Patch Tuesday! That time of the month where Microsoft takes the opportunity to release patches for vulnerabilities found in supported Windows versions, and this time around Internet Explorer dodged the bullet with no holes to patch... that is of course if you discount the nine vulnerabilities that were patched for Adobe's Flash plugin found in IE10 and 11.
All in all there were eight patches, with one rated "critical" and the rest rated "Important." Starting with the critical patch, (MS15-002) addressed a vulnerability found in Telnet Server component of Windows that can allow an attacker to execute code remotely by sending specially crafted packets to the Telnet port.
Telnet comes installed with Windows Server 2003 but is disabled by default, and needs to be added to clients that support it with the "Turn Windows features on or off" Control panel tool.
Two of the patches plug privilege escalation flaws that was disclosed by Google earlier this week, much to the dismay of Microsoft, those include one in the Windows Application Compatibility cache (MS15-001) and another in the User Profile Service (MS15-003).
The other bugs affected subsystems like Network Location Awareness (MS15-005), Windows Error Reporting (MS15-006), and Network Policy Server (MS15-007), in addition to other Windows components and drivers (MS15-004, MS15-008) which were also patched following private disclosure to Microsoft.
And finally, although there were no new vulnerabilities found in IE as mentioned earlier, Microsoft did issue a patch that addressed a problem with an earlier dodgy update to IE that caused instability and crashes - this also included nine fixes for Adobe Flash and AIR runtime software.
The Adobe bugs affect users on Windows, OS X and Linux, and patch six remote code execution flaws, which include an issue with improper file validation and a bug that could leak memory addresses which could allow an attacker to wreak havoc on a victim's system. The same Flash vulnerabilities are present in Chrome and other browsers as well, and a fix will be pushed shortly to the Adobe Flash Player Download Center, so watch out for that.
Via The Register