Tuesday, February 10, 2015

Microsoft Security Bulletin Release for February 2015


Microsoft released nine (9) bulletins.  Three (3) bulletins are identified as Critical and the remaining six (6) are rated Important in severity.

The updates address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software.  Details about the CVEs can be found in the below-referenced TechNet Security Bulletin.

Also of note:

Edit Note:  Fast response!  The update has been pulled.  [There are numerous reports of KB3001652, Update rollup for Visual Studio 2010 Tools for Office Runtime, taking a very long time to install. This has been reported on both Windows 7 and Windows 8x, 32- and 64-bit.]
 

Security Advisory 3009008 has been updated.  Internet Explorer 11 will prevent insecure fallback to SSL 3.0 for Protected Mode sites.  Additional information about this update is available in the IE Blog.

MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution was re-released.

Security Advisory 3004375, Update for Windows Command Line Auditing, was released.

Updates:

Critical:
  • MS15-009 -- Security Update for Internet Explorer (3034682)
  • MS15-010 -- Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
  • MS15-011 -- Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)

Important:
  • MS15-012 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
  • MS15-013 -- Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
  • MS15-014 -- Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
  • MS15-015 -- Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
  • MS15-016 -- Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
  • MS15-016 -- Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)

Additional Update Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 

    The updated version includes the Win32/Escad, Win32/Jinupd and Win32/NukeSped malware families.  Additional details ave available in the MMPC blog post.

  • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

  • Windows 8.x -- Non-security new features and improvements for Windows 8.1 are now included with the second Tuesday of the month updates.  Additional information about this change is available here.

  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...






    No comments: