Microsoft Security Bulletins For February 2015
Welcome to the Microsoft security release overview for February 2015. You find information about each security bulletin that Microsoft released this month.
Since the company releases bulletins for all its products, you will find information about affected operating systems and other Microsoft products below.
In addition to that, a list of non-security updates and security updates that Microsoft released since January's patch day are also provided.
The guide begins with a summary that lists the most important information. It walks you through the operating system distribution and product distribution, security bulletins and other updates afterwards.
Download information and sources are provided in the end as well.
Executive Summary
- Microsoft released a total of nine different bulletins in February 2015 fixing 56 unique vulnerabilities and exposures.
- Three of the bulletins have received the highest severity rating of critical.
- Affected products include all client and server Windows operating systems and various Microsoft Office versions.
Operating System Distribution
All client operating systems with the exception of Windows Vista share the same vulnerabilities and severity ratings. Vista is the only client system not affected by MS15-015.
Windows Server 2008 R2 and newer versions of Windows Server share the same vulnerability distribution while Windows Server 2008 and 2003 are not affected by MS15-015 either.
- Windows Vista: 2 critical, 3 important
- Windows 7:Â 3 critical, 3 important
- Windows 8: 3 critical, 3 important
- Windows 8.1: 3 critical, 3 important
- Windows RT: 3 critical, 3 important
- Windows RT 8.1:Â 3 critical, 3 important
- Windows Server 2003: 4 important, 1 moderate
- Windows Server 2008: 1 critical, 3 important, 1 moderate
- Windows Server 2008 R2: 2 critical, 3 important, 1 moderate
- Windows Server 2012: 2 critical, 3 important, 1 moderate
- Windows Server 2012 R2: 2 critical, 3 important, 1 moderate
- Server Core installation: 2 critical, 3 important
Other Microsoft Products
- Microsoft System Center Virtual Machine Manager 2012 R2: 1 important
- Microsoft Office 2007: 2 important
- Microsoft Office 2007: 2 important
- Microsoft Office 2013: 2 important
- Microsoft Office 2013 RT: 2 important
- Other Office Software: 1 important
- Microsoft SharePoint Server 2010: 1 important
- Microsoft Office Web Apps 2010: 1 important
Security Bulletins
MS15-009 - Security Update for Internet Explorer (3034682) - Critical - Remote Code Execution
MS15-010 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) - Critical - Remote Code Execution
MS15-011 - Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) - Critical - Remote Code Execution
MS15-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328) - Important - Remote Code Execution
MS15-013 - Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) - Important - Security Feature Bypass
MS15-014 - Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) - Important - Security Feature Bypass
MS15-015 - Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) - Important - Elevation of Privilege
MS15-016 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) - Important - Information Disclosure
MS15-017 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) - Important - Elevation of Privilege
Other security related updates
- Security Bulletin re-released: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
- Security Advisory: Update for Windows Command Line Auditing (3004375)
- Security Advisory revised: Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
- Microsoft Internet Explorer 11 will prevent insecure fallback to SSL 3.0 protected mode sites from today on.
- Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3021953)
- Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 ( KB3035034)
- Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 ( KB3033408)
Non-security related updates
- Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955808) - A VPN connection through a third-party VPN server disconnects after an hour on a computer that is running Windows 8.1 or Windows 8
- Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
- Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
- Update for Windows 7 and Windows Server 2008 R2 (KB3004394) - December 2014 update for Windows Root Certificate Program in Windows
- Update for Windows 7 and Windows Server 2008 R2 (KB3005788) - Printing preferences window appears behind a RemoteApp window in Windows 7 or Windows Server 2008 R2
- Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3016074)
- Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB3019868)
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3020338)
- Update for Windows 7 (KB3021917)
- Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB3034394)
- Windows Malicious Software Removal Tool - February 2015 (KB890830)/Windows Malicious Software Removal Tool - February 2015 (KB890830) - Internet Explorer Version
- Update for Windows 8.1 ( KB3014460)
- Update for Windows 7 ( KB2990214)
- Update for Windows 8.1 ( KB3014460)
How to download and install the February 2015 security updates
The updates are already available via Microsoft's Windows Update service and comparable business and Enterprise update solutions.
It is advised to backup the system and test the updates before they are applied to it as it may be difficult to restore it when things go wrong.
Home users can check for updates using the following method:
- Tap on the Windows key to open the start menu or start screen.
