The January 2015 edition of Microsoft Patch Tuesday might be more notable for what the monthly release of security bulletins does not contain — there are no fixes for the Microsoft Explorer browser this