Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Security

February's Patch Tuesday is All About IE

Microsoft released a sweeping set of 56 security fixes described across nine bulletins as part of its regularly scheduled “Patch Tuesday” updates yesterday. But fully 41 of those fixes are all contained in a single bulletin for all supported versions of Internet Explorer. And some of these fixes apply to IE 6, which shipped with Windows Server 2003 twelve years ago.

(Internet Explorer 6 had previously shipped with Windows XP in 2001, of course, but since Windows XP is no longer supported, that OS did not receive these updates.)

“This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer,” the Security Update for Internet Explorer (3034682) bulletin notes. “The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

That “publicly disclosed” bit is a jab at Google, which revealed the noted IE flaw—and a few others—in January despite Microsoft’s pleas to give it more time to fix the problem. But these flaws impact all supported versions of IE, dating back to IE 6 on Windows Server 2003, but also IE 7, 8, 9, 10 and 11.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

The other critical bulletin from the February set of updates is MS15-010, or Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution. It’s rated as critical on all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1, and as important on Windows Server 2003, Windows Vista, and Windows Server 2008.

“This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows,” the bulletin explains. “The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts.”

You can find the complete set of bulletins for February 2015—as well as previous months—on the Security TechCenter web site. But a breakdown of the remaining bulletins includes:

MS15-011 – Vulnerability in Group Policy Could Allow Remote Code Execution – Rated as critical, resolves a privately reported vulnerability in Microsoft Windows.

MS15-012 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – Rated as important, resolves three privately reported vulnerabilities in Microsoft Office.

MS15-013 – Vulnerability in Microsoft Office Could Allow Security Feature Bypass – Rated as important, resolves one publicly disclosed vulnerability in Microsoft Office.

MS15-014 – Vulnerability in Group Policy Could Allow Security Feature Bypass – Rated as important, resolves a privately reported vulnerability in Microsoft Windows.

MS15-015 – Vulnerability in Microsoft Windows Could Allow Elevation of Privilege – Rated as important,

MS15-016 – Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure – Rated as important, resolves a privately reported vulnerability in Microsoft Windows.

MS15-017 – Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege – Rated as important, resolves a privately reported vulnerability in Virtual Machine Manager (VMM).

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at Thurrott.com, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By