- Type Windows Update and load the result that comes up.
- A click on check for updates run the update check.
- You can select to install all or only some of the available updates.
Updates are also available on Microsoft's Download Center, the monthly security ISO images that the company releases, or third-party tools like WSUS.
Additional information
- Microsoft Security Response Center blog on the 2015 Bulletin Release
- Microsoft Security Bulletin Summary for February 2015
- List of software updates for Microsoft products
- Our in-depth update guide for Windows
Mine (8.1) keeps stalling at 4 of 20. Like for 40/50 min saying don’t turn off – but only occasional flicker of drive activity.
Apart from leaving it overnight – any tips?
Anyone else had this sort of thing?
What I am trying to figure out (so far without success) is:
What are the implications of MS15-011 for Windows 7 and Windows 8 clients that roam, when those clients belong to a domain whose domain controller is a Windows 2003 Server?
If you read the description of MS15-011 above, it references this Knowledgebase article: https://support.microsoft.com/kb/3000483 which describes the Group Policy setting changes required to eliminate the vulnerability associated with MS15-011.
Since the associated Group Policy changes cannot be applied to the Windows 2003 Server, are those fully patched Windows 7 and 8 clients still vulnerable to the attacks described in MS15-011 when they connect to unprotected networks, such as the WiFi at the local coffee shop?
Is there a way to set Group Policy in the clients to protect them, so that they continue to work with their Windows 2003 domain controller when they are on the office network?
(Of course, the real solution is to replace the domain controller with a modern Windows Server, but what can be done to protect roaming clients in the meantime?)
Here are some helpful links, but they do NOT answer the questions above:
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/
Ever since I installed the update the usb drive to my logitech k120 keyboard is not being recognized along with xbox360 controller and onetouch external hardrive. I sure hope this problem is resolved quickly.
Well for whatever reason it is working again. Does this website have magical power ;)
You may need to do several ‘OS’ restart’s and additional updates for all to settle down.
I had two additional updates after the initial one.
Is MS15-009 for IE not cumulative this month? It doesnt appears to be like normal??
Hallo Martin, Thanks again for your information about this mount Microsoft updates.
Thins mount not so much updates as you only 750Mb within 20 updates!
But I had this mount a totally new thing I never experienced since Windows 3.1.
A program update ( I am talking about a update for the Visual Studio 2010 Tools for
Office Run-time – MS update number kb3001652 )who was totally lose from the Microsoft
Mount (who was ongoing) update who was tricked by the monthly Microsoft update.
For me 1.3Gb including a new version of the MS Security Essentials Client o.O
My update is only 89.9 MB, with only 11 patches.
My update was only 105.4 MB, with only 15 or so patches.
WTF is going on. That last Windows update screwed my system. I had to reinstall half my programs. :(
@Tom Hawack
Don’t understand why you are so concerned about KB3021917 and sending Telemetry report while your Windows OS is sending OS and personal data 24/7 to Microsoft and third-party companies via ~ 100 hidden services :
http://archive.news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml
That was in Vista, since than the user data harvesting has grown .
@ilev, you’ve got a point and I’ll state my counter-point : It’s not because I am undressed except for the socks that I will consider the socks as negligible value! A soldier’s last stand :)
Update size 1.1 GB ?
Yes it is quite large this time.
I’ve just updated. Update for Windows 7 (KB3021917) was unchecked by default, left it unchecked when I read Microsoft’s support page comment :
“This update performs diagnostics in Windows 7 Service Pack 1 (SP1) in order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP). This update will help Microsoft and its partners deliver better system performance for customers who are seeking to install the latest Windows operating system.”
– What are the pros and cons? I’m not fond of telemetry calling home while I’m at work …
– Windows Customer Experience Improvement Program (CEIP) : If my computer doesn’t participate, does this means telemetry is not sent? If yes, why install this update?
Microsoft is often not very clear in its support, at least not for everyday users.
It’s shady as all hell.
@anon; Concise and to the point – I was looking at it from the same angle.
@Brinkmann; My take on it as well – enjoyed your blog.
Cheers
Martin,do you know something more about KB3021917 ?
Microsoft description is confusing.
I only know what Microsoft added as the description. To me, it seems as if this update checks if you run into performance issues if you update to the latest version of Windows (which is Windows 8.1 or soon Windows 10).
Telemetry data seems to be only transferred if you participate in the Windows Customer Experience Improvement Program.