Patch Priority Index for February 2015

Bulletin CVE
MS15-011 CVE-2015-0008
MS15-009 CVE-2014-8967, CVE-2015-0017, CVE-2015-0018
APSB15-04 CVE-2015-0313, CVE-2015-0314, CVE-2015-0315
MS15-010 CVE-2015-0003, CVE-2015-0010, CVE-2015-0057
MS15-012 CVE-2015-0063, CVE-2015-0064, CVE-2015-0065
MS15-017 CVE-2015-0012
MS15-015 CVE-2015-0062
MS15-014 CVE-2015-0009
MS15-013 CVE-2014-6362
MS15-016 CVE-2015-0061

Tripwire's February Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.

We start off this month's PPI with MS15-011, the patch that isn't a patch. MS15-011 doesn't resolve a vulnerability but rather provides the mechanisms that enable you to mitigate a vulnerability. Microsoft has provided a rather extensive blog post discussing the vulnerability and the risks that are presented (http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx).

Following MS15-011, we have MS15-009, the latest Internet Explorer update. As usual, updating Internet Explorer as soon as possibly is greatly recommended.

Adobe's APSB15-04 for Flash Player is up next and it's critical that you remember to apply this patch. In last month's list, we mentioned APSB15-01, which also resolved vulnerabilities in Adobe Flash Player. Adobe has us in the habit of expecting a Flash update each month, however APSB15-02 and APSB15-03 were also Flash Player patches, meaning that 3 Adobe Flash Player updates were issued in January. The easiest way to ensure you're up-to-date is to install the latest patch.

Up next, we have a pair of code execution vulnerabilities affecting Windows Kernel Mode Drivers and Microsoft Office. A pair of privilege escalation vulnerabilities and a pair of security bypasses follows these. The final bulletin on the list is an information disclosure vulnerability in the TIFF image-processing engine.