First Patch Tuesday for January 2015

    Photo By Jason Scott - Flickr: IMG_9976 - CC-BY-2.0 via Wikimedia Commons

    January 2015 – 1 Critical and 7 Important Fixes

    The first Patch Tuesday for 2015 has been released and Windows sysadmins will be busy updating as usual.

    This release includes 8 fixes with 1 listed as Critical and 7 more listed as Important. It’s always vital to make sure your systems are fully patched but Windows admins may feel some comfort knowing that the only critical issue is one that affects the Windows Telnet Service.

    The Telnet service is not installed by default on any modern versions of Windows so this will affect a relatively small number of installations. But if you are using Telnet to support older systems then be sure to patch ASAP because the current vulnerability could be used for remote code execution.

    Use FrameFlow to Detect Telnet Servers

    Worried that you may have Telnet servers lurking on your network? Did you know you can easily use FrameFlow to scan and report if it finds any?

    With a little trick you can use FrameFlow’s Telnet event monitor to scan your systems. First, add a new Telnet event monitor and set it check all of your systems. Turn on the option to “Warn if the Telnet server is unreachable”. That sounds backwards (and it is) but we’re going to use reverse logic to find them. Run the event and when it completes, go to the Last Status tab for the event monitor. Now anything listed in green is a system that probably has a Telnet server and needs patching right away.

    Some companies choose to run Telnet servers on non-standard ports. If that’s the case in your organization then you can modify the port number in the event monitor settings and run it again.

    Full List of Patches

    January’s delivery also includes a fix for an escalation of privilege issue that caused a stir when Google revealed it just days before the patch was issued. Google even provided sample code to show how use the exploit.

    For full list of all the fixes included in this Patch Tuesday see the Microsoft Security Bulletin Summary for January 2015 on Microsoft’s official site.