Microsoft began the new year by releasing just three security bulletins to correct three vulnerabilities, one of the lowest patch updates recorded.
Technically, Microsoft's security site lists four bulletins, but MS17-003 is a repackaged update from Adobe to close an exploit in the Adobe Flash Player; Microsoft supplies the update as a convenience for its users. The January Patch Tuesday updates were unusual for both the low number of bulletins and the low number of vulnerabilities -- just one vulnerability in each bulletin.
For Windows Server administrators who manage Windows Server 2008 or Windows Server 2008 R2 systems, the bulletin of particular concern is MS17-004. This bulletin -- rated important by Microsoft -- details the exploit in the Local Security Authority Subsystem Service (LSASS), which handles authentication requests. An attacker can target a vulnerability to execute a denial of service on LSASS to disrupt the system. The exploit also affects Windows Vista, Windows 7 and Server Core installations of Windows Server 2008 and 2008 R2.
"Remote attackers and unauthenticated attackers -- so, an attacker who doesn't have any credentials on the box or anything like that -- [can] send a special request, a special authentication request, to the server, which would cause the server to reboot," said Amol Sarwate, director of vulnerability labs for Qualys Inc., in Redwood City, Calif. The vulnerability is not marked as critical because the remote attacker cannot take complete control of the system, he said.
A new site for security bulletins
In addition to the servicing model change that started in October 2016, Microsoft will unveil further changes related to patches through its new security portal.
The Security Updates Guide will present bulletins in a more database-friendly format, rather than the traditional long-form presentation the company has used for the last several years. Administrators will be able to filter products in a more digestible format -- for example, to see what bulletins are available for the Windows Server operating system.
"The online portal is geared toward searching for something specific, where you can easily get the information you want, rather than scrolling by mouse through a big document," Sarwate said. "It's not going to increase or decrease vulnerabilities; it's just a different way of reading them."
This new site, currently in preview mode, will replace the existing security bulletin site with the February Patch Tuesday updates.
For more information about the security bulletins for January Patch Tuesday, visit Microsoft's Security TechCenter site.
Key security features in Windows Server 2016
Perform vulnerability scans to close security gaps
How administrators can streamline server patching