Virtual Administrator’s January 2015 Patch Recommendations

8 Security Bulletins were released – 1 Critical, 7 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS15-002 is rated Critical. After your next patch cycle completes you should follow up and make sure it is installed.

No out-of-band updates were released during the last month.

Update on past patches: MS14-080/KB3008923 “Cumulative Security Update for Internet Explorer”

KB3008923 caused problems with IE11 and IE 9 – see below. The fix for IE11 was released as KB3025390 and can be deployed through WSUS and Kaseya patch management. It has been approved in our patch policies. The fix for IE9 (KB3025945) can be manually downloaded at the Microsoft Update Catalog (http://catalog.update.microsoft.com/v7/site/Home.aspx) by searching for KB3025945.

ClubMSP has a script to deploy KB3025945 available as a free download here:
Windows 7 Service Pack 1 (SP1)/Windows Server 2008 R2 (SP1) – http://clubmsp.com/msp/script/ie9-kb3025945-silent-install-win72008-r2/
Windows Server 2008 Service Pack 2 (SP2) – http://clubmsp.com/msp/script/ie9-kb3025945-silent-install-win-2008/

“Some web application modal dialog boxes don’t work correctly in Internet Explorer 11 after you install update 3008923” – http://support2.microsoft.com/default.aspx?scid=kb;en-us;3025390
“Internet Explorer 9 stops working after you install update 3008923 in Windows” – http://support2.microsoft.com/kb/3025945/en-us?sd=rss

Notable news: Windows 7 mainstream support ends

Windows 7 went out of mainstream support on January 13, 2015. Windows 7 will still receive security updates until January 14, 2020
Windows lifecycle fact sheet
http://windows.microsoft.com/en-us/windows/lifecycle

Exploitability

Requires Restart

  • Servers:True
  • Workstations:True

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS15-002 Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393) (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends specially crafted packets to an affected Windows server.
Details
KB in Kaseya: KB3020393
Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2
Known Issues per MS:

IMPORTANT

MS15-001 Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Details
KB in Kaseya: KB3023266
Affected Software: Windows 7/8/8.1, Server 2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-003 Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB3021674
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS15-004 Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application.
Details
KB in Kaseya: KB3019978, KB3020387, KB3020388, KB3023299
Affected Software: Windows 7/8/8.1, Server 2008R2/2012/2012R2, Windows RT
Known Issues per MS: https://support.microsoft.com/kb/3025421
MS15-005 Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777) (Microsoft Windows) The vulnerability could allow security feature bypass by unintentionally relaxing the firewall policy and/or configuration of certain services when an attacker on the same network as the victim spoofs responses to DNS and LDAP traffic initiated by the victim.
Details
KB in Kaseya: KB3022777
Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2
Known Issues per MS:
MS15-006 Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365) (Windows Error Reporting ) The vulnerability could allow security feature bypass if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain access to the memory of a running process.
Details
KB in Kaseya: KB3004365
Affected Software: Windows 8/8.1, Server 2012/2012R2, Windows RT
Known Issues per MS:
MS15-007 Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029) (Microsoft Windows) The vulnerability could allow denial of service on an Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to the IAS or NPS.
Details
KB in Kaseya: KB3014029
Affected Software: Server 2003/2008/2008R2/2012/2012R2
Known Issues per MS:
MS15-008 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application on an affected system. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Details
KB in Kaseya: KB3019215
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS: