According to JAS Global Advisors: “The fix required Microsoft to re-engineer core components of the operating system and to add several new features.”
Outlined below are the critical updates you need to be focusing on. As usual, we have cross-checked Microsoft’s own rating with US-CERT’s independent assessment of the patches so you are in the best position to choose the most important updates for your business.
MS15-011
This security update, which I mentioned above, is a remote code execution vulnerability existing in how group policy receives and applies connection data when a domain-joined system connects to a domain controller. An attacker who successfully exploits this vulnerability could take complete control of an affected system, letting them install programs; change, view, or delete data; or even create new accounts with full user rights.
MS15-010
The most severe of the six privately reported vulnerabilities could, again, allow remote code execution if an attacker is able to convince a user to open a specially crafted document, or to visit an untrusted website that contains embedded TrueType fonts.
MS15-009
This security update resolves one publicly disclosed and 40 privately reported vulnerabilities in Internet Explorer, with the most severe of these allowing remote code execution. If a user views a specially crafted web page it could allow an attacker to gain the same user rights as the current user.
Microsoft rates the remaining six patches in February’s update as Important. A full breakdown of these ratings compared to the US-CERT ratings can be found in the table below. I’d always advise to use US-CERT’s rating in conjunction with Microsoft’s, which will give you a much clearer picture of which patches you should be prioritising.
|
Update no.
|
CVSS score
|
Microsoft rating
|
Affected Software
|
Details
|
| MS15-012 |
9.3 |
Important |
Microsoft
Office |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328) |
| MS15-011 |
8.3 |
Critical |
Microsoft Windows |
Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) |
| MS15-010 |
7.2 |
Critical |
Microsoft Windows |
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) |
| MS15-009 |
6.8 |
Critical |
Microsoft Windows, Internet
Explorer |
Security update for Internet Explorer (3034682) |
| MS15-017 |
6.8 |
Important |
Microsoft Server Software |
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) |
| MS15-015 |
6.0 |
Important |
Microsoft Windows |
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) |
| MS15-013 |
4.3 |
Important |
Microsoft
Office |
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) |
| MS15-016 |
4.3 |
Important |
Microsoft Windows |
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) |
| MS15-014 |
3.3 |
Important |
Microsoft Windows |
Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) |
needed to update and install patches. For customers this can be a challenge, but for IT service providers and Managed Service Providers, this can be a real headache. Invariably, your customers have a very limited window when systems can be taken offline to install patches. This is all well and good when there’s a only a few patches, such as in January’s update, but when there are a large number (generally eight or more), this can be a real challenge…Read more of Ashley Leonard’s article published on The VAR Guy
