Critical Bulletins from Microsoft
Microsoft has issued eight security bulletins made to patch a number of security vulnerabilities with only one listed as ‘critical’, this just weeks after they implemented changes to their advanced notification service for casual customers.
The security update that Microsoft labeled as ‘critical’ is the Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (or MS14-002), which affects multiple Microsoft Windows versions and allows for remote code execution on affected systems. The bulletin stated that only customers who enable the Telnet service would be vulnerable, and also reported that Telnet is not installed by default on Windows Vista or any later operating systems.
MS15-005 and MS15-006 are both rated as ‘Important’ and describe a security feature bypass which would result in a system restart. Four of the bulletins marked ‘Important’ describe an elevation of privilege.
Mainstream Support for Windows 7 Ending
The end of mainstream support for Windows 7 was also announced as part of the first Patch Tuesday of the year. This dictates that non-security updates will no longer be provided for the system, but security updates will still be sent out.
All support for Windows 7 will end in January 2020.
Users and system administrators are recommended to immediately patch these system vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:
1006439 – Microsoft Windows Telnet Service Buffer Overflow Vulnerability (CVE-2015-0014)
1006441 – Microsoft Windows Components Directory Traversal Elevation Of Privilege Vulnerability (CVE-2015-0016)
1006372 – Microsoft Network Policy Server RADIUS Implementation Denial Of Service Vulnerability (CVE-2015-0015)