This content is part of the Essential Guide: Catch up on the Windows Server patches of 2017

Microsoft rings in new year with light January Patch Tuesday

Microsoft starts 2017 with just three bulletins, but administrators who manage Windows Server 2008 and 2008 R2 should pay close attention to one exploit.

Microsoft began the new year by releasing just three security bulletins to correct three vulnerabilities, one of the lowest patch updates recorded.

Technically, Microsoft's security site lists four bulletins, but MS17-003 is a repackaged update from Adobe to close an exploit in the Adobe Flash Player; Microsoft supplies the update as a convenience for its users. The January Patch Tuesday updates were unusual for both the low number of bulletins and the low number of vulnerabilities -- just one vulnerability in each bulletin.

For Windows Server administrators who manage Windows Server 2008 or Windows Server 2008 R2 systems, the bulletin of particular concern is MS17-004. This bulletin -- rated important by Microsoft -- details the exploit in the Local Security Authority Subsystem Service (LSASS), which handles authentication requests. An attacker can target a vulnerability to execute a denial of service on LSASS to disrupt the system. The exploit also affects Windows Vista, Windows 7 and Server Core installations of Windows Server 2008 and 2008 R2.

"Remote attackers and unauthenticated attackers -- so, an attacker who doesn't have any credentials on the box or anything like that -- [can] send a special request, a special authentication request, to the server, which would cause the server to reboot," said Amol Sarwate, director of vulnerability labs for Qualys Inc., in Redwood City, Calif. The vulnerability is not marked as critical because the remote attacker cannot take complete control of the system, he said.

A new site for security bulletins

In addition to the servicing model change that started in October 2016, Microsoft will unveil further changes related to patches through its new security portal.

The Security Updates Guide will present bulletins in a more database-friendly format, rather than the traditional long-form presentation the company has used for the last several years. Administrators will be able to filter products in a more digestible format -- for example, to see what bulletins are available for the Windows Server operating system.

"The online portal is geared toward searching for something specific, where you can easily get the information you want, rather than scrolling by mouse through a big document," Sarwate said. "It's not going to increase or decrease vulnerabilities; it's just a different way of reading them."

This new site, currently in preview mode, will replace the existing security bulletin site with the February Patch Tuesday updates.

For more information about the security bulletins for January Patch Tuesday, visit Microsoft's Security TechCenter site.

Tom Walat is the site editor for SearchWindowsServer. Write to him at [email protected] or follow him @TomWalatTT on Twitter.

Next Steps

Key security features in Windows Server 2016

Perform vulnerability scans to close security gaps

How administrators can streamline server patching

Dig Deeper on Windows Server troubleshooting