Just a week after they made changes to their advanced notification service for “casual” customers for 2015, Microsoft released eight security bulletins to patch various security vulnerabilities with only one considered “critical.”
Microsoft Rates 7 Bulletins as ‘Important’, 1 as ‘Critical’
The security update rated “critical” is the Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393), or MS15-002, which affects various Microsoft Windows versions and could allow remote code execution on affected systems. According to the bulletin, only customers who enable the Telnet service are vulnerable. The bulletin also reports that Telnet is not installed by default on Windows Vista later operating systems.
MS15-005 and MS15-006 are both bulletins rated as ‘Important’ that describe a security feature bypass, which result in a system restart. Four of the ‘Important’ bulletins describe an elevation of privilege.
End of Mainstream Support for Windows 7
The first Patch Tuesday for the year also signals the end of mainstream support for Windows 7. This means that non-security updates will no longer be provided, but security updates will still be sent out. Windows 7 will end all support in January 2020.
It is highly recommended for users and system administrators to immediately patch these system vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:
- 1006439 – Microsoft Windows Telnet Service Buffer Overflow Vulnerability (CVE-2015-0014)
- 1006441 – Microsoft Windows Components Directory Traversal Elevation Of Privilege Vulnerability (CVE-2015-0016)
- 1006372 – Microsoft Network Policy Server RADIUS Implementation Denial Of Service Vulnerability (CVE-2015-0015)
More information about these bulletins and their corresponding Trend Micro solutions are posted at our Threat Encyclopedia Page: January 2015 – Microsoft Releases 8 Security Advisories.