Skip to main content

January Patch Tuesday mends eight important and critical Windows security defects

ads windows 10 lock screen features users wanted added v2
Dragon Images/Shutterstock
After pushing back on Google for the search giant’s reveal of a major Windows 8.1 security vulnerability before a patch could be issued, Microsoft has delivered on its promise, and ultimately fixed the bug.

As part of a long-established tradition unofficially dubbed Patch Tuesday, this month’s second Tuesday saw no less than eight updates deployed in total to amend glitches rated important or critical. Interestingly, none of these address Internet Explorer defects, which may well be a first for the routine patch program.

That could be interpreted as good news by enduring IE fans, suggesting a certain level of stability has been reached at last after years of struggles. Or the exact opposite, with Redmond perhaps ready to throw in the towel and concentrate squarely on Spartan.

Still, no matter how you look at it, eight new Windows vulnerabilities are eight too many. The most serious is a critical issue in the Telnet service affecting systems running Vista, 7, 8 and 8.1, plus Windows Server 2003, 2008 and 2012.

Telnet isn’t enabled by default on Windows Server 2003, and isn’t installed altogether on fresher OS flavors than Vista. But it can be installed and enabled on all the platform iterations listed above, and once that’s done, remote codes are easily executable by resourceful attackers capable of sending “specially crafted packets” to infected Windows servers.

Given the bug’s alarming rating, we assume Microsoft knows of hackers who’ve capitalized on the exploit, so you’d better patch on before it’s too late if you’ve activated Telnet.

Both the glitch Google made public earlier this week, and the one brought to our attention a little while back, are deemed important but not critical by Microsoft. They’re elevation of privilege warnings, and can be put to rest once and for all.

As can another “important” elevation of privilege vulnerability found in Windows Components, a couple of security feature bypass dangers, a denial of service malfunction, and yet another elevation of privilege snag discovered in Windows Kernel-Mode Driver. We’d say all’s well that ends well, but we’re aware many Patch Tuesdays will follow.

Editors' Recommendations

Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
Windows 11 to add A.I. auto framing, eye contact in video calls
Person sitting and using a Windows Surface computer with Windows 11.

Coming soon to Windows 11 are some features powered by A.I. that can help make you better connected with the folks on the other end of your Teams calls. Also in the works are added security features, to protect against malware and phishing.

Announced by Panos Panay, the first set of features includes voice clarity, automatic framing, portrait background blur, and eye contact for meetings on Windows 11. Some features might be hardware-dependent, and Panay didn't get into the specifics or give a release date. He instead mentioned that "we want to make that [meeting] experience feel more personal and more human."

Read more
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more
Microsoft Edge’s latest feature keeps you even more secure when browsing
microsoft edge chromium to roll out automatically soon chrome

The latest version of Microsoft Edge has a new hidden feature to keep you secure when browsing online. Known as "Super Duper Secure Mode," the feature improves the performance of websites and disables a browser engine commonly abused by hackers.

According to Microsoft, Super Duper Secure Mode works in two ways, balanced and strict. Balanced will learn what websites you use and trust them to use Just in Time Engine (JIT), which speeds up tasks in JavaScript. Strict, meanwhile, can break some websites, but will disable the Just in Time Engine for better security. Edge users can also add their own exceptions as they see fit.

Read more