Microsoft Security Bulletins For February 2015

Welcome to the Microsoft security release overview for February 2015. You find information about each security bulletin that Microsoft released this month.

Since the company releases bulletins for all its products, you will find information about affected operating systems and other Microsoft products below.

In addition to that, a list of non-security updates and security updates that Microsoft released since January's patch day are also provided.

The guide begins with a summary that lists the most important information. It walks you through the operating system distribution and product distribution, security bulletins and other updates afterwards.

Download information and sources are provided in the end as well.

Executive Summary

1. Microsoft released a total of nine different bulletins in February 2015 fixing 56 unique vulnerabilities and exposures.
2. Three of the bulletins have received the highest severity rating of critical.
3. Affected products include all client and server Windows operating systems and various Microsoft Office versions.

Operating System Distribution

All client operating systems with the exception of Windows Vista share the same vulnerabilities and severity ratings. Vista is the only client system not affected by MS15-015.

Windows Server 2008 R2 and newer versions of Windows Server share the same vulnerability distribution while Windows Server 2008 and 2003 are not affected by MS15-015 either.

• Windows Vista: 2 critical, 3 important
• Windows 7:  3 critical, 3 important
• Windows 8: 3 critical, 3 important
• Windows 8.1: 3 critical, 3 important
• Windows RT: 3 critical, 3 important
• Windows RT 8.1:  3 critical, 3 important
• Windows Server 2003: 4 important, 1 moderate
• Windows Server 2008: 1 critical, 3 important, 1 moderate
• Windows Server 2008 R2: 2 critical, 3 important, 1 moderate
• Windows Server 2012: 2 critical, 3 important, 1 moderate
• Windows Server 2012 R2: 2 critical, 3 important, 1 moderate
• Server Core installation: 2 critical, 3 important

Other Microsoft Products

• Microsoft System Center Virtual Machine Manager 2012 R2: 1 important
• Microsoft Office 2007: 2 important
• Microsoft Office 2007: 2 important
• Microsoft Office 2013: 2 important
• Microsoft Office 2013 RT: 2 important
• Other Office Software: 1 important
• Microsoft SharePoint Server 2010: 1 important
• Microsoft Office Web Apps 2010: 1 important

Security Bulletins

MS15-009 - Security Update for Internet Explorer (3034682) - Critical - Remote Code Execution
MS15-010 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220) - Critical - Remote Code Execution
MS15-011 - Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) - Critical - Remote Code Execution
MS15-012 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328) - Important - Remote Code Execution
MS15-013 - Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857) - Important - Security Feature Bypass
MS15-014 - Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361) - Important - Security Feature Bypass
MS15-015 - Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) - Important - Elevation of Privilege
MS15-016 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944) - Important - Information Disclosure
MS15-017 - Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898) - Important - Elevation of Privilege

Other security related updates

• Security Bulletin re-released: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
• Security Advisory: Update for Windows Command Line Auditing (3004375)
• Security Advisory revised: Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008)
• Microsoft Internet Explorer 11 will prevent insecure fallback to SSL 3.0 protected mode sites from today on.
• Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3021953)
• Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 ( KB3035034)
• Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 ( KB3033408)

Non-security related updates

• Update for Windows 7 (KB2952664) - Compatibility update for upgrading Windows 7
• Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955808) - A VPN connection through a third-party VPN server disconnects after an hour on a computer that is running Windows 8.1 or Windows 8
• Update for Windows 8.1 and Windows 8 (KB2976978) - Compatibility update for Windows 8.1 and Windows 8
• Update for Windows 7 (KB2977759) - Compatibility update for Windows 7 RTM
• Update for Windows 7 and Windows Server 2008 R2 (KB3004394) - December 2014 update for Windows Root Certificate Program in Windows
• Update for Windows 7 and Windows Server 2008 R2 (KB3005788) - Printing preferences window appears behind a RemoteApp window in Windows 7 or Windows Server 2008 R2
• Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3016074)
• Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB3019868)
• Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3020338)
• Update for Windows 7 (KB3021917)
• Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB3034394)
• Windows Malicious Software Removal Tool - February 2015 (KB890830)/Windows Malicious Software Removal Tool - February 2015 (KB890830) - Internet Explorer Version
• Update for Windows 8.1 ( KB3014460)
• Update for Windows 7 ( KB2990214)
• Update for Windows 8.1 ( KB3014460)

How to download and install the February 2015 security updates

The updates are already available via Microsoft's Windows Update service and comparable business and Enterprise update solutions.

It is advised to backup the system and test the updates before they are applied to it as it may be difficult to restore it when things go wrong.

Home users can check for updates using the following method:

• Tap on the Windows key to open the start menu or start screen.
• Type Windows Update and load the result that comes up.
• A click on check for updates run the update check.
• You can select to install all or only some of the available updates.

Updates are also available on Microsoft's Download Center, the monthly security ISO images that the company releases, or third-party tools like WSUS.

Additional information

• Microsoft Security Response Center blog on the 2015 Bulletin Release
• Microsoft Security Bulletin Summary for February 2015
• List of software updates for Microsoft products
• Our in-depth update guide for Windows