January 2015 Patch Day Round-Up

110931386-300x199January Patch Tuesday has kicked off with a bit of contention.  Google disclosed two vulnerabilities just days before Microsoft released bulletins resolving the issues.  MS15-001 and MS15-003 likely would have been less of a concern if Google had not made the disclosure, but Google’s strict adherence to their 90 day disclosure policy the updates in question have been publicly disclosed raising the risk of exploit.

Other than being publicly disclosed, there are no known issues around MS15-001.

MS15-002, an update for Telnet, is rated as critical, but most customers will not have to worry as the Telnet service is not configured on Vista or later OSs.  For Server 2003 the Telnet service is disabled by default.  Unless you are running Telnet, this update may not show up as being needed for your environment at all.

MS15-003 has a few issues occurring:

No known issues for MS15-004, MS15-005, MS15-006, or MS15-007 at this time.

MS15-008 has one report of an issue where the setup is a non Windows DHCP/DNS server with 2003 DCs.  After applying the patch to clients they can no longer obtain a DHCP lease from the server.  This seems like a unique situation that not many are likely to encounter.