Microsoft Security Bulletins For February 2015 - gHacks Tech News

Microsoft Security Bulletins For February 2015

Welcome to the Microsoft security release overview for February 2015. You find information about each security bulletin that Microsoft released this month.

Since the company releases bulletins for all its products, you will find information about affected operating systems and other Microsoft products below.

In addition to that, a list of non-security updates and security updates that Microsoft released since January's patch day are also provided.

The guide begins with a summary that lists the most important information. It walks you through the operating system distribution and product distribution, security bulletins and other updates afterwards.

Download information and sources are provided in the end as well.

Executive Summary

  1. Microsoft released a total of nine different bulletins in February 2015 fixing 56 unique vulnerabilities and exposures.
  2. Three of the bulletins have received the highest severity rating of critical.
  3. Affected products include all client and server Windows operating systems and various Microsoft Office versions.

Operating System Distribution

All client operating systems with the exception of Windows Vista share the same vulnerabilities and severity ratings. Vista is the only client system not affected by MS15-015.

Windows Server 2008 R2 and newer versions of Windows Server share the same vulnerability distribution while Windows Server 2008 and 2003 are not affected by MS15-015 either.

  • Windows Vista: 2 critical, 3 important
  • Windows 7:  3 critical, 3 important
  • Windows 8: 3 critical, 3 important
  • Windows 8.1: 3 critical, 3 important
  • Windows RT: 3 critical, 3 important
  • Windows RT 8.1:  3 critical, 3 important
  • Windows Server 2003: 4 important, 1 moderate
  • Windows Server 2008: 1 critical, 3 important, 1 moderate
  • Windows Server 2008 R2: 2 critical, 3 important, 1 moderate
  • Windows Server 2012: 2 critical, 3 important, 1 moderate
  • Windows Server 2012 R2: 2 critical, 3 important, 1 moderate
  • Server Core installation: 2 critical, 3 important

Other Microsoft Products

  • Microsoft System Center Virtual Machine Manager 2012 R2: 1 important
  • Microsoft Office 2007: 2 important
  • Microsoft Office 2007: 2 important
  • Microsoft Office 2013: 2 important
  • Microsoft Office 2013 RT: 2 important
  • Other Office Software: 1 important
  • Microsoft SharePoint Server 2010: 1 important
  • Microsoft Office Web Apps 2010: 1 important

Security Bulletins

MS15-009 - Security Update for Internet Explorer (3034682) - Critical - Remote Code Execution
MS15-010 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) - Critical - Remote Code Execution
MS15-011 - Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) - Critical - Remote Code Execution
MS15-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328) - Important - Remote Code Execution
MS15-013 - Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) - Important - Security Feature Bypass
MS15-014 - Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) - Important - Security Feature Bypass
MS15-015 - Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) - Important - Elevation of Privilege
MS15-016 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) - Important - Information Disclosure
MS15-017 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) - Important - Elevation of Privilege

Other security related updates

  • Security Bulletin re-released: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
  • Security Advisory: Update for Windows Command Line Auditing (3004375)
  • Security Advisory revised: Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
  • Microsoft Internet Explorer 11 will prevent insecure fallback to SSL 3.0 protected mode sites from today on.
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3021953)
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 ( KB3035034)
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 ( KB3033408)

Non-security related updates

  • Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955808) - A VPN connection through a third-party VPN server disconnects after an hour on a computer that is running Windows 8.1 or Windows 8
  • Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
  • Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
  • Update for Windows 7 and Windows Server 2008 R2 (KB3004394) - December 2014 update for Windows Root Certificate Program in Windows
  • Update for Windows 7 and Windows Server 2008 R2 (KB3005788) - Printing preferences window appears behind a RemoteApp window in Windows 7 or Windows Server 2008 R2
  • Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3016074)
  • Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB3019868)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3020338)
  • Update for Windows 7 (KB3021917)
  • Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB3034394)
  • Windows Malicious Software Removal Tool - February 2015 (KB890830)/Windows Malicious Software Removal Tool - February 2015 (KB890830) - Internet Explorer Version
  • Update for Windows 8.1 ( KB3014460)
  • Update for Windows 7 ( KB2990214)
  • Update for Windows 8.1 ( KB3014460)

How to download and install the February 2015 security updates

microsoft security updates february 2015

The updates are already available via Microsoft's Windows Update service and comparable business and Enterprise update solutions.

It is advised to backup the system and test the updates before they are applied to it as it may be difficult to restore it when things go wrong.

Home users can check for updates using the following method:

  • Tap on the Windows key to open the start menu or start screen.
  • Type Windows Update and load the result that comes up.
  • A click on check for updates run the update check.
  • You can select to install all or only some of the available updates.

Updates are also available on Microsoft's Download Center, the monthly security ISO images that the company releases, or third-party tools like WSUS.

Additional information

Summary
Microsoft Security Bulletins For February 2015
Article Name
Microsoft Security Bulletins For February 2015
Description
Microsoft released the security updates for February 2015. Our overview lists all bulletins, download information and information related to the release.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Tom Hawack said on February 10, 2015 at 7:53 pm
    Reply

    I’ve just updated. Update for Windows 7 (KB3021917) was unchecked by default, left it unchecked when I read Microsoft’s support page comment :

    This update performs diagnostics in Windows 7 Service Pack 1 (SP1) in order to determine whether performance issues may be encountered when the latest Windows operating system is installed. Telemetry is sent back to Microsoft for those computers that participate in the Windows Customer Experience Improvement Program (CEIP). This update will help Microsoft and its partners deliver better system performance for customers who are seeking to install the latest Windows operating system.”

