Microsoft Update Advisory for February 2015
Overview of the February 2015 Microsoft patches and their status.
| # | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
|---|---|---|---|---|---|---|
| clients | servers | |||||
| MS15-009 | Security Update for Internet Explorer (ReplacesMS14-080 ) |
|||||
|
Microsoft Windows,Internet Explorer
(39 CVEs. Too many to list here) |
KB 3034682 | . | Severity:Critical Exploitability: 0 |
Critical | Critical | |
| MS15-010 | Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (ReplacesMS13-006 MS14-066 MS14-074 MS14-079 ) |
|||||
| Microsoft Windows CVE-2015-0003 CVE-2015-0010 CVE-2015-0057 CVE-2015-0058 CVE-2015-0059 CVE-2015-0060 |
KB 3036220 | vuln. public. | Severity:Critical Exploitability: 2 |
Critical | Critical | |
| MS15-011 | Vulnerability in Group Policy Could Allow Remote Code Execution (ReplacesMS13-031 MS13-048 MS15-001 ) |
|||||
| Microsoft Windows CVE-2015-0008 |
KB 3000483 | . | Severity:Critical Exploitability: 1 |
Critical | Critical | |
| MS15-012 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (ReplacesMS13-085 MS14-023 MS14-081 MS14-083 ) |
|||||
| Microsoft Office CVE-2015-0063 CVE-2015-0064 CVE-2015-0065 |
KB 3032328 | . | Severity:Important Exploitability: 1 |
Critical | Important | |
| MS15-013 | Vulnerability in Microsoft Office Could Allow Security Feature Bypass | |||||
| Microsoft Office CVE-2014-6362 |
KB 3033857 | vuln. public. | Severity:Important Exploitability: 1 |
Important | Important | |
| MS15-014 | Vulnerability in Group Policy Could Allow Security Feature Bypass | |||||
| Microsoft Windows CVE-2015-0009 |
KB 3004361 | . | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-015 | Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (ReplacesMS15-001 ) |
|||||
| Microsoft Windows CVE-2015-0062 |
KB 3031432 | . | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-016 | Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (ReplacesMS14-085 ) |
|||||
| Microsoft Windows CVE-2015-0061 |
KB 3029944 | . | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-017 | Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege | |||||
| Microsoft Server Software CVE-2015-0012 |
KB 3035898 | . | Severity:Important Exploitability: |
Important | Important | |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
Mark Baggett Follow me on Twitter:@markbaggett
Join me in Orlando Florida April 13th Attackers and Defender will learn the essentials of Python, networking, regular expressions, interacting with websites, threading and much more. Sign up soon for discounted pricing.
Keywords: mspatchday
13 comment(s)
Join us at SANS!
Attend with Mark Baggett in starting
