Patch Tuesday Wednesday (Feb-2015)

patch-tuesday Yes, it has been one of *those* weeks so here’s an incredibly delayed Patch Tuesday review. This month Microsoft have released nine (9) security bulletins of which three (3) have a maximum rating of Critical and six (6) have a maximum rating of Important.

❝ Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. ❞ [1]

Bulletin KB number Description Impact / Severity Software
MS15-009 3034682 Security Update for Internet Explorer Critical:
Remote Code Execution
Microsoft Windows, Internet Explorer
MS15-010 3036220 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS15-011 3000483 Vulnerability in Group Policy Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS15-012 3032328 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Important:
Remote Code Execution
Microsoft Office
MS15-013 3033857 Vulnerability in Microsoft Office Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft Office
MS15-014 3004361 Vulnerability in Group Policy Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft Windows
MS15-015 3031432 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows
MS15-016 3029944 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure Important:
Information Disclosure
Microsoft Windows
MS15-017 3035898 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Server Software

PATCH NOW:
* MS15-009, MS15-010 (public), MS15-011, MS15-012

ISSUES:
KB3001652 ‘Visual Studio 2010 Tools patch’ is not a security update but is causing freezing of computers while installing. MS has pulled KB3001652 from current Windows Update. [4]

LINKS:
[1.] February 2015 Updates (2015-Feb-10) [MS: MSRC]
[2.] Microsoft Update Advisory for February 2015 (2015-Feb-10) [SANS]
[3.] Microsoft Security Bulletin Summary for February 2015 (2015-Feb-10) [MS]
[4.] Microsoft Patches appear to be causing problems (2015-Feb-10) [SANS]
Advertisements
This entry was posted in microsoft, patch, Patch_Tuesday, security. Bookmark the permalink.

2 Responses to Patch Tuesday Wednesday (Feb-2015)

  1. Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client [SANS]
    Another patch released by Microsoft this month is causing problems. This time it is KB3023607,which was supposed to mitigate the POODLE vulnerability. Once applied, Cisco AnyConnect users are no longer able to connect to their VPN. … The issue appears to affect Windows 8.1, in which case running the application (vpnui.exe) in Windows 8 compatibility mode will fix the problem for now.

  2. Microsoft Patch Mayhem: February Patch Failure Summary [SANS]
    February was another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems, here a quick overview of what has failed so far: …

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s