Virtual Administrator’s February 2015 Patch Recommendations

9 Security Bulletins were released – 3 Critical, 6 Important, and 0 Moderate

This Month In Brief

We are releasing all security patches this month, however many of these have known issues that you should be aware of and are documented below. These known issues have workarounds and/or can be corrected by uninstalling the given patch.

MS15-009, MS15-010 and MS15-011 are rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.

There were a few out-of-band patches released to address Adobe Flash Player vulnerabilities. We released them as they became available – KB3021953, KB3035034, KB3033408
Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
– https://technet.microsoft.com/library/security/2755801

Known issues and considerations

Security Bulletins

MS11-009
KB3023607 Some AnyConnect clients give the “Failed to initialize connection subsystem” error.
Updates 3036197 and 3023607 are installed automatically and transparently together with security update 3021952.
http://www.infoworld.com/article/2883756/security/microsoft-s-ssl-3-0-poodle-busting-patch-kb-3023607-breaks-cisco-s-popular-vpn-client-anyconnect.html
Known Issues per MS: https://support.microsoft.com/kb/3023607

These updates may require a second reboot to complete. KB3021952 must be installed before installing updates 3023607 and 3036197. Kaseya should take care of this automatically as patches are installed in order form lowest to highest KB number.

MS15-010
KB3013455 May cause font corruption. The problem only occurs on systems that are running Windows Vista SP2 or Windows Server 2003 SP2.
Known Issues per MS: https://support.microsoft.com/kb/3036220
Microsoft Community:http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/kb3013455-ms15-010-causes-font-corruption/8640d38d-19bd-46b6-9af0-6213c05107d3

MS15-011 & MS15-014
Hardening Group Policy – This update provides the ability to harden group policy but steps must be taken by the administrator to enabled the additional protection. Please review the links below
https://support.microsoft.com/kb/3000483
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
https://www.jasadvisors.com/about-jas/jasbug-security-vulnerability-fact-sheet/
Note This security update includes some files that are in security update 3031432. See below MS15-011 and MS15-015

MS15-015
KB3031432 “This security update may cause some programs or games to fail if they rely on undocumented APIs or if they access operating system components in unsupported ways. Please contact the manufacturer of your program or game for more information. ”
Known Issues per MS: https://support.microsoft.com/kb/3031432

MS15-011 and MS15-015
These two share a common known issue
Child package behavior
Customers who install this security update may face a known issue in which error 1108 is generated in the Security event log instead of the usual 4688 audit event. To address this issue, update 3004375 must be installed together with this update (update 3031432).
Known Issues per MS: https://support.microsoft.com/kb/3031432

Non-security updates
Critical Updates (High Priority)

KB3001652 Update for Microsoft Visual Studio 2010 Tools for Office Runtime
Microsoft pulled this patch the day after it was released but has since rereleased it. The new patch is considered safe to install

KB2920732 Update for PowerPoint 2013
Microsoft has pulled this patch
http://support.microsoft.com/KB/2920732

Exploitability

• Publically disclosed:
• Being exploited: MS15-009
• Rated CRITICAL: MS15-009, MS15-010, MS15-011
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS15-009 Security Update for Internet Explorer (3034682)	(Internet Explorer) The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB3021952, KB3034196 Affected Software: Internet Explorer 6-11 Known Issues per MS: https://support.microsoft.com/kb/3023607
	MS15-010 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)	(Microsoft Windows) The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts. Details KB in Kaseya: KB3013455, KB3023562 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS: https://support.microsoft.com/kb/3036220
	MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)	(Microsoft Windows) The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. Details KB in Kaseya: KB3000483 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS: https://support.microsoft.com/kb/3000483

IMPORTANT

	MS15-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)	(Microsoft Office) The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. Details KB in Kaseya: KB2920753, KB2920788, KB2920791, KB2920810, KB2956058, KB2956066, KB2956073, KB2956070, KB2956073, KB2956081, KB2956092, KB2956097, KB2956098, KB2956099 Affected Software: Office 2000/2007/2010/2013 Known Issues per MS:
	MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)	(Microsoft Office) The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. Details KB in Kaseya: KB2910941, KB2920748, KB2920795 Affected Software: Office 2007/2010/2013 Known Issues per MS:
	MS15-014 Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)	(Microsoft Windows) The vulnerability could allow security feature bypass if an attacker, by way of a man-in-the-middle attack, causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable. Details KB in Kaseya: KB3004361 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)	(Microsoft Windows) The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. Details KB in Kaseya: KB3031432 Affected Software: Vista, Windows 7/8/8.1, Server 2008R2/2012/2012R2, Windows RT Known Issues per MS: https://support.microsoft.com/kb/3031432
	MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)	(Microsoft Windows) The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted TIFF image. Details KB in Kaseya: KB3029944 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)	(Microsoft Server Software) The vulnerability could allow elevation of privilege if an attacker logs on an affected system. Details KB in Kaseya: KB3023195, KB2992024 Affected Software: Microsoft System Center Virtual Machine Manager Known Issues per MS: