Big Patch Tuesday Update

Monday, February 16, 2015 @ 09:02 AM gHale

While it is almost a week late, it is still important to point out the Patch Tuesday bulletin where Microsoft issued nine releases.

Three of the bulletins rate as “critical” and impact Internet Explorer and Microsoft Windows. The IE bulletin (MS15-009) will be the focus for most organizations, and fixes 41 vulnerabilities, one of which ended up publicly disclosed (CVE-2014-8967) and another of which is currently under attack (CVE-2015-0071). Despite the large number of fixes, the bulletin does not address the universal cross-site scripting vulnerability hitting IE.

Alter One Bit, Bypass Security
Microsoft: Control System Warning
IE Hole Allows Attackers to Phish
New Malware Stays Hidden

The critical Windows bulletins are MS15-010 and MS15-011.

According to Microsoft, MS15-010 addresses one publicly-disclosed and five privately-disclosed issues. The most severe of these can end up exploited if an attacker convinces a user to open a specially-crafted document or visit an untrusted website that contains embedded TrueType fonts. MS15-011 meanwhile focuses on one privately reported issue in Windows that could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network.

“A remote code execution vulnerability exists in how Group Policy receives and applies policy data when a domain-joined system connects to a domain controller,” Microsoft said in its advisory. “To exploit this vulnerability, an attacker would have to convince a victim with a domain-configured system to connect to an attacker-controlled network.”

The bug, CVE-2015-0008, ended up discovered by JAS Global Advisors and simMachines. All computers and devices that are members of a corporate Active Directory may be at risk, JAS researchers said.

“The vulnerability is remotely exploitable and may grant the attacker administrator level privileges on the target machine/device,” according to a JAS advisory. “Roaming machines — Active Directory member devices that connect to corporate networks via the public Internet (possibly over a Virtual Private Network (VPN)) — are at heightened risk.”

The remaining bulletins are all “Important,” and cover issues affecting Microsoft Office, Windows and Microsoft Server Software.

Leave a Reply

You must be logged in to post a comment.