Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog - Microsoft Update Advisory for February 2015 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Update Advisory for February 2015

Published: 2015-02-10
Last Updated: 2015-02-10 18:59:03 UTC
by Mark Baggett (Version: 1)
13 comment(s)

Overview of the February 2015 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS15-009 Security Update for Internet Explorer
(ReplacesMS14-080 )

Microsoft Windows,Internet Explorer

 

(39 CVEs. Too many to list here)

KB 3034682 . Severity:Critical
Exploitability: 0
Critical Critical
MS15-010 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution
(ReplacesMS13-006 MS14-066 MS14-074 MS14-079 )
Microsoft Windows

CVE-2015-0003
CVE-2015-0010
CVE-2015-0057
CVE-2015-0058
CVE-2015-0059
CVE-2015-0060
KB 3036220 vuln. public. Severity:Critical
Exploitability: 2
Critical Critical
MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution
(ReplacesMS13-031 MS13-048 MS15-001 )
Microsoft Windows

CVE-2015-0008
KB 3000483 . Severity:Critical
Exploitability: 1
Critical Critical
MS15-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(ReplacesMS13-085 MS14-023 MS14-081 MS14-083 )
Microsoft Office

CVE-2015-0063
CVE-2015-0064
CVE-2015-0065
KB 3032328 . Severity:Important
Exploitability: 1
Critical Important
MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass
Microsoft Office

CVE-2014-6362
KB 3033857 vuln. public. Severity:Important
Exploitability: 1
Important Important
MS15-014 Vulnerability in Group Policy Could Allow Security Feature Bypass
Microsoft Windows

CVE-2015-0009
KB 3004361 . Severity:Important
Exploitability: 2
Important Important
MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege
(ReplacesMS15-001 )
Microsoft Windows

CVE-2015-0062
KB 3031432 . Severity:Important
Exploitability: 2
Important Important
MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure
(ReplacesMS14-085 )
Microsoft Windows

CVE-2015-0061
KB 3029944 . Severity:Important
Exploitability: 2
Important Important
MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege
Microsoft Server Software

CVE-2015-0012
KB 3035898 . Severity:Important
Exploitability:
Important Important
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.

 

Mark Baggett      Follow me on Twitter:@markbaggett

 Join me in Orlando Florida April 13th   Attackers and Defender will learn the essentials of Python, networking, regular expressions, interacting with websites, threading and much more.   Sign up soon for discounted pricing.

 

Keywords: mspatchday
13 comment(s)
Diary Archives