Endpoint Protection

Microsoft Patch Tuesday – February 2015 

02-10-2015 03:54 PM

ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 56 vulnerabilities. Thirty-seven of this month's issues are rated "Critical".

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/library/security/ms15-feb

The following is a breakdown of the issues being addressed this month:

  1. MS15-009 Cumulative Security Update for Internet Explorer (3034682)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-8967) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0017) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0018) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0019) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0020) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0021) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0022) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0023) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0025) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0026) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0027) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0028) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0029) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0030) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0031) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0035) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0036) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0037) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0038) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0039) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0040) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0041) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0042) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0043) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0044) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0045) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0046) MS Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0048) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0049) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0050) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0052) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0053) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0066) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0067) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2015-0068) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-0054) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

    Elevation of Privilege Vulnerability in Internet Explorer (CVE-2015-0055) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0051) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0069) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2015-0071) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2015-0070) MS Rating: Critical

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies which could allow an attacker to gain access to information in another domain or Internet Explorer zone.

  2. MS15-010 Vulnerabilities in Windows Kernel Mode Driver Could Allow Remote Code (3036220)

    Win32k Elevation of Privilege Vulnerability (CVE-2015-0003) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel mode driver (Win32k.sys) that is caused when it improperly validates permissions under specific conditions, allowing scripts to be run with elevated privileges.

    CNG Security Feature Bypass Vulnerability (CVE-2015-0010) MS Rating: Important

    A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is designed to cause CNG to improperly validate impersonation levels, potentially allowing the attacker to gain access to information beyond the access level of the local user.

    Win32k Elevation of Privilege Vulnerability (CVE-2015-0057) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Windows Cursor Object Double Free Vulnerability (CVE-2015-0058) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when a function call returns unverified user mode data. This allows for the hijacking of the user mode function in order to pass arbitrary code to the kernel for execution.

    TrueType Font Parsing Remote Code Execution Vulnerability (CVE-2015-0059) MS Rating: Critical

    A remote code execution vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when it improperly handles error checking related to TrueType fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Windows Font Driver Denial of Service Vulnerability (CVE-2015-0060) MS Rating: Moderate

    A denial of service vulnerability exists in the Windows kernel-mode driver (Win32k.sys) that is caused when the Windows font mapper attempts to scale a font that has an incorrect width. An attacker who successfully exploited this vulnerability could cause the user's computer to stop responding.

  3. MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)

    Group Policy Remote Code Execution Vulnerability (CVE-2015-0008) MS Rating: Critical

    A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller.

  4. MS15-012 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3032328)

    Excel Remote Code Execution Vulnerability (CVE-2015-0063) MS Rating: Important

    A remote code execution vulnerability exists that is caused when Microsoft Excel improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

    Office Remote Code Execution Vulnerability (CVE-2015-0064) MS Rating: Important

    A remote code execution vulnerability exists that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code

    OneTableDocumentStream Remote Code Execution Vulnerability (CVE-2015-0065) MS Rating: Important

    A remote code execution vulnerability exists that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

  5. MS15-013 Vulnerability in Microsoft Office Could Allow Security Bypass (3033857)

    Microsoft Office Component Use After Free Vulnerability (CVE-2014-6362) MS Rating: Important

    A security feature bypass vulnerability exists in Microsoft Office when it fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass does not allow arbitrary code execution by itself. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.

  6. MS15-014 Vulnerability in SMB Could Allow Security Feature Bypass (3004361)

    SMB Security Feature Bypass Vulnerability (CVE-2015-0009) MS Rating: Moderate

    A security feature bypass vulnerability exists in the Server Message Block (SMB) application of Group Policy that could allow an attacker to circumvent SMB signing and cause less-secure Group Policy settings to be applied to a targeted system.

  7. MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)

    Windows Create Process Elevation of Privilege Vulnerability (CVE-2015-0062) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft Windows when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation-level security and gain elevated privileges on a targeted system.

  8. MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information (3029944)

    TIFF Processing Information Disclosure Vulnerability (CVE-2015-0061) MS Rating: Important

    An information disclosure vulnerability exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted TIFF image format files. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an affected system.

  9. MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)

    Virtual Machine Manager Elevation of Privilege Vulnerability (CVE-2015-0012) MS Rating: Moderate

    A vulnerability exists in the Virtual Machine Manager (VMM) when the VMM improperly validates user roles. The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with that credential to exploit the vulnerability.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.