INFO SEC_Vulnerability Summary for the Week :Microsoft Releases

National Cyber Awareness System:

Microsoft Releases February 2015 Security Bulletin

02/10/2015 09:22 PM EST

Original release date: February 10, 2015

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information.

US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-FEB and apply the necessary updates.

Microsoft Releases Critical Security Update for Internet Explorer

02/10/2015 07:01 PM EST

Original release date: February 10, 2015

Microsoft has released a critical security update to address multiple vulnerabilities in Internet Explorer. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage.

Users and administrators are encouraged to review Microsoft Bulletin MS15-009 for details and apply the necessary update.

Microsoft Releases Critical Security Bulletin

02/10/2015 12:53 PM EST

Original release date: February 10, 2015

Microsoft has released Security Bulletin MS15-011 to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. 

This security update contains a new policy feature (UNC Hardened Access) which is not enabled by default. To enable this feature, a system administrator must deploy the update, then apply the Group Policy settings described in the bulletin. For complete protection against this vulnerability, system reboots are required. Other than the update and configuration instructions contained in the Security Bulletin, there are no known workarounds or mitigations for this vulnerability. Updates are not available for Windows XP, Windows Server 2003, or Windows 2000.           

US-CERT strongly recommends administrators prioritize the application of the patch, and concurrently review and test the necessary configuration changes discussed in the associated Knowledge Base article (KB3000483).