Endpoint Protection

 View Only

Microsoft Patch Tuesday – January 2015 

Jan 13, 2015 03:57 PM

ms-tuesday-patch-key-concept-white-light 2_1.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 8 vulnerabilities. One of this month's issues is rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms15-jan

The following is a breakdown of the issues being addressed this month:

  1. MS15-001 Vulnerability in Windows AppCompatCache Could Allow Elevation of Privilege (3023266)

    Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability (CVE-2015-0002) MS Rating: Important

    An elevation of privilege vulnerability exists in how Microsoft Windows Application Compatibility Infrastructure (AppCompat) improperly checks the caller's impersonation token authorization to write to the AppCompat cache. An attacker could attempt to exploit this vulnerability by inserting an entry into the AppCompat cache that points to a privileged application they want to execute.

  2. MS15-002 Vulnerability in Windows Telnet Service Could Cause Remote Code Execution (3020393)

    Windows Telnet Service Buffer Overflow Vulnerability (CVE-2015-0014) MS Rating: Critical

    A buffer overflow vulnerability that could allow a remote code execution exists in Windows Telnet service. The vulnerability is caused when telnet service improperly validates the memory location. An attacker who successfully exploited this vulnerability could run arbitrary code on a target server. An attacker could attempt to exploit this vulnerability by sending specially crafted telnet packets to a Windows server.

  3. MS15-003 Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)

    Microsoft User Profile Service Elevation of Privilege Vulnerability (CVE-2015-0004) MS Rating: Important

    An elevation of privilege vulnerability exists in how the Windows User Profile Service (ProfSvc) validates user privilege. A local attacker who successfully exploited this vulnerability could run arbitrary code on a target system.

  4. MS15-004 Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)

    Directory Traversal Elevation of Privilege Vulnerability (CVE-2015-0016) MS Rating: Important

    An elevation of privilege vulnerability exists in Windows Components. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

  5. MS15-005 Vulnerability in NLA Could Allow Security Feature Bypass (3022777)

    NLA Security Feature Bypass Vulnerability (CVE-2015-0006) MS Rating: Important

    A security feature bypass vulnerability exists in the Network Location Awareness (NLA) service that could unintentionally relax the firewall policy and/or configuration of certain services. This could increase the surface exposed to an attacker. The vulnerability is caused when the NLA service fails to properly validate if a domain-connected machine is connected to the domain or to an untrusted network.

  6. MS15-006 Vulnerability in WER Could Allow Security Feature Bypass (3004365)

    Windows Error Reporting Security Feature Bypass Vulnerability (CVE-2015-0001) MS Rating: Important

    A security feature bypass vulnerability exists in the context of the current user that is caused when Windows Error Reporting incorrectly handles access to process memory that could allow an attacker to create unencrypted memory dumps of the LSASS process. An attacker who successfully exploited this vulnerability could read the memory of a running process that would normally be unavailable. An attacker could use an executable to dump memory from a running process.

  7. MS15-007 Vulnerability in Network Policy Server RADIUS Could Cause Denial of Service (3014029)

    Network Policy Server RADIUS Implementation Denial of Service Vulnerability (CVE-2015-0015) MS Rating: Important

    A denial of service vulnerability exists in Network Policy Server RADIUS. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted user name strings to an Internet Authentication Service (IAS) or Network Policy Server (NPS), causing a denial of service condition for RADIUS authentication on the IAS or NPS. The denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS. An attacker who successfully exploited the vulnerability could cause the target system to stop responding.

  8. MS15-008 Vulnerabilities in Windows Kernel Mode Drivers Could Allow Elevation of Privilege (3019215)

    WebDAV Elevation of Privilege Vulnerability (CVE-2015-0011) MS Rating: Important

    An elevation of privilege vulnerability exists in the WebDAV kernel-mode driver (mrxdav.sys) when it fails to properly validate and enforce impersonation levels. An attacker who successfully exploited this vulnerability could bypass impersonation level security and gain elevated privileges on a targeted system, which could allow them to intercept WebDAV requests for files from any server (including corporate SharePoint sites) and redirect those file requests to return any, potentially malicious, files of the attacker's choosing.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.