Patch Tuesday Wednesday (Jan-2015)

patch-tuesday Welcome to 2015 and the first Patch Tuesday using Microsoft’s new Advance Notification Service (ANS). This month Microsoft have released eight (8) security bulletins of which one (1) has a maximum rating of Critical and seven (7) have a maximum rating of Important.

❝ Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows. ❞ [1]

Bulletin KB number Description Impact / Severity Software
MS15-001 3023266 Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows
MS15-002 3020393 Vulnerability in Windows Telnet Service Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS15-003 3021674 Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows
MS15-004 3025421 Vulnerability in Windows Components Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows
MS15-005 3022777 Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft Windows
MS15-006 3004365 Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft Windows
MS15-007 3014029 Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service Important:
Denial of Service
Microsoft Windows
MS15-008 3019215 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows

Microsoft has re-released the following existing Security Bulletin today: Microsoft Security Bulletin (MS14-080)
Microsoft has revised the following existing Security Advisory today: Microsoft Security Advisory (2755801)

PATCH NOW:
* MS15-004 – exploited in limited, targeted attacks
* MS15-002 – …if you have Telnet enabled on your servers

LINKS:
[1.] January 2015 Updates (2015-Jan-13) [MS: MSRC]
[2.] Microsoft Patch Tuesday – January 2015 (Really? Telnet?) (2015-Jan-13) [SANS]
[3.] Microsoft Security Bulletin Summary for January 2015 (2015-Jan-13) [MS]
Advertisements
This entry was posted in microsoft, patch, Patch_Tuesday. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s