Results 1 to 15 of 15
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    February brings a shower of nonsecurity updates




    PATCH WATCH

    February brings a shower of nonsecurity updates


    By Susan Bradley

    After a light January, this month's Patch Tuesday brings a full complement of security and nonsecurity updates. Staying true to current form, Microsoft had to recall one of its patches almost immediately but not soon enough for some Windows users.

    The full text of this column is posted at windowssecrets.com/patch-watch/february-brings-a-shower-of-nonsecurity-updates/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Kathleen Atkins; 2015-02-11 at 19:56.

  2. The Following User Says Thank You to Kathleen Atkins For This Useful Post:

    PhotM (2015-02-16)

  3. #2
    New Lounger
    Join Date
    Nov 2013
    Posts
    14
    Thanks
    1
    Thanked 1 Time in 1 Post
    There is a report on SANS ISC forums that 3209944 may affect fixed-width fonts (see last comment here). I usually wait for Susan's assessments before I install patches so I haven't tried it myself yet.

    patermann

  4. #3
    New Lounger
    Join Date
    Feb 2010
    Location
    NJ, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I also see 3032622, which is for Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package. This one isn't mentioned - is it good? Thanks.

  5. #4
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    170
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Quote Originally Posted by jaman57 View Post
    I also see 3032622, which is for Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package. This one isn't mentioned - is it good? Thanks.
    I have the same one offered, it appears to relate to a different version of Visual Studios to the one covered by the problem update 3001652. I'm putting it on hold pending further advice.

    Thanks for the excellent summary, Susan.

  6. #5
    New Lounger
    Join Date
    Nov 2012
    Posts
    10
    Thanks
    3
    Thanked 0 Times in 0 Posts
    KB3020338 was listed this month as a non-Security Windows 8/8.1 update, but I also got it on my Win 7 machines, probably because I installed KB3006226 last November.

  7. #6
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    170
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Quote Originally Posted by Bob Blumenfeld View Post
    KB3020338 was listed this month as a non-Security Windows 8/8.1 update, but I also got it on my Win 7 machines, probably because I installed KB3006226 last November.
    I have been offered it on my Win 7 machines too, but the MS document does refer to it as being for Win 7 as well as Win 8/8.1.

  8. #7
    New Lounger
    Join Date
    Nov 2012
    Posts
    10
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Looks like a "go" to me

    Quote Originally Posted by Tandor View Post
    I have been offered it on my Win 7 machines too, but the MS document does refer to it as being for Win 7 as well as Win 8/8.1.
    I'm going to install it on the basis of Susan's rec for Win 8.x.

  9. #8
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    170
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Quote Originally Posted by Bob Blumenfeld View Post
    I'm going to install it on the basis of Susan's rec for Win 8.x.
    Her recommendation for this and all other non-security updates is to wait until her next Patch Watch.

  10. The Following User Says Thank You to Tandor For This Useful Post:

    Bob Blumenfeld (2015-02-13)

  11. #9
    New Lounger
    Join Date
    Jun 2014
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The Version 40.0.2214.114 update mentioned in the OP is for the Chrome OS not the Chrome browser.

  12. #10
    New Lounger
    Join Date
    Nov 2012
    Posts
    10
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Tandor View Post
    Her recommendation for this and all other non-security updates is to wait until her next Patch Watch.
    You're right. And as a matter of fact, I didn't install it. I installed only the recommended security updates, but I did put it in my to-install-in-two-weeks list.

    Thanks.

  13. #11
    New Lounger
    Join Date
    Feb 2015
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool

    Quote Originally Posted by patermann View Post
    There is a report on SANS ISC forums that 3209944 may affect fixed-width fonts (see last comment here). I usually wait for Susan's assessments before I install patches so I haven't tried it myself yet.
    For whatever it's worth, it appears that it is security update 3013455, not 3209944 (I believe this should be 3029944), that is causing the font-rendering issues. I uninstalled 3013455 after experiencing the font issue, and the problem went away. I still have 3029944 installed.

  14. #12
    Star Lounger
    Join Date
    Nov 2011
    Location
    Calgary, AB, Canada
    Posts
    54
    Thanks
    51
    Thanked 2 Times in 2 Posts

    Exclamation A Large Series of Critical MS Public Vulnerabilities from US Cert.

    Hi Folks,

    As the subject line states, get ready for a significant number of MS and others' Patches in the near future.

