Microsoft Security Bulletins For January 2015

Microsoft has just released security updates for January 2015 for all supported operating systems (Windows Vista to Windows 8.1) and other company products.

The updates are already available on Windows Update and you may want to run a manual check for updates to install them right away.

Below you find information about the January 2015 security bulletins that Microsoft released. It starts with the executive summary which highlights the most important update information.

You also find listed how individual operating system editions are affected by the update, how other Microsoft products are affected, and how to install the updates.

Last but not least, all security and non-security updates are listed as well with links and additional information such as severity or impact.

Executive Summary

1. Microsoft released eight security bulletin this month fixing eight unique vulnerabilities in total.
2. One of the bulletins received the highest severity rating of critical, the others a rating of important.
3. Vulnerabilities affect only client and server operating systems.

Operating System Distribution

All desktop operating systems but Windows RT and RT 8.1 are affected by one bulletin in a critical way.

All server operating systems are also affected by one bulletin in a critical way.

• Windows Vista: 1 critical, 3 important
• Windows 7:  1 critical, 4 important
• Windows 8: 1 critical, 5 important
• Windows 8.1: 1 critical, 5 important
• Windows RT: 4 important
• Windows RT 8.1:  4 important
• Windows Server 2003: 1 critical, 2 important
• Windows Server 2008: 1 critical, 2 important
• Windows Server 2008 R2: 1 critical, 4 important
• Windows Server 2012: 1 critical, 5 important
• Windows Server 2012 R2: 1 critical, 5 important
• Server Core installation: 1 critical, 5 important

Security Bulletins

• MS15-001 - Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266) - Important - Elevation of Privilege
• MS15-002 - Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393) - Critical - Remote Code Execution
• MS15-003 - Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674) - Important - Elevation of Privilege
• MS15-004 - Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421) - Important - Elevation of Privilege
• MS15-005 - Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777) - Important - Security Feature Bypass
• MS15-006 - Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365) - Important - Security Feature Bypass
• MS15-007 - Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029) - Important - Denial of Service
• MS15-008 - Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215) - Important - Elevation of Privileges

Other security related updates

• Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3008925)

Non-security related updates

• Microsoft .NET Framework 4.5.2 for Windows 8, Windows RT, and Windows Server 2012 (KB2901982)
• Microsoft .NET Framework 4.5.2 for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB2901983)
• Microsoft .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2934520)
• Microsoft .NET Framework 4.5.2 Language Packs for Windows 8, Windows RT, and Windows Server 2012 (KB2938103)
• Microsoft .NET Framework 4.5.2 Language Packs for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2938104)
• Windows Malicious Software Removal Tool - January 2015 (KB890830)/Windows Malicious Software Removal Tool - January 2015 (KB890830) - Internet Explorer Version
• Update for Windows 8.1 (KB2997841) - System crashes after you restart or wake up the computer in Windows 8.1 or Windows RT 8.1
• Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
• Update for Windows 7 and Windows Server 2008 R2 (KB3024777) - Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2

How to download and install the January 2015 security updates

All security updates are made available automatically via Microsoft's Windows Update service as well as business and enterprise related update services the company operates.

Most home users should get the patches automatically though. If you have disabled automatic updates you can check for updates manually at any time using Windows Update:

1. Tap on the Windows-key and type Windows Update.
2. Select the result from the results.
3. Click on the check for updates button to run a check.

You can install some or all of the security patches displayed to you by the program.

Other options include visiting Microsoft's Download Center to download individual patches or to download this month's security ISO image containing them all.

Additional information

• Microsoft Security Response Center blog on the 2015 Bulletin Release
• Microsoft Security Bulletin Summary for January 2015
• List of software updates for Microsoft products