Microsoft patch Tuesday January 2015 brings Eight security bulletins covering a total of eight vulnerabilities.
Noticeably, high priority fix is for Windows Telnet Service which, if not fixed, can potentially allow Remote Code Execution .
No updates were made available for Internet Explorer.
Of the eight vulnerabilities one is rated Critical and Seven are rated important.
Critical security updates addresses security issues in Windows Telnet Service which, if not fixed, can potentially allow Remote Code Execution and the remaining seven important security updates address issues in the following components: Microsoft Application Compatibility Infrastructure, Microsoft User Profile Service, Network Location Awareness Service, Windows Error Reporting, Network Policy Server RADIUS and Windows Kernel-Mode Driver.
Microsoft addresses current Zero-Day vulnerability in Microsoft Application Compatibility Infrastructure – MS15-001, which allows Elevation of Privilege. This vulnerability was discovered and published by Google’s Project Zero team on 29th December 2014 i.e after 90 days from the initial intimation to Microsoft due to Google’s automatic disclosure policy.
Microsoft is not happy about with public disclosure since Microsoft requested Google to withhold details until Tuesday, January 13 according to this blog.
Microsoft also address one more publicly known vulnerability in Microsoft User Profile Service – MS15-003, which allows Elevation of Privilege.
Microsoft security bulletin summary for January 2015 in order of severity.
MS15-001: Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
Severity Rating: Important
Affected Software: Windows Application Compatibility
Impact: Elevation of Privilege
MS15-002: Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
Severity Rating: Critical
Affected Software: Windows Telnet Service
Impact: Remote Code Execution
MS15-003: Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
Severity Rating: Important
Affected Software: Windows User Profile Service
Impact: Elevation of Privilege
MS15-004: Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
Severity Rating: Important
Affected Software: Windows Components
Impact: Elevation of Privilege
MS15-005: Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
Severity Rating: Important
Affected Software: Network Location Awareness Service
Impact: Security Feature Bypass
MS15-006: Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
Severity Rating: Important
Affected Software: Windows Error Reporting
Impact: Security Feature Bypass
MS15-007: Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
Severity Rating: Important
Affected Software: Network Policy Server RADIUS
Impact: Denial of Service
MS15-008: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)
Severity Rating: Important
Affected Software: Windows Kernel-Mode Driver
Impact: Elevation of Privilege
SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download Saner now and keep your systems updated and secure.
– Veerendra GG