JASBUG vulnerabilty (ms15-011) patching requirements – February 18, 2015 deadline

On February 10, 2015, Microsoft released a security update to resolve a ‘critical’ vulnerability (referred to as the JASBUG) in Windows operating systems.

Systems Affected

• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8
• Windows 8.1
• Windows Server 2012
• Windows Server 2012 R2
• Windows RT
• Windows RT 8.1
• Windows Server 2003
• Windows 2000
• Windows XP

Overview

Operators of information systems should apply the necessary update: MS15-011. The order in which system administrators should prioritize the patching of agency information systems:

• Within 1 week: domain controllers, desktops, laptops
• Within 2 weeks: all other systems

Reporting Requirements

• By COB Thursday, February 12, 2015, please designate a point of contact to serve as your agency’s JASBUG vulnerability coordinator.
• By February 13, 2015, all Federal agencies should submit a current inventory of all Microsoft operating systems.
• By February 18, 2015, Federal agencies should patch domain controllers, desktops, and laptops.
• By February 25, 2015, Federal agencies should patch all ot