    – What are the pros and cons? I’m not fond of telemetry calling home while I’m at work …
    – Windows Customer Experience Improvement Program (CEIP) : If my computer doesn’t participate, does this means telemetry is not sent? If yes, why install this update?

    Microsoft is often not very clear in its support, at least not for everyday users.

    1. Ficho said on February 10, 2015 at 8:12 pm
      Reply

      Martin,do you know something more about KB3021917 ?
      Microsoft description is confusing.

      1. Martin Brinkmann said on February 10, 2015 at 8:19 pm
        Reply

        I only know what Microsoft added as the description. To me, it seems as if this update checks if you run into performance issues if you update to the latest version of Windows (which is Windows 8.1 or soon Windows 10).

        Telemetry data seems to be only transferred if you participate in the Windows Customer Experience Improvement Program.

    2. anon said on February 11, 2015 at 4:05 am
      Reply

      It’s shady as all hell.

      1. DavidM said on February 12, 2015 at 3:03 am
        Reply

        @anon; Concise and to the point – I was looking at it from the same angle.

        @Brinkmann; My take on it as well – enjoyed your blog.

        Cheers

  2. ilev said on February 10, 2015 at 8:13 pm
    Reply

    Update size 1.1 GB ?

    1. Martin Brinkmann said on February 10, 2015 at 8:16 pm
      Reply

      Yes it is quite large this time.

  3. ilev said on February 10, 2015 at 8:19 pm
    Reply

    @Tom Hawack
    Don’t understand why you are so concerned about KB3021917 and sending Telemetry report while your Windows OS is sending OS and personal data 24/7 to Microsoft and third-party companies via ~ 100 hidden services :

    http://archive.news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml

    That was in Vista, since than the user data harvesting has grown .

    1. tomhawack said on February 10, 2015 at 8:44 pm
      Reply

      @ilev, you’ve got a point and I’ll state my counter-point : It’s not because I am undressed except for the socks that I will consider the socks as negligible value! A soldier’s last stand :)

  4. Dwight Stegall said on February 10, 2015 at 9:56 pm
    Reply

    WTF is going on. That last Windows update screwed my system. I had to reinstall half my programs. :(

  5. Torro said on February 10, 2015 at 10:02 pm
    Reply

    My update was only 105.4 MB, with only 15 or so patches.

  6. SCBright said on February 10, 2015 at 10:06 pm
    Reply

    For me 1.3Gb including a new version of the MS Security Essentials Client o.O

    1. ilev said on February 11, 2015 at 7:30 am
      Reply

      My update is only 89.9 MB, with only 11 patches.

  7. Paul(us) said on February 10, 2015 at 11:14 pm
    Reply

    Hallo Martin, Thanks again for your information about this mount Microsoft updates.
    Thins mount not so much updates as you only 750Mb within 20 updates!

    But I had this mount a totally new thing I never experienced since Windows 3.1.

    A program update ( I am talking about a update for the Visual Studio 2010 Tools for
    Office Run-time – MS update number kb3001652 )who was totally lose from the Microsoft
    Mount (who was ongoing) update who was tricked by the monthly Microsoft update.

  8. himee said on February 11, 2015 at 5:29 am
    Reply

    Is MS15-009 for IE not cumulative this month? It doesnt appears to be like normal??

  9. NPX7 said on February 11, 2015 at 10:18 am
    Reply

    Ever since I installed the update the usb drive to my logitech k120 keyboard is not being recognized along with xbox360 controller and onetouch external hardrive. I sure hope this problem is resolved quickly.

    1. NPX7 said on February 12, 2015 at 1:52 am
      Reply

      Well for whatever reason it is working again. Does this website have magical power ;)

      1. DavidM said on February 12, 2015 at 3:13 am
        Reply

        You may need to do several ‘OS’ restart’s and additional updates for all to settle down.

        I had two additional updates after the initial one.

  10. winadm said on February 11, 2015 at 8:51 pm
    Reply

    What I am trying to figure out (so far without success) is:

    What are the implications of MS15-011 for Windows 7 and Windows 8 clients that roam, when those clients belong to a domain whose domain controller is a Windows 2003 Server?

    If you read the description of MS15-011 above, it references this Knowledgebase article: https://support.microsoft.com/kb/3000483 which describes the Group Policy setting changes required to eliminate the vulnerability associated with MS15-011.

    Since the associated Group Policy changes cannot be applied to the Windows 2003 Server, are those fully patched Windows 7 and 8 clients still vulnerable to the attacks described in MS15-011 when they connect to unprotected networks, such as the WiFi at the local coffee shop?

    Is there a way to set Group Policy in the clients to protect them, so that they continue to work with their Windows 2003 domain controller when they are on the office network?

    (Of course, the real solution is to replace the domain controller with a modern Windows Server, but what can be done to protect roaming clients in the meantime?)

    Here are some helpful links, but they do NOT answer the questions above:
    http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
    http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/

  11. BJC70 said on February 12, 2015 at 2:08 am
    Reply

    Mine (8.1) keeps stalling at 4 of 20. Like for 40/50 min saying don’t turn off – but only occasional flicker of drive activity.
    Apart from leaving it overnight – any tips?
    Anyone else had this sort of thing?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.