Patch Priority Index for February 2015
|MS15-009||CVE-2014-8967, CVE-2015-0017, CVE-2015-0018|
|APSB15-04||CVE-2015-0313, CVE-2015-0314, CVE-2015-0315|
|MS15-010||CVE-2015-0003, CVE-2015-0010, CVE-2015-0057|
|MS15-012||CVE-2015-0063, CVE-2015-0064, CVE-2015-0065|
Tripwire's February Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe.
We start off this month's PPI with MS15-011, the patch that isn't a patch. MS15-011 doesn't resolve a vulnerability but rather provides the mechanisms that enable you to mitigate a vulnerability. Microsoft has provided a rather extensive blog post discussing the vulnerability and the risks that are presented (http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx).
Following MS15-011, we have MS15-009, the latest Internet Explorer update. As usual, updating Internet Explorer as soon as possibly is greatly recommended.
Adobe's APSB15-04 for Flash Player is up next and it's critical that you remember to apply this patch. In last month's list, we mentioned APSB15-01, which also resolved vulnerabilities in Adobe Flash Player. Adobe has us in the habit of expecting a Flash update each month, however APSB15-02 and APSB15-03 were also Flash Player patches, meaning that 3 Adobe Flash Player updates were issued in January. The easiest way to ensure you're up-to-date is to install the latest patch.
Up next, we have a pair of code execution vulnerabilities affecting Windows Kernel Mode Drivers and Microsoft Office. A pair of privilege escalation vulnerabilities and a pair of security bypasses follows these. The final bulletin on the list is an information disclosure vulnerability in the TIFF image-processing engine.