Microsoft Patch Tuesday, February 2015

Today marks Microsoft's February Patch Tuesday release and it's a pretty big one. This month's release has nine bulletins, including three rated Critical and seven rated Important. In all the release patches a total of 56 vulnerabilities. Although Internet Explorer got a brief reprieve in January, it's back with a bang this month with a total of 41 vulnerabilities patched in the web browser. The large majority of these are memory corruption bugs the most severe of which would provide an attacker with remote code execution.

This release also includes a patch for the zero day flaw disclosed by Google in January as part of their Project Zero disclosure policy. The vulnerability (CVE-2015-0010) is security bypass bug in the kernel driver cng.sys. This driver, in part, allows an application to encrypt memory in specific situations. When encrypting a logon session the driver generates an encryption key based on the logon session identifier for the user. The bug exists in the fact that the driver doesn't check the impersonation level of the token when capturing the logon session id. This could potentially allow a normal user to impersonate another session and encrypt or decrypt data in memory meant for a different user.

By patching this vulnerability, Microsoft has fixed all of the three zero days released by Google at the beginning of the year. We'll have to wait and see whether or not there are more hiding in the rafters.

MS15-009
Critical
CVE-2014-8967, CVE-2015-0017, CVE-2015-0018, CVE-2015-0019, CVE-2015-0020, CVE-2015-0021, CVE-2015-0022, CVE-2015-0023, CVE-2015-0025, CVE-2015-0026, CVE-2015-0027, CVE-2015-0028, CVE-2015-0029, CVE-2015-0030, CVE-2015-0031, CVE-2015-0035, CVE-2015-0036, CVE-2015-0037, CVE-2015-0038, CVE-2015-0039, CVE-2015-0040, CVE-2015-0041, CVE-2015-0042, CVE-2015-0043, CVE-2015-0044, CVE-2015-0045, CVE-2015-0046, CVE-2015-0048, CVE-2015-0049, CVE-2015-0050, CVE-2015-0051, CVE-2015-0052, CVE-2015-0053, CVE-2015-0054, CVE-2015-0055, CVE-2015-0066, CVE-2015-0067, CVE-2015-0068, CVE-2015-0069, CVE-2015-0070, CVE-2015-0071
Security Update for Internet Explorer

This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

This security update affects Internet Explorer 6 (IE 6) through Internet Explorer 11 (IE 11). It is rated Critical for IE running on Windows clients and Moderate for IE running on Windows servers.

MS15-010
Critical
CVE-2015-0003, CVE-2015-0010, CVE-2015-0057, CVE-2015-0058, CVE-2015-0059, CVE-2015-0060
Vulnerabilities in Windows Kernel Mode Driver Could Allow Remote Code Execution

This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts. This bulletin also patches the Google zero-day (CVE-2015-0010) released in January.

This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1; it is rated Important for all supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

MS15-011
Critical
CVE-2015-0008
Vulnerability in Group Policy Could Allow Remote Code Execution

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.

MS15-012
Important
CVE-2015-0063, CVE-2015-0064, CVE-2015-0065
Vulnerability in Microsoft Office Could Allow Remote Code Execution

This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

This security update is rated Important for all supported editions of Microsoft Excel 2007, Microsoft Word 2007, Microsoft Office 2010, Microsoft Excel 2010, Microsoft Word 2010, Microsoft Web Applications 2010, Microsoft Excel 2013, Microsoft Word Viewer, Microsoft Excel Viewer, and Microsoft Office Compatibility Pack.

MS15-013
Important
CVE-2014-6362
Vulnerability in Microsoft Office Could Allow Security Feature Bypass

This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.

This security update is rated Important for all supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013.

MS15-014
Important
CVE-2015-0009
Vulnerability in SMB Could Allow Security Feature Bypass

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable. This results in the Group Policy settings on the system to revert to their default, and potentially less secure, state. The attacker would need to perform a man-in-the-middle attack in order to exploit this vulnerability.

This security update is rated Important for all supported releases of Microsoft Windows.

MS15-015
Important
CVE-2015-0062
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

This security update is rated Important for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 2012, Windows RT, Windows 8.1, Windows 2012 R2, and Windows RT 8.1.

MS15-016
Important
CVE-2015-0061
Vulnerability in Microsoft Graphics Component Could Allow Information Leakage

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted TIFF image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

This security update is rated Important for all supported releases of Microsoft Windows.

MS15-017
Important
CVE-2015-0012
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege

This security update resolves a privately reported vulnerability in Virtual Machine Manager (VMM). The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability.

This security update is rated Important for Microsoft System Center 2012 R2 Virtual Machine Manager Update Rollup 4.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.