It’s Patch Tuesday and Microsoft has released a total of eight security updates to patch vulnerabilities and exploits in its Windows operating systems.
Of the eight, one is rated ‘Critical’ while the others are all of ‘Important’ severity levels. The list below details the type of exploit and a small description of them.
- Bulletin #1 (Important) – Following Google publicizing a flaw in Windows before Patch Tuesday arrived, this bulletin patches the exploit that allows an elevation of privilege if an attackers logs in and runs a specifically crafted application. Attackers could then run arbitrary code with elevated privileges.
- Bulletin #2 (Critical) – This patches a vulnerability that allows for remote code execution if an attacker sends specially crafted packets to a Windows server via the Windows Telnet Service.
- Bulletin #3 (Important) – A patch for another elevation of privilege exploit in the Windows User Profile Service.
- Bulletin #4 (Important) – An elevation of privilege exploit security patch in Windows Components. Should an attacker convince a user to run a specifically crafted application it would give the attacker the same level of system privilege as the current user.
- Bulletin #5 (Important) – A security feature bypass patch in the Windows Network Location Awareness service.
- Bulletin #6 (Important) – Another patch to address a security feature bypass exploit in Windows Error Reporting. Attackers could use this exploit to gain access to the memory of running processes.
- Bulletin #7 (Important) – A denial of service prevention patch in Network Policy Server (RADIUS) implementation in Windows. Attackers could use a denial of service attacker by sending specially crafted username strings to an Internet Authentication Service (IAS) or Network Policy Server (NPS).
- Bulletin #8 (Important) – Another elevation of privilege patch, this time in the Windows Kernel-Mode Driver.
Systems affected by the aforementioned exploits include Windows Server 2003/2008/2008 R2/2012/ 2012 R2, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT and Windows RT 8.1. As for those running the Windows 10 Technical Preview, none of the bulletins apply.