On February 10, 2015, Microsoft released its scheduled patch update for February 2015. This month's updates cover vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office. Nine security bulletins have been released to address these issues.
Customers are advised to install all applicable updates as soon as possible.
Microsoft Security Bulletin Summary for February 2015
On February 4, 2015, a zero-day universal cross-site scripting (XSS) vulnerability (CVE-2015-0072) has been discovered in Microsoft Internet Explorer. The vulnerability affects Internet Explorer 11 on Windows 7 and Windows 8.1. With this vulnerability, a determined attacker can craft an email containing a link that leads to a malicious website. At this time, there are no indications that this vulnerability has been exploited in the wild.
Universal XSS vulnerability discovered in Microsoft Internet Explorer
On February 2, 2015, Adobe released a security bulletin for a zero-day vulnerability in Adobe Flash Player. There are reports that the Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0313) is actively being exploited in the wild via drive-by download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
On February 4, 2015, Adobe released security updates to fix the vulnerability.
Adobe Security Bulletin APSA15-02