Microsoft Security Bulletins For January 2015 - gHacks Tech News

Microsoft Security Bulletins For January 2015

Microsoft has just released security updates for January 2015 for all supported operating systems (Windows Vista to Windows 8.1) and other company products.

The updates are already available on Windows Update and you may want to run a manual check for updates to install them right away.

Below you find information about the January 2015 security bulletins that Microsoft released. It starts with the executive summary which highlights the most important update information.

You also find listed how individual operating system editions are affected by the update, how other Microsoft products are affected, and how to install the updates.

Last but not least, all security and non-security updates are listed as well with links and additional information such as severity or impact.

Executive Summary

  1. Microsoft released eight security bulletin this month fixing eight unique vulnerabilities in total.
  2. One of the bulletins received the highest severity rating of critical, the others a rating of important.
  3. Vulnerabilities affect only client and server operating systems.

Operating System Distribution

All desktop operating systems but Windows RT and RT 8.1 are affected by one bulletin in a critical way.

All server operating systems are also affected by one bulletin in a critical way.

  • Windows Vista: 1 critical, 3 important
  • Windows 7:  1 critical, 4 important
  • Windows 8: 1 critical, 5 important
  • Windows 8.1: 1 critical, 5 important
  • Windows RT: 4 important
  • Windows RT 8.1:  4 important
  • Windows Server 2003: 1 critical, 2 important
  • Windows Server 2008: 1 critical, 2 important
  • Windows Server 2008 R2: 1 critical, 4 important
  • Windows Server 2012: 1 critical, 5 important
  • Windows Server 2012 R2: 1 critical, 5 important
  • Server Core installation: 1 critical, 5 important

Security Bulletins

  • MS15-001 - Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266) - Important - Elevation of Privilege
  • MS15-002 - Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393) - Critical - Remote Code Execution
  • MS15-003 - Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674) - Important - Elevation of Privilege
  • MS15-004 - Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421) - Important - Elevation of Privilege
  • MS15-005 - Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777) - Important - Security Feature Bypass
  • MS15-006 - Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365) - Important - Security Feature Bypass
  • MS15-007 - Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029) - Important - Denial of Service
  • MS15-008 - Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215) - Important - Elevation of Privileges

Other security related updates

  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3008925)

Non-security related updates

  • Microsoft .NET Framework 4.5.2 for Windows 8, Windows RT, and Windows Server 2012 (KB2901982)
  • Microsoft .NET Framework 4.5.2 for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB2901983)
  • Microsoft .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2934520)
  • Microsoft .NET Framework 4.5.2 Language Packs for Windows 8, Windows RT, and Windows Server 2012 (KB2938103)
  • Microsoft .NET Framework 4.5.2 Language Packs for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2938104)
  • Windows Malicious Software Removal Tool - January 2015 (KB890830)/Windows Malicious Software Removal Tool - January 2015 (KB890830) - Internet Explorer Version
  • Update for Windows 8.1 (KB2997841) - System crashes after you restart or wake up the computer in Windows 8.1 or Windows RT 8.1
  • Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
  • Update for Windows 7 and Windows Server 2008 R2 (KB3024777) - Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2

How to download and install the January 2015 security updates

windows updates january 2015

All security updates are made available automatically via Microsoft's Windows Update service as well as business and enterprise related update services the company operates.

Most home users should get the patches automatically though. If you have disabled automatic updates you can check for updates manually at any time using Windows Update:

  1. Tap on the Windows-key and type Windows Update.
  2. Select the result from the results.
  3. Click on the check for updates button to run a check.

You can install some or all of the security patches displayed to you by the program.

Other options include visiting Microsoft's Download Center to download individual patches or to download this month's security ISO image containing them all.

Additional information

Summary
Microsoft Security Bulletins For January 2015
Article Name
Microsoft Security Bulletins For January 2015
Description
An overview of all security and non-security patches that Microsoft released in January 2015 for all supported operating systems and products.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Robert Palmar said on January 13, 2015 at 7:37 pm
    Reply

    These monthly security reviews complete with links are a great service, Martin.
    I like to examine the details of each new update before installing on my systems.

    1. Martin Brinkmann said on January 13, 2015 at 9:23 pm
      Reply

      Microsoft made my job harder than it should be unfortunately with all the changes that it introduced.

      Trying my best, glad that you find it useful.

