Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Microsoft patches for February 2015 – released on Feb 10

by

Microsoft has just announced the patches that are being released for February 2015. The information is available at https://technet.microsoft.com/library/security/ms15-feb There are a total of nine patches being released. Three of which are designated as CRITICAL and the remaining are designated as IMPORTANT.   The patches classified as CRITICAL could allow remote code execution if successfully exploited and apply to Windows Internet Explorer, Windows Workstation and Server operating systems. The patches classified as IMPORTANT apply to Windows Workstation operating systems, Windows Office applications and Windows Server software.

 

The patch designated as https://technet.microsoft.com/library/security/MS15-009 applies to Internet Explorer versions 6-11 is designated as CRITICAL (for Windows workstation operating systems) and includes one publically reporting vulnerability and also forty privately reported vulnerabilities.  The patch designated as https://technet.microsoft.com/library/security/MS15-010 applies Windows Kernel mode drivers and is also designated is CRITICAL and includes one publically reporting vulnerability and five privately reported vulnerabilities.  The patch designated as https://technet.microsoft.com/library/security/MS15-011 applies to Windows Group policy controls and classified as CRITICAL and applies to a single privately reported vulnerability. Patch MS15-011 is specifically for Windows Server operating systems.  Additionally, the patch designated as https://technet.microsoft.com/library/security/MS15-012 applies to MS-Office and is classified as IMPORTANT but also could allow remote code execution if successfully exploited. The patch includes three privately reported vulnerabilities.

 

Based what is currently known, it is likely exploit code will be released for the Internet Explorer vulnerabilities within the next 30 days. It is also quite likely exploit code will be released for the Group policy exploit for Server operating systems and also for the MS Office vulnerabilities.  That being the case, it is recommended the February patches should be applied to both workstations and server operating systems and applications as soon as possible.