February 2015 security updates for Internet Explorer

February 10th, 2015

Microsoft Security Bulletin MS15-009

This critical security update resolves one publicly reported and 40 privately reported vulnerabilities in Internet Explorer. For more information, please see Microsoft Security Bulletin MS15-009.

Security Update for Flash Player (3021953)

This security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB15-04. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the Microsoft Security Advisory 2755801.

Disabling SSL 3.0 fallback and disabling SSL 3.0

As communicated in our December 2014 security updates blog, today we’re releasing an update that prevents insecure fallback to SSL 3.0 in Internet Explorer 11 for Protected Mode sites. This setting is turned on by default. For more information, please see KB3038778.

When will Internet Explorer disable SSL 3.0?

In the April 14, 2015 Internet Explorer update, we plan to disable SSL 3.0 by default in Internet Explorer 11.

How can I test if my server will be impacted?

Disabling SSL 3.0 in your browser will allow you to see which sites use a connection over SSL 3.0 and need to be updated. We encourage users to use the workarounds and easy, one-click Fix it provided in Security Advisory 3009008 to disable SSL 3.0 in your browser.

Staying up-to-date

Most customers have automatic updates enabled and will not need to take any action because these updates will be downloaded and installed automatically. Customers who have automatic updates disabled need to check for updates and install this update manually.