  2. Paul(us) said on January 13, 2015 at 9:44 pm
    Reply

    Martin, Like every mouth I am thanking you for this mouth work you did on this monthly patch Tuesday article.
    But from this mouth on I am going to give you a even more hardly meant thank for your trouble, this because
    I read earlier this mount in one of your articles that Microsoft is not releasing any advanced security notifications,
    anymore before patches are made available, on Patch Tuesday.

  3. Pete said on January 13, 2015 at 10:07 pm
    Reply

    Notice that the:

    “MS15-002 – Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)”

    is only available IF you have “telnet” installed. According to MS:

    “Telnet is not installed by default on Windows Vista and later operating systems.”

    1. Martin Brinkmann said on January 13, 2015 at 10:22 pm
      Reply

      Interesting, wonder how many systems are affected by the vulnerability.

      1. Pete said on January 13, 2015 at 10:49 pm
        Reply

        Only those which have telnet installed. So, not so many if MS stopped installing it by default starting with Vista.

        I just mentioned this in case people start to wonder why their windows update doesn’t have the 3020393 offered. I noticed that I wasn’t offered this and read this info from the KB article.

      2. Martin Brinkmann said on January 13, 2015 at 11:21 pm
        Reply

        Pete, I was wondering about the number of systems that have Telnet enabled. It cannot really be that many, can it?

        I agree that it can be puzzling if you don’t get an update even though it is listed as available for your operating system. Thanks again.

    2. an said on January 14, 2015 at 5:59 pm
      Reply

      in my line of work which involves quite a lot of telnet related work, none.
      Where Telnet is needed I hardly see ever the MS telnet server beeing used. Mostly it is a 3rd part Telnet service.
      The MS telnet is only used for brief test cases.
      I think out of 100 telnet customers only 1 really uses the MS telnet.

  4. Dan said on January 13, 2015 at 11:53 pm
    Reply

    Maybe telnet is an issue for ATMs and other stuff still using XP embeds, otherwise no clue how many OS could need it. Thank you for reporting on Patch Tuesday this month; I now cringe and prepare to install what ones I’ll get since I see no problems yet reported here (unlike last month).

  5. ilev said on January 14, 2015 at 7:44 am
    Reply

    ********************************************************************
    Title: Microsoft Security Bulletin Releases
    Issued: January 13, 2015
    ********************************************************************

    Summary
    =======

    The following bulletins have undergone a major revision increment.

    * MS14-080 – Critical

    Bulletin Information:
    =====================

    MS14-080 – Critical

    – Title: Cumulative Security Update for Internet Explorer
    https://technet.microsoft.com/library/security/ms14-080
    – Reason for Revision: V2.0 (January 13, 2015): To address issues
    with Security Update 3008923, Microsoft re-released MS14-080 to
    comprehensively address CVE-2014-6363. In addition to installing
    update 3008923, customers running Internet Explorer 10 on Windows 8,
    Windows Server 2012, or Window RT should also install update
    3029449, which has been added with this rerelease. Customers who
    have already successfully installed the 3008923 update, which has
    not changed since its original release, do not need to reinstall
    it. See Microsoft Knowledge Base Article 3008923 for more
    information.

    Martine,

    On my Windows 7 64bit sp1 the Microsoft .NET Framework 4.5.2 is not-selected. Seems so too on your PC as well (only 7 important updates selected).

    1. Martin Brinkmann said on January 14, 2015 at 8:12 am
      Reply

      You are right, it is not installed by default.

      1. Paul B. said on January 14, 2015 at 1:52 pm
        Reply

        First time I can recall an “important” update not preselected. Why did it not go under Optional updates?

      2. Martin Brinkmann said on January 14, 2015 at 2:16 pm
        Reply

        Waiting for a statement from Microsoft, will let you know should they answer.

      3. Paul B. said on January 14, 2015 at 3:11 pm
        Reply

        The following seems a bit ambiguous, but I think it’s saying that 4.5.2 supersedes everything after 3.5. If that’s the case, it’s a pretty good way to simplify things:

        This version of the .NET Framework runs side-by-side with the .NET Framework 3.5 SP1 and earlier versions, but performs an in-place update for the .NET Framework 4, .NET Framework 4.5 and .NET Framework 4.5.1.

    2. Martin Brinkmann said on January 15, 2015 at 6:03 pm
      Reply

      Okay got word back from Microsoft. The update will be checked in the near future.

      “This is an expected behavior with large update releases. Once the rollout is complete, all users will see the box checked.” –a Microsoft spokesperson

      1. PJ said on January 26, 2015 at 5:35 pm
        Reply

        “This is an expected behavior with large update releases. Once the rollout is complete, all users will see the box checked.”

        Exactly 2 weeks after Jan 2015’s Patch Tuesday, KB2901983 (Microsoft .NET Framework 4.5.2, 52.4 MB) is still left unchecked at my Windows Update.

        At the left pane, KB2901983 is categorized as “Important”, but in the detailed right pane, it states: “Update type: Recommended”. Meanwhile, Microsoft’s KB2901983 page states: “The .NET Framework 4.5.2 product is offered as a recommended update.”

        So what does it mean when an update is Important-Recommended-Unchecked all at the same time ? To bypass or to install ?

  6. kinmokuchi said on January 14, 2015 at 3:20 pm
    Reply

    KB2901983 won’t install on my Windows 7 home basic service pack 1 , 8 GB RAM , Pentium P6100 (2 ghz) ,Sony vaio PC
    Tried again and again but it takes a lot of time (about half hour) and then fails , it is a recommended update , is it necessary , what can I do to successfully install it?

    Please advice , Thanks in Advance :)

  7. Richard said on January 14, 2015 at 4:34 pm
    Reply

    Hello.

    I have the same problem with KB2901983 as Kinmokuchi on a Windows 7 Professional 64-bit with 16GB RAM.
    The update installes and after rebooting, it asks again for the same update to be installed.

    So the update keeps coming back.

  8. Wayne said on January 14, 2015 at 10:14 pm
    Reply

    I had the same problem with KB2901983 not installing in Windows Updates.

    I downloaded this: “Microsoft .NET Framework 4.5.2 (Offline Installer) for Windows Vista SP2, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2” from here: http://www.microsoft.com/en-us/download/confirmation.aspx?id=42642 and all my problems went away. The KB2901983 no longer appears in Windows Update.

    1. Richard said on January 15, 2015 at 1:38 am
      Reply

      Thank you for sharing this solution Wayne.
      It seemed this has worked for me too. I used the download to repair the installation. After the reboot KB2901983 was back as before. So I installed it again. After the reboot it did not came back this time.
      Also I now got the windows stating updates were succeeded a you normally get. So it looks your solution worked.
      Thank you!

  9. upacrk1 said on February 14, 2015 at 3:33 pm
    Reply

    I just had a notification of 3 Windows updates on my Windows 7 64bit OS. One of them included KB2901983, marked as important, but not checked. I checked it and started the install along with the other 2 updates. It hesitated for quite a while on KB2901983 and I just walked away for maybe 20 minutes. When I got back, it said all 3 updates were successfully installed. After the required reboot, I am up and running with no obvious issues.

  10. Neda said on April 7, 2015 at 10:14 am
    Reply

    I thought I would give myBulletins a try – just to see how helpful it really is.

    My conclusion – it’s awful – flags up no less than 85 (yes eighty-five) things for the 8 bulletins actually issued today – and that’s when only patches for Windows and Windows Server have come out. I wonder how many more there would be if other products we use like Office or Visual Studio also had patches.

    I can see what I need to know a whole lot quicker with the security bulletin summary.

  11. Mirna said on December 10, 2015 at 9:58 pm
    Reply

    It seemed this has worked for me too. I used the download to repair the installation. After the reboot KB2901983 was back as before. So I installed it again. After the reboot it did not came back this time.

  12. Download said on August 15, 2017 at 1:31 pm
    Reply

    It seemed this has worked for me too. I used the download to repair the installation. After the reboot KB2901983 was back as before. So I installed it again. After the reboot it did not came back this time.

  13. download-4u said on August 15, 2017 at 1:33 pm
    Reply

    My conclusion – it’s awful – flags up no less than 85 (yes eighty-five) things for the 8 bulletins actually issued today – and that’s when only patches for Windows and Windows Server have come out. I wonder how many more there would be if other products we use like Office or Visual Studio also had patches.

  14. androidfre said on November 27, 2017 at 8:12 pm
    Reply

    It seemed this has worked for me too. I used the download to repair the installation. After the reboot KB2901983 was back as before. So I installed it again. After the reboot it did not came back this time.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.