Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday, February 2015

Today marks Microsoft's February Patch Tuesday release and it's a pretty big one. This month's release has nine bulletins, including three rated Critical and seven rated Important. In all the release patches a total of 56 vulnerabilities. Although Internet Explorer got a brief reprieve in January, it's back with a bang this month with a total of 41 vulnerabilities patched in the web browser. The large majority of these are memory corruption bugs the most severe of which would provide an attacker with remote code execution.

This release also includes a patch for the zero day flaw disclosed by Google in January as part of their Project Zero disclosure policy. The vulnerability (CVE-2015-0010) is security bypass bug in the kernel driver cng.sys. This driver, in part, allows an application to encrypt memory in specific situations. When encrypting a logon session the driver generates an encryption key based on the logon session identifier for the user. The bug exists in the fact that the driver doesn't check the impersonation level of the token when capturing the logon session id. This could potentially allow a normal user to impersonate another session and encrypt or decrypt data in memory meant for a different user.

By patching this vulnerability, Microsoft has fixed all of the three zero days released by Google at the beginning of the year. We'll have to wait and see whether or not there are more hiding in the rafters.

 

MS15-009
Critical
CVE-2014-8967, CVE-2015-0017, CVE-2015-0018, CVE-2015-0019, CVE-2015-0020, CVE-2015-0021, CVE-2015-0022, CVE-2015-0023, CVE-2015-0025, CVE-2015-0026, CVE-2015-0027, CVE-2015-0028, CVE-2015-0029, CVE-2015-0030, CVE-2015-0031, CVE-2015-0035, CVE-2015-0036, CVE-2015-0037, CVE-2015-0038, CVE-2015-0039, CVE-2015-0040, CVE-2015-0041, CVE-2015-0042, CVE-2015-0043, CVE-2015-0044, CVE-2015-0045, CVE-2015-0046, CVE-2015-0048, CVE-2015-0049, CVE-2015-0050, CVE-2015-0051, CVE-2015-0052, CVE-2015-0053, CVE-2015-0054, CVE-2015-0055, CVE-2015-0066, CVE-2015-0067, CVE-2015-0068, CVE-2015-0069, CVE-2015-0070, CVE-2015-0071
Security Update for Internet Explorer

This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

This security update affects Internet Explorer 6 (IE 6) through Internet Explorer 11 (IE 11). It is rated Critical for IE running on Windows clients and Moderate for IE running on Windows servers.

 

MS15-010
Critical
CVE-2015-0003, CVE-2015-0010, CVE-2015-0057, CVE-2015-0058, CVE-2015-0059, CVE-2015-0060
Vulnerabilities in Windows Kernel Mode Driver Could Allow Remote Code Execution

This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts. This bulletin also patches the Google zero-day (CVE-2015-0010) released in January.

This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1; it is rated Important for all supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

 

MS15-011
Critical
CVE-2015-0008
Vulnerability in Group Policy Could Allow Remote Code Execution

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.

 

MS15-012
Important
CVE-2015-0063, CVE-2015-0064, CVE-2015-0065
Vulnerability in Microsoft Office Could Allow Remote Code Execution

This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.

This security update is rated Important for all supported editions of Microsoft Excel 2007, Microsoft Word 2007, Microsoft Office 2010, Microsoft Excel 2010, Microsoft Word 2010, Microsoft Web Applications 2010, Microsoft Excel 2013, Microsoft Word Viewer, Microsoft Excel Viewer, and Microsoft Office Compatibility Pack.

 

MS15-013
Important
CVE-2014-6362
Vulnerability in Microsoft Office Could Allow Security Feature Bypass

This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.

This security update is rated Important for all supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013.

 

MS15-014
Important
CVE-2015-0009
Vulnerability in SMB Could Allow Security Feature Bypass

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable. This results in the Group Policy settings on the system to revert to their default, and potentially less secure, state. The attacker would need to perform a man-in-the-middle attack in order to exploit this vulnerability.

This security update is rated Important for all supported releases of Microsoft Windows.

 

MS15-015
Important
CVE-2015-0062
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

This security update is rated Important for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 2012, Windows RT, Windows 8.1, Windows 2012 R2, and Windows RT 8.1.

 

MS15-016
Important
CVE-2015-0061
Vulnerability in Microsoft Graphics Component Could Allow Information Leakage

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted TIFF image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

This security update is rated Important for all supported releases of Microsoft Windows.

 

MS15-017
Important
CVE-2015-0012
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege

This security update resolves a privately reported vulnerability in Virtual Machine Manager (VMM). The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability.

This security update is rated Important for Microsoft System Center 2012 R2 Virtual Machine Manager Update Rollup 4.

Latest SpiderLabs Blogs

Using AWS Secrets Manager and Lambda Function to Store, Rotate and Secure Keys

When working with Amazon Web Services (AWS), we often find that various AWS services need to store and manage secrets. AWS Secrets Manager is the go-to solution for this. It's a centralized service...

Read More

Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01

The Trustwave SpiderLabs Threat Intelligence team's ongoing study into how threat actors use Facebook for malicious activity has uncovered a new version of the SYS01 stealer. This stealer is designed...

Read More

Tips for Optimizing Your Security Operations Framework

Building an effective Security Operations framework that provides the right balance of people, processes, and technologies can take years.

Read More