Microsoft Releases February 2015 Bulletin

National Cyber Awareness System

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information.

US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-FEB and apply the necessary updates.

Linux “Ghost” Remote Code Execution Vulnerability

National Cyber Awareness System:

The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Linux distributions employing glibc-2.18 and later are not affected.

US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu and Red Hat. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement.