Virtual Administrator’s January 2015 Patch Recommendations

8 Security Bulletins were released – 1 Critical, 7 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS15-002 is rated Critical. After your next patch cycle completes you should follow up and make sure it is installed.

No out-of-band updates were released during the last month.

Update on past patches: MS14-080/KB3008923 “Cumulative Security Update for Internet Explorer”

KB3008923 caused problems with IE11 and IE 9 – see below. The fix for IE11 was released as KB3025390 and can be deployed through WSUS and Kaseya patch management. It has been approved in our patch policies. The fix for IE9 (KB3025945) can be manually downloaded at the Microsoft Update Catalog (http://catalog.update.microsoft.com/v7/site/Home.aspx) by searching for KB3025945.

ClubMSP has a script to deploy KB3025945 available as a free download here:
Windows 7 Service Pack 1 (SP1)/Windows Server 2008 R2 (SP1) – http://clubmsp.com/msp/script/ie9-kb3025945-silent-install-win72008-r2/
Windows Server 2008 Service Pack 2 (SP2) – http://clubmsp.com/msp/script/ie9-kb3025945-silent-install-win-2008/

“Some web application modal dialog boxes don’t work correctly in Internet Explorer 11 after you install update 3008923” – http://support2.microsoft.com/default.aspx?scid=kb;en-us;3025390
“Internet Explorer 9 stops working after you install update 3008923 in Windows” – http://support2.microsoft.com/kb/3025945/en-us?sd=rss

Notable news: Windows 7 mainstream support ends

Windows 7 went out of mainstream support on January 13, 2015. Windows 7 will still receive security updates until January 14, 2020
Windows lifecycle fact sheet
http://windows.microsoft.com/en-us/windows/lifecycle

Exploitability

• Publically disclosed: None
• Being exploited: None
• Rated CRITICAL: MS15-002
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers:True
• Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS15-002 Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)

(Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends specially crafted packets to an affected Windows server. Details KB in Kaseya: KB3020393 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2 Known Issues per MS:

IMPORTANT

	MS15-001 Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Details KB in Kaseya: KB3023266 Affected Software: Windows 7/8/8.1, Server 2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-003 Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. Details KB in Kaseya: KB3021674 Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS:
	MS15-004 Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. Details KB in Kaseya: KB3019978, KB3020387, KB3020388, KB3023299 Affected Software: Windows 7/8/8.1, Server 2008R2/2012/2012R2, Windows RT Known Issues per MS: https://support.microsoft.com/kb/3025421
	MS15-005 Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)	(Microsoft Windows) The vulnerability could allow security feature bypass by unintentionally relaxing the firewall policy and/or configuration of certain services when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic initiated by the victim. Details KB in Kaseya: KB3022777 Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2 Known Issues per MS:
	MS15-006 Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)	(Windows Error Reporting ) The vulnerability could allow security feature bypass if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain access to the memory of a running process. Details KB in Kaseya: KB3004365 Affected Software: Windows 8/8.1, Server 2012/2012R2, Windows RT Known Issues per MS:
	MS15-007 Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)	(Microsoft Windows) The vulnerability could allow denial of service on an Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to the IAS or NPS. Details KB in Kaseya: KB3014029 Affected Software: Server 2003/2008/2008R2/2012/2012R2 Known Issues per MS:
	MS15-008 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)	(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability. Details KB in Kaseya: KB3019215 Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT Known Issues per MS: