Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

February 2015 Patch Tuesday

February 10, 2015

  • Blog
  • Archive
Microsoft patched a fairly hefty 58 CVEs across 9 bulletins this month, with Internet Explorer taking the lion's share of those fixes. Among the offending flaws are remote code execution, security bypass, elevation of privilege, and information disclosure vulnerabilities. MS15-009 fixes 41 assorted flaws in Internet Explorer including remote code execution, ASLR bypass, privilege elevation and information disclosure vulnerabilities. Among these, CVE-2014-8967 was publicly disclosed after Microsoft failed to meet the ZDI 180-day mitigation timeline. Workstations that frequently browse the internet are most at risk from these vulnerabilities. Due to the Enhanced Security Configuration mode that is enabled by default in server operating systems, servers are slightly more protected from some of these flaws. Microsoft's EMET software, when installed and configured to work with IE, also offers additional protection from many of these vulnerabilities. One additional note is that this update will also provide IE 11 users with additional security measures by disabling SSL 3.0 fallback attempts by default. Thanks POODLE! MS15-010 targets Kernel Mode Driver. Ranked as Critical by Microsoft, this bulletin delivers fixes for 6 vulnerabilities including remote code execution and elevation of privilege flaws. One of these vulnerabilities was publicly disclosed as CVE-2015-0010. Note that one of these flaws can be exploited and result in remote code execution by simply convincing a user to visit a malicious website that contains embedded TrueType fonts. MS15-011 is the first of two Group Policy patches released by Microsoft this month. This one is interesting for administrators who operate Windows Server 2003 systems in the sense that Microsoft, despite flagging the operating system as being affected, has decided not to issue a fix for it. This is primarily due to the fact that the architectural changes that would have to be done to the operating system in order to fix it properly are prohibitively complex. Given that the vulnerability requires that a user connects their system to an untrusted network controlled by an attacker, it is fairly unlikely that Windows Server 2003 operating systems would find themselves in this scenario. Laptop computers are more at risk since they often connect to untrusted networks such as WiFi hotspots at airports and coffee shops. MS15-012 is one of two Office patches released this month that fixes some remote code execution flaws found in Office due to improperly parsing documents. Rated as Important by Microsoft, the damage caused by these flaws can be somewhat reduced by running Office applications as users with non-administrative privileges. To successfully exploit this flaw, the attacker would need to convince a user to open a malicious Office file. MS15-013 is the other Office bulletin released this month that patches a publicly disclosed vulnerability (CVE-2014-6362) affecting Office 2007, 2010, and 2013. This particular flaw allows attackers to bypass ASLR protection, which when combined with another remote code execution vulnerability could be used to achieve code execution by an attacker. The vulnerability relies on convincing a user to open a malicious file, so proper employee training on the safe handling of Office documents from external sources may help avoid triggering this vulnerability. Additionally, administrators who have deployed Microsoft's EMET software and configured it to work with Office are protected from this issue. MS15-014 marks the second of the Group Policy patches issued this month. This flaw involves an attacker's ability to perform a man-in-the-middle attack that can potentially cause a system's Group Policy settings to be reverted back to their default values. Workstations and servers that are configured to use Group Policy are primarily at risk from this vulnerability. Given that this attack would require a man-in-the-middle scenario, and presumably an attacker would need to be in a privileged spot on the network, this vulnerability seems more difficult to practically exploit unless an attacker has already infiltrated a network. MS15-015 patches an elevation of privilege vulnerability found in Windows 7 and later operating systems. To exploit this, an attacker would already need to have authenticated access to a system. MS15-016 addresses a TIFF processing vulnerability found in all supported versions of Windows that could result in information disclosure. A user browsing to a website that contains a crafted TIFF file can potentially trigger this vulnerability, however an attacker would have no way of forcing a user to visit a malicious website. They would need to convince a user to do so. MS15-017 patches an elevation of privilege flaw found in the slightly lesser-known System Center Virtual Machine Manager. This vulnerability relies on an attacker having valid active directory logon credentials in order to exploit, however if successful, could result in the attacker's ability to take complete control of the virtual machines controlled by the server. Audits for these bulletins will be available in release 2877: [MS15-009] Security Update for Internet Explorer (3034682) 44988 - Microsoft Cumulative Security Update for Internet Explorer (3034682) [MS15-010] Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) 44981 - Microsoft Windows Kernel-Mode Driver Remote Code Execution (3036220) - win32k 44993 - Microsoft Windows Kernel-Mode Driver Remote Code Execution (3036220) - cng 44994 - Microsoft Windows Kernel-Mode Driver Remote Code Execution (3036220) - ksecdd [MS15-011] Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) 44954 - Microsoft Group Policy Remote Code Execution (3000483) [MS15-012] Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328) 44962 - Microsoft Office Remote Code Execution (3032328) - Excel 2007 44963 - Microsoft Office Remote Code Execution (3032328) - Word 2007 44964 - Microsoft Office Remote Code Execution (3032328) - Proofing Tools 2010 44966 - Microsoft Office Remote Code Execution (3032328) - Office 2010 44967 - Microsoft Office Remote Code Execution (3032328) - Excel 2010 44969 - Microsoft Office Remote Code Execution (3032328) - Word 2010 44972 - Microsoft Office Remote Code Execution (3032328) - Excel 2013 44973 - Microsoft Office Remote Code Execution (3032328) - Excel Compatibility Pack SP3 44974 - Microsoft Office Remote Code Execution (3032328) - Word Viewer 44975 - Microsoft Office Remote Code Execution (3032328) - Excel Viewer 44976 - Microsoft Office Remote Code Execution (3032328) - Word Compatibility Pack SP3 45001 - Microsoft Office Remote Code Execution (3032328) - Word Automation 45002 - Microsoft Office Remote Code Execution (3032328) - Web Apps 2010 [MS15-013] Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) 44955 - Microsoft Office Security Feature Bypass (3033857) - KB2920795 - Office 2007 44956 - Microsoft Office Security Feature Bypass (3033857) - KB2920795 - Office 2007 x64 44957 - Microsoft Office Security Feature Bypass (3033857) - KB2920748 - Office 2010 44958 - Microsoft Office Security Feature Bypass (3033857) - KB2920748 - Office 2010 x64 44959 - Microsoft Office Security Feature Bypass (3033857) - KB2910941 - Office 2013 44960 - Microsoft Office Security Feature Bypass (3033857) - KB2910941 - Office 2013 x64 [MS15-014] Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) 44965 - Microsoft Group Policy Security Feature Bypass (3004361) [MS15-015] Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) 44961 - Microsoft Windows Elevation of Privilege (3031432) [MS15-016] Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) 44968 - Microsoft Graphics Component Information Disclosure (3029944) [MS15-017] Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) 44987 - Microsoft Virtual Machine Manager Elevation of Privilege (3035898)

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.