January Patch Tuesday has kicked off with a bit of contention. Google disclosed two vulnerabilities just days before Microsoft released bulletins resolving the issues. MS15-001 and MS15-003 likely would have been less of a concern if Google had not made the disclosure, but Google’s strict adherence to their 90 day disclosure policy the updates in question have been publicly disclosed raising the risk of exploit.
Other than being publicly disclosed, there are no known issues around MS15-001.
MS15-002, an update for Telnet, is rated as critical, but most customers will not have to worry as the Telnet service is not configured on Vista or later OSs. For Server 2003 the Telnet service is disabled by default. Unless you are running Telnet, this update may not show up as being needed for your environment at all.
MS15-003 has a few issues occurring:
- After applying the update some user settings, file associations, and even icon order have changed. What’s more, you cannot modify these settings as that user.
- Similar to the first issue reported on Windows 8.1, this post was made regarding Windows 7 and added other issues with applications such as OneDrive.
- Another issue that has been circulating is a user who had never logged on to a system that has KB3021674 update applied. In this case an error “User Profile Service Failed the Logon” occurs.
- IT Admins are warning that you may want to hold off on applying this update for now if you can.
No known issues for MS15-004, MS15-005, MS15-006, or MS15-007 at this time.
MS15-008 has one report of an issue where the setup is a non Windows DHCP/DNS server with 2003 DCs. After applying the patch to clients they can no longer obtain a DHCP lease from the server. This seems like a unique situation that not many are likely to encounter.