id="fileinfo"></a></div><h2>File Information</h2><div class="kb-references-section section"><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">File hash information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">SHA1 hash</th><th class="sbody-th">SHA256 hash</th></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB3155413-x86.msu</td><td class="sbody-td">11BAF6B49890CB1A3A24987720A17F3BFFD22D5A</td><td class="sbody-td">10AD2E2D8EC482F783AEABE81F89BF722B263788FFB5A1CEB2E3CE8FFB44B575</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB3155413-ia64.msu</td><td class="sbody-td">27F0B1691330AF4ECEC47737AF3F911171164B6D</td><td class="sbody-td">9E8FF367B93CC585CDA53E98AE0EA2FDD1EE1090CFBEAFAB5937B8419CCCE2EF</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB3155413-x64.msu</td><td class="sbody-td">62E2AC38494C7B30840F55B03E383207B41AF20C</td><td class="sbody-td">D947285DA7AEDAD289CB54BB43E403F448D41BA3727846FA4B6D1CFBB740FDC0</td></tr></table></div></div><br/></span></div></div></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">File information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><a class="bookmark" id="fileinformation"></a><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. </span><h4 class="sbody-h4">Windows 7 and Windows Server 2008 R2 file information</h4><div class="kb-collapsible kb-collapsible-collapsed"><span class="text-base">Notes</span><ul class="sbody-free_list"><li>The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">Version </th><th class="sbody-th">Product </th><th class="sbody-th">Milestone </th><th class="sbody-th">Service branch </th></tr><tr class="sbody-tr"><td class="sbody-td">6.1.760 <span class="text-base">1.18</span><span class="sbody-italic">xxx</span></td><td class="sbody-td">Windows 7 or Windows Server 2008 R2 </td><td class="sbody-td">SP1</td><td class="sbody-td">GDR</td></tr><tr class="sbody-tr"><td class="sbody-td">6.1.760 <span class="text-base">1.23 </span><span class="sbody-italic">xxx</span></td><td class="sbody-td">Windows 7 or Windows Server 2008 R2 </td><td class="sbody-td">SP1 </td><td class="sbody-td">LDR </td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li><li>The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.</li></ul><h5 class="sbody-h5 text-subtitle">For all supported x86-based versions</h5><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Jscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">717,312</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Vbscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">431,616</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr></table></div><h5 class="sbody-h5 text-subtitle">For all supported ia64-based versions</h5><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Jscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">1,771,520</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:15</td><td class="sbody-td">IA-64</td></tr><tr class="sbody-tr"><td class="sbody-td">Vbscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">1,164,288</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:15</td><td class="sbody-td">IA-64</td></tr><tr class="sbody-tr"><td class="sbody-td">Jscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">717,312</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Vbscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">431,616</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr></table></div><h5 class="sbody-h5 text-subtitle">For all supported x64-based versions</h5><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Jscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">910,848</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">17:05</td><td class="sbody-td">x64</td></tr><tr class="sbody-tr"><td class="sbody-td">Vbscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">589,824</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">17:05</td><td class="sbody-td">x64</td></tr><tr class="sbody-tr"><td class="sbody-td">Jscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">717,312</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Vbscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">431,616</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Jscript.dll</td><td class="sbody-td">5.8.7601.23435</td><td class="sbody-td">717,312</td><td class="sbody-td">22-Apr-2016</td><td class="sbody-td">15:16</td><td class="sbody-td">x86</td></tr></table></div></div><br/></div></div></div></div></span></div></div></div></div></body></html>