Microsoft Security Bulletin Minor Revisions Issued: February 18, 2015

Security Bulletins / Advisories No Comments »

Summary

The following bulletins have undergone a minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-010 – Critical

Bulletin Information:

MS15-010 – Critical

– Title: Vulnerabilities in Windows Kernel-Mode Driver Could
Allow Remote Code Execution
https://technet.microsoft.com/library/security/ms15-010
– Reason for Revision: V1.1 (February 18, 2015): Bulletin revised
to add an Update FAQ that explains why there are two packages
on the Microsoft Download Center pages for affected editions of
Windows Server 2003, Windows Server 2008, and Windows Vista.
The additional package (3037639) is not needed to be protected
from the vulnerabilities addressed by the 3013455 update; it
simply corrects a text quality problem that some customers
experienced after installing the 3013455 update on the
indicated systems.
– Originally posted: February 10, 2015
– Updated: February 18, 2015
– Bulletin Severity Rating: Critical
– Version: 1.1

Microsoft Security Advisory Notification Issued: February 16, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (3009008)
– Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
https://technet.microsoft.com/library/security/3009008
– Revision Note: V2.3 (February 16, 2015): Revised advisory to
announce the planned date for disabling SSL 3.0 by default in
Internet Explorer 11.

Microsoft Security Bulletin Releases Issued: February 10, 2015

Security Bulletins / Advisories No Comments »

Summary

The following bulletins have undergone a major revision increment.

* MS14-083 – Important

Bulletin Information:

MS14-083 – Important

– Title: Vulnerabilities in Microsoft Excel Could Allow Remote
Code Execution (3017347)
– »technet.microsoft.com/library/se···ms14-083
– Reason for Revision: V2.0 (February 10, 2015): Bulletin
rereleased to announce the availability of an additional
update package for Microsoft Excel Viewer (2920791) that
addresses the vulnerabilities discussed in this bulletin.
Note that the 2920791 update also addresses a vulnerability
discussed in MS15-012, which is being released concurrently.
Microsoft recommends that customers running Microsoft Excel
Viewer apply the 2920791 update at their earliest convenience.
See the Affected Software table for the download link.
– Originally posted: December 9, 2014
– Updated: February 10, 2015
– Bulletin Severity Rating: Important
– Version: 2.0

Microsoft Security Advisory Notification Issued: February 10, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (3004375)
– Title: Update for Windows Command Line Auditing
– »technet.microsoft.com/library/se···/3004375
– Revision Note: V1.0 (February 10, 2015): Advisory published.

* Microsoft Security Advisory (3009008)
– Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
– »technet.microsoft.com/library/se···/3009008
– Revision Note: V2.2 (February 10, 2015): Microsoft is announcing
that SSL 3.0 fallback attempts are disabled by default in
Internet Explorer 11. For more information see Microsoft
Knowledge Base Article 3021952.

Microsoft Security Bulletin(s) for February 10, 2015

Security Bulletins / Advisories 3 Comments »
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/library/se···ms15-feb

Critical (3)

Microsoft Security Bulletin MS15-009
Security Update for Internet Explorer (3034682)
»technet.microsoft.com/library/se···ms15-009

Microsoft Security Bulletin MS15-010
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
»technet.microsoft.com/library/se···ms15-010

Microsoft Security Bulletin MS15-011
Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
»technet.microsoft.com/library/se···ms15-011

Important (6)

Microsoft Security Bulletin MS15-012
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
»technet.microsoft.com/library/se···ms15-012

Microsoft Security Bulletin MS15-013
Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
»technet.microsoft.com/library/se···ms15-013

Microsoft Security Bulletin MS15-014
Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
»technet.microsoft.com/library/se···ms15-014

Microsoft Security Bulletin MS15-015
Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
»technet.microsoft.com/library/se···ms15-015

Microsoft Security Bulletin MS15-016
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
»technet.microsoft.com/library/se···ms15-016

Microsoft Security Bulletin MS15-017
Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
»technet.microsoft.com/library/se···ms15-017

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website – visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Microsoft® Consumer Security MVP, 2004 – 2015
DP’s Security Bits

Microsoft Security Advisory Notification Issued: February 5, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V37.0 (February 5, 2015): Added the 3021953
update to the Current Update section.

Microsoft Security Advisory Notification Issued: January 27, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V36.0 (January 27, 2015): Added the 3035034
update to the Current Update section.

Security Advisory for Adobe Flash Player Release date: January 22, 2015

Security Bulletins / Advisories No Comments »

Summary

A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26.

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

Security updates available for Adobe Flash Player Release date: January 22, 2015

Security Bulletins / Advisories 1 Comment »

Summary

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform.

Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player.  Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.  For the latest information, please refer to the PSIRT blog here.

Adobe recommends users update their product installations to the latest versions:

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.
Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.
Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.
Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

Microsoft Security Advisory Notification Issued: January 22, 2015

Security Bulletins / Advisories No Comments »

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V35.0 (January 22, 2015): Added the 3033408
update to the Current Update section.


© 2015 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in