Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Advance notice of Microsoft February patches – to be released on Feb 11

by

Microsoft has recently provided advance notice of the patches that are scheduled to be released on Tuesday, February 11. The details are available at – https://technet.microsoft.com/en-us/security/bulletin/ms14-feb .

There are a total of five patches for February; two of which are classified as CRITICAL. The two patches designated as critical could allow remote code execution if successfully exploited.  The remaining three patches are classified as IMPORTANT (with some server OSs being assigned a LOW severity for bulletin #4) and either would allow an elevation of privilege, Information disclosure or a denial of service if successfully exploited.

The patch known as bulletin #1 (CRITICAL), applies to the following Windows Workstation Operating Systems:  Windows 7, 8, 8.1 and Windows RT (both 32 and 64 bit versions of workstation OSs).  The patch also applies to the following Server Operating systems:  Windows Server 2008R2 (64 bit),  Windows Server 2012 and 2012R2.

The patch known as bulletin #2 (CRITICAL), applies only to the 2010 version of Microsoft Forefront protection for Exchange server.

No information is currently available about the likelihood of successful exploitation of these vulnerabilities. Additional information will be made available on Tuesday, February 11.  An AgriLife ISO recommendation detailing the priority of deployment for the patches will also be provided on Tuesday, Feb 11.

Currently, no other products are expected to be patched on Tuesday, February 11.

Update February 10 2:00 p.m.

In a pretty unique move, as of noon on Monday, February 10, Microsoft has added two more CRITICAL bulletins to the February set of patches. That brings the total up to 7. The two bulletins added on Monday, are identified as bulletin #1 and #2 respectively. The two that had previously been designated as #1 and #2 have been renamed bulletin #3 and #4 respectively.  The two new ones added for February apply to all versions of Internet Explorer for current operating systems and for bulletin #2, all current operating systems regardless of platform.

Workstation operating systems are designated as CRITICAL for bulletin # 1 and server operating systems are assigned a security designation of either IMPORTANT or MODERATE (depending on which version of IE and the server OS).   Bulletin #2 is similar in that it is assigned a CRITICAL designations for workstation operating systems and MODERATE for server operating systems.  The exception is for server core only installations of server operating systems. No security classification is assigned for server core only installs for bulletin #2.