20150114, Microsoft January 14 released 8 security patches

Hello, we are Microsoft Greater China Security Support team.

Microsoft released 8 new security bulletins in Beijing January 14, 2015, of which 1 were critical levels and 7 were critical levels, fixing 8 vulnerabilities in Microsoft Windows. The vulnerabilities fixed by ms15-001 and ms15-003 have been publicly disclosed. Microsoft has been informed of a limited exploit for the vulnerability that ms15-004 has fixed.

ms15-001 | Vulnerability in Windows application compatibility cache Could allow elevation of privilege (3023266)

This vulnerability allows elevation of privilege when an attacker logs on to the system and runs a specially crafted application. Successful exploitation of this vulnerability could allow an authenticated attacker to bypass existing permission checks performed during the cache modification of the Microsoft Windows Application compatibility component and execute arbitrary code with elevated privileges.

ms15-003 | Vulnerability in Windows User profile Service Could allow elevation of privilege (3021674)

The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. A local attacker who successfully exploited this vulnerability could use elevated privileges to run arbitrary code on the target system. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

ms15-004 | Vulnerability in Windows components could allow elevation of privilege (3025421)

The vulnerability could allow elevation of privilege if an attacker convinces a user to run a specially crafted application. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker can then install the program, view, change, or delete data, or create a new account with full user rights.

Meanwhile, Microsoft has re-released a patch

ms14-080 | Cumulative security update for Internet Explorer (3008923)

Microsoft has re-released ms14-080 to fully address vulnerability cve-2014-6363. In addition to installing update 3008923, customers running Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also have update 3029449 installed, which was added through the republishing. Customers who have successfully installed the 3008923 update (which has not changed since the original release) do not need to reinstall.

Announcement ID	Announcement Title and Executive summary	Highest severity rating and vulnerability impact	Restart requirements	The Affected Software
ms15-001	Vulnerability in Windows application compatibility cache Could allow elevation of privilege (3023266)	Important Privilege elevation	Reboot required	Microsoft Windows
ms15-002	Vulnerability in Windows Telnet service could Allow Remote Code execution (3020393)	Serious Remote Code Execution	May require a restart	Microsoft Windows
ms15-003	Vulnerability in Windows User profile Service Could allow elevation of privilege (3021674)	Important Privilege elevation	May require a restart	Microsoft Windows
ms15-004	Vulnerability in Windows components could allow elevation of privilege (3025421)	Important Privilege elevation	May require a restart	Microsoft Windows
ms15-005	Vulnerability in Network Location Awareness service could allow security feature bypass (3022777)	Important Security feature avoidance	Reboot required	Microsoft Windows
ms15-006	Vulnerability in Windows error reporting could allow security feature bypass (3004365)	Important Security feature avoidance	May require a restart	Microsoft Windows
ms15-007	Vulnerability in Network Policy server RADIUS implementation could lead to denial of service (3014029)	Important Denial of Service	May require a restart	Microsoft Windows
ms15-008	Vulnerability in Windows kernel-mode driver could allow elevation of privilege (3019215)	Important Privilege elevation	Reboot required	Microsoft Windows

For more information, refer to the January 2015 security Bulletin Summary:

Https://technet.microsoft.com/zh-cn/library/security/ms15-jan.aspx

Microsoft Security Response Center blog post (US):

Http://blogs.technet.com/b/msrc/archive/2015/01/13/january-2015-updates.aspx

Microsoft Greater China Security Support team??

20150114, Microsoft January 14 released 8 security patches