Skip to main content
Monthly Archives

February 2015

||MSPs patch management article|

Microsoft Patch Tuesday: Are Those Critical Patches Really Critical?

By Patch Management, Patch TuesdayNo Comments

MSPs have the opportunity to position themselves as the authority on patch management for their customers, both in terms of making the best use of time available and patch prioritization.

Downtime. One word to strike fear into the hearts of even the hardiest of IT managers. Avoiding downtime at pretty much all costs is the name of the game now. However, with the reliance on Microsoft (MSFT) products, there is inevitably going to have to be some downtime to roll out patch updates to keep systems secure.

The problem: The more updates there are, the longer the downtime isMSPs patch management article needed to update and install patches. For customers this can be a challenge, but for IT service providers and Managed Service Providers, this can be a real headache. Invariably, your customers have a very limited window when systems can be taken offline to install patches. This is all well and good when there’s a only a few patches, such as in January’s update, but when there are a large number (generally eight or more), this can be a real challenge…Read more of Ashley Leonard’s article published on The VAR Guy

|Patch Tuesday

Patch Tuesday: February 2015

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”3020″ img_size=”full” alignment=”center”]

This month’s Patch Tuesday is a bit of an interesting one…

MS15-011 affects all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 RT, and Windows RT 8.1. Essentially, any domain-joined Windows Clients and Servers may be at risk.

The flaw, dubbed JASBUG, was discovered by JAS Global Advisors back in January 2014. The company however, adhered to good disclosure practices and the vulnerability wasn’t made public until Microsoft had prepared a fix. The fact that it has taken Microsoft over a year to develop a fix should indicate just how wide ranging and complex the vulnerability is.

According to JAS Global Advisors: “The fix required Microsoft to re-engineer core components of the operating system and to add several new features.”

Outlined below are the critical updates you need to be focusing on. As usual, we have cross-checked Microsoft’s own rating with US-CERT’s independent assessment of the patches so you are in the best position to choose the most important updates for your business.

MS15-011

This security update, which I mentioned above, is a remote code execution vulnerability existing in how group policy receives and applies connection data when a domain-joined system connects to a domain controller. An attacker who successfully exploits this vulnerability could take complete control of an affected system, letting them install programs; change, view, or delete data; or even create new accounts with full user rights.

MS15-010

The most severe of the six privately reported vulnerabilities could, again, allow remote code execution if an attacker is able to convince a user to open a specially crafted document, or to visit an untrusted website that contains embedded TrueType fonts.

MS15-009

This security update resolves one publicly disclosed and 40 privately reported vulnerabilities in Internet Explorer, with the most severe of these allowing remote code execution. If a user views a specially crafted web page it could allow an attacker to gain the same user rights as the current user.

Microsoft rates the remaining six patches in February’s update as Important. A full breakdown of these ratings compared to the US-CERT ratings can be found in the table below. I’d always advise to use US-CERT’s rating in conjunction with Microsoft’s, which will give you a much clearer picture of which patches you should be prioritising.

Update no.
CVSS score
Microsoft rating
Affected Software
Details
MS15-012 9.3 Important Microsoft
Office
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
MS15-011 8.3 Critical Microsoft Windows Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
MS15-010 7.2 Critical Microsoft Windows Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
MS15-009 6.8 Critical Microsoft Windows, Internet
Explorer
Security update for Internet Explorer (3034682)
MS15-017 6.8 Important Microsoft Server Software Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
MS15-015 6.0 Important Microsoft Windows Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
MS15-013 4.3 Important Microsoft
Office
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
MS15-016 4.3 Important Microsoft Windows Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
MS15-014 3.3 Important Microsoft Windows Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)

Upcoming Webcast: Avoiding Patch Doomsday

By News, Patch ManagementNo Comments

Avoiding Patch Doomsday


We invite you to join industry expert, Services Director at Verismic Robert Brown, for a 30 minute informative webinar.  He will share his best practices and strategy for patch management by leveraging your existing tools to reduce and mitigate risk in your environment.
 

How To Attend

Date: Wednesday, February 24th, 2015
UK Time: 9:00am GMT
US Time: 9:00am Pacific / 12:00pm Eastern
Registersyxsense.com/Webcast-Avoiding-Patch-Doomsday

About The Presenter: Robert Brown is a head of Desktop Management Services with over 12 years of expertise in IT systems and security management.