    Bulletin (SB15-047)
    Vulnerability Summary for the Week of February 9, 2015


    Original release date: February 16, 2015

    EXCERPT


    Primary
    Vendor -- Product Description Published CVSS Score Source & Patch Info


    microsoft -- windows_2003_server The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." 2015-02-10 8.3 CVE-2015-0008


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0017


    microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066. 2015-02-10 9.3 CVE-2015-0018


    microsoft -- internet_explorer Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2015-02-10 9.3 CVE-2015-0019


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0020


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2015-02-10 9.3 CVE-2015-0021


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0022


    microsoft -- internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025. 2015-02-10 9.3 CVE-2015-0023


    microsoft -- internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023. 2015-02-10 9.3 CVE-2015-0025


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0026


    microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0035, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0027


    microsoft -- internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0048. 2015-02-10 9.3 CVE-2015-0028


    microsoft -- internet_explorer Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2015-02-10 9.3 CVE-2015-0029


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0030


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0031


    microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0035


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0036


    microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066. 2015-02-10 9.3 CVE-2015-0037


    microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046. 2015-02-10 9.3 CVE-2015-0038


    microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0039


    microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066. 2015-02-10 9.3 CVE-2015-0040


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0036. 2015-02-10 9.3 CVE-2015-0041


    microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0046. 2015-02-10 9.3 CVE-2015-0042


    microsoft -- internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2015-02-10 9.3 CVE-2015-0043


    microsoft -- internet_explorer Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0050. 2015-02-10 9.3 CVE-2015-0044


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0053. 2015-02-10 9.3 CVE-2015-0045


    microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0042. 2015-02-10 9.3 CVE-2015-0046


    microsoft -- internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0028. 2015-02-10 9.3 CVE-2015-0048


    microsoft -- internet_explorer Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2015-02-10 9.3 CVE-2015-0049


    microsoft -- internet_explorer Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044. 2015-02-10 9.3 CVE-2015-0050


    microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0052


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0045. 2015-02-10 9.3 CVE-2015-0053


    microsoft -- windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." 2015-02-10 7.2 CVE-2015-0057


    microsoft -- windows_8.1 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability." 2015-02-10 7.2 CVE-2015-0058


    microsoft -- windows_2003_server Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability." 2015-02-10 7.2 CVE-2015-0062


    microsoft -- excel Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability." 2015-02-10 9.3 CVE-2015-0063


    microsoft -- office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability." 2015-02-10 9.3 CVE-2015-0064


    microsoft -- word Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability." 2015-02-10 9.3 CVE-2015-0065


    microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040. 2015-02-10 9.3 CVE-2015-0066


    microsoft -- internet_explorer Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2015-02-10 9.3 CVE-2015-0067


    microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0052. 2015-02-10 9.3 CVE-2015-0068

    Hope this is helpful to somebody,

    Best Regards,

    Crysta
    Last edited by PhotM; 2015-02-16 at 17:02. Reason: Typos

  15. #13
    Lounger
    Join Date
    Dec 2009
    Location
    Chicago, IL
    Posts
    38
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jaman57 View Post
    I also see 3032622, which is for Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package. This one isn't mentioned - is it good? Thanks.
    Did I miss seeing an answer to Jaman57' question re 3032622? Also, even though I have my updates set to notify only, I don't recall installing/allowing an update from C++ 2010 to 2012 that was installed on Feb11th on my Win7 Pro HP Probook but not on my main Win7 Pro desktop machine -- any thoughts on how I missed that? Thanks ...

  16. #14
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    170
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Quote Originally Posted by TerryGH View Post
    Did I miss seeing an answer to Jaman57' question re 3032622? Also, even though I have my updates set to notify only, I don't recall installing/allowing an update from C++ 2010 to 2012 that was installed on Feb11th on my Win7 Pro HP Probook but not on my main Win7 Pro desktop machine -- any thoughts on how I missed that? Thanks ...
    I raised it after the latest Patch Watch, and Susan Bradley answered it. I haven't installed it yet but will report back when I have done. I'm clearing the remaining updates covered by both of this month's Patch Watches first.

    http://windowssecrets.com/forums/sho...kernel-patches

  17. #15
    2 Star Lounger csmart4125's Avatar
    Join Date
    May 2012
    Location
    Michigan
    Posts
    199
    Thanks
    121
    Thanked 9 Times in 7 Posts
    Other readers will probably want to know there's a new Java RE update for Win 7 32 bit. The new version is version 8 update 40.

    There may be updates for other versions of Win; however, I'm running only 32-bit Win 7.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •