Microsoft plugged 15-year old vulnerability in Active Directory on Patch Tuesday

Posted on Wednesday, Feb 11 2015 @ 13:53 CET by Thomas De Maesschalck
Microsoft logo
This month's round of Patch Tuesday from Microsoft includes a whopping 56 fixes for vulnerabilities, bundled into nine separate security bulletins. Three bulletins are rated critical while the other six are marked as important.

The majority of fixes is for Internet Explorer, the company's browser receives 41 patches to fix memory vulnerabilities. The other two critical updates include a patch for a vulnerability in Windows kernel-mode driver and a bug in the Group Policy components of Active Directory that went undetected for 15 years.

This Group Policy vulnerability allows attackers to perform man-in-the-middle attacks, it took Microsoft roughly a year to fix this issue as it was rooted deep into the structure of Active Directory. Microsoft also notes that Windows Server 2003 will not receive an update for this vulnerability, as a patch is deemed "too disruptive", especially given that the company will stop supporting this old OS shortly.

The other six bulletins involve flaws in the Windows operating system, the Microsoft Graphics Component, Virtual Machine Manager and Office. The latter patch fixes an issue that allows an attacker to infect your PC by merely tricking you into opening a document, such as an e-mail, with malicious code embedded inside.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments