Skip to main content
  1. Home
  2. Computing
  3. News

January Patch Tuesday mends eight important and critical Windows security defects

By

After pushing back on Google for the search giant’s reveal of a major Windows 8.1 security vulnerability before a patch could be issued, Microsoft has delivered on its promise, and ultimately fixed the bug.

As part of a long-established tradition unofficially dubbed Patch Tuesday, this month’s second Tuesday saw no less than eight updates deployed in total to amend glitches rated important or critical. Interestingly, none of these address Internet Explorer defects, which may well be a first for the routine patch program.

Recommended Videos

That could be interpreted as good news by enduring IE fans, suggesting a certain level of stability has been reached at last after years of struggles. Or the exact opposite, with Redmond perhaps ready to throw in the towel and concentrate squarely on Spartan.

Related

Still, no matter how you look at it, eight new Windows vulnerabilities are eight too many. The most serious is a critical issue in the Telnet service affecting systems running Vista, 7, 8 and 8.1, plus Windows Server 2003, 2008 and 2012.

Telnet isn’t enabled by default on Windows Server 2003, and isn’t installed altogether on fresher OS flavors than Vista. But it can be installed and enabled on all the platform iterations listed above, and once that’s done, remote codes are easily executable by resourceful attackers capable of sending “specially crafted packets” to infected Windows servers.

Given the bug’s alarming rating, we assume Microsoft knows of hackers who’ve capitalized on the exploit, so you’d better patch on before it’s too late if you’ve activated Telnet.

Both the glitch Google made public earlier this week, and the one brought to our attention a little while back, are deemed important but not critical by Microsoft. They’re elevation of privilege warnings, and can be put to rest once and for all.

As can another “important” elevation of privilege vulnerability found in Windows Components, a couple of security feature bypass dangers, a denial of service malfunction, and yet another elevation of privilege snag discovered in Windows Kernel-Mode Driver. We’d say all’s well that ends well, but we’re aware many Patch Tuesdays will follow.

Adrian Diaconescu
Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
Topics

Editors’ Recommendations

Windows 11 is creating an ‘undeletable’ 8.63GB cache
The Surface Pro 11 on a white table in front of a window.

The recent Windows 11 24H2 update is reportedly flawed with a new issue where it creates 8.63GB of undeletable update cache. This cache is made during the update process and seems to remain on the system, despite attempts to remove it using traditional methods like Disk Cleanup, Storage Sense, or even manually deleting system folders like Windows.old​.

The issue appears to be linked to checkpoint updates, a new feature in Windows 11 designed to streamline and shrink update sizes by downloading smaller patches rather than full updates.

Read more
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
There’s a scary new way to undo Windows security patches
Windows 11 logo on a laptop.

Security patches for Windows are essential for keeping your PC safe from developing threats. But downgrade attacks are a way of sidestepping Microsoft's patches, and a security researcher set out to show just how fatal these can be.

SafeBreach security researcher Alon Leviev mentioned in a company blog post that they'd created something called the Windows Downdate tool as a proof-of concept. The tool crafts persistent and irreversible downgrades on Windows Server systems and Windows 10 and 11 components.

Read more