Amazing to note Telnet vulnerability Patch Tuesday

Microsoft has a Telnet  vulnerability which has a critical remote code execution. (MS15-002)

https://technet.microsoft.com/library/security/ms15-jan

This is true:  “Only customers who enable telnet on Windows 2003 are affected (it is installed but not enabled).

and Telnet is not installed on Vista or later operating systems

But if you did enable (or install and enable) it has a remote code execution vulnerability.

There are also 7 other vulnerabilities, just not as critical released today.

The vulnerabilities that remain are either elevation of privilege , Denial of service, or Security feature bypass.

 

The Internet Storm Center also discussed the patches by Microsoft: https://isc.sans.edu/

patchtuesdaytelnet

 

Qualys Blog post on patch Tuesday:

https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/13/patch-tuesday-january-2015

Adobe flash update APSB15-01 has nine vulnerabilities. And hopefully your Internet Explorer 10 and 11 are updated automatically.

They briefly discuss the tiff between Microsoft and Google’s bug disclosure policies.

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.