As part of a long-established tradition unofficially dubbed Patch Tuesday, this month’s second Tuesday saw no less than eight updates deployed in total to amend glitches rated important or critical. Interestingly, none of these address Internet Explorer defects, which may well be a first for the routine patch program.
That could be interpreted as good news by enduring IE fans, suggesting a certain level of stability has been reached at last after years of struggles. Or the exact opposite, with Redmond perhaps ready to throw in the towel and concentrate squarely on Spartan.
Still, no matter how you look at it, eight new Windows vulnerabilities are eight too many. The most serious is a critical issue in the Telnet service affecting systems running Vista, 7, 8 and 8.1, plus Windows Server 2003, 2008 and 2012.
Telnet isn’t enabled by default on Windows Server 2003, and isn’t installed altogether on fresher OS flavors than Vista. But it can be installed and enabled on all the platform iterations listed above, and once that’s done, remote codes are easily executable by resourceful attackers capable of sending “specially crafted packets” to infected Windows servers.
Given the bug’s alarming rating, we assume Microsoft knows of hackers who’ve capitalized on the exploit, so you’d better patch on before it’s too late if you’ve activated Telnet.
Both the glitch Google made public earlier this week, and the one brought to our attention a little while back, are deemed important but not critical by Microsoft. They’re elevation of privilege warnings, and can be put to rest once and for all.
As can another “important” elevation of privilege vulnerability found in Windows Components, a couple of security feature bypass dangers, a denial of service malfunction, and yet another elevation of privilege snag discovered in Windows Kernel-Mode Driver. We’d say all’s well that ends well, but we’re aware many Patch Tuesdays will follow.
