This month’s Patch Tuesday is a bit of an interesting one…
MS15-011 affects all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 RT, and Windows RT 8.1. Essentially, any domain-joined Windows Clients and Servers may be at risk.
The flaw, dubbed JASBUG, was discovered by JAS Global Advisors back in January 2014. The company however, adhered to good disclosure practices and the vulnerability wasn’t made public until Microsoft had prepared a fix. The fact that it has taken Microsoft over a year to develop a fix should indicate just how wide ranging and complex the vulnerability is.
According to JAS Global Advisors: “The fix required Microsoft to re-engineer core components of the operating system and to add several new features.”
Outlined below are the critical updates you need to be focusing on. As usual, we have cross-checked Microsoft’s own rating with US-CERT’s independent assessment of the patches so you are in the best position to choose the most important updates for your business.
This security update, which I mentioned above, is a remote code execution vulnerability existing in how group policy receives and applies connection data when a domain-joined system connects to a domain controller. An attacker who successfully exploits this vulnerability could take complete control of an affected system, letting them install programs; change, view, or delete data; or even create new accounts with full user rights.
The most severe of the six privately reported vulnerabilities could, again, allow remote code execution if an attacker is able to convince a user to open a specially crafted document, or to visit an untrusted website that contains embedded TrueType fonts.
This security update resolves one publicly disclosed and 40 privately reported vulnerabilities in Internet Explorer, with the most severe of these allowing remote code execution. If a user views a specially crafted web page it could allow an attacker to gain the same user rights as the current user.
Microsoft rates the remaining six patches in February’s update as Important. A full breakdown of these ratings compared to the US-CERT ratings can be found in the table below. I’d always advise to use US-CERT’s rating in conjunction with Microsoft’s, which will give you a much clearer picture of which patches you should be prioritising.
|Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
|Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
|Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
|Microsoft Windows, Internet
|Security update for Internet Explorer (3034682)
|Microsoft Server Software
|Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
|Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
|Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
|Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
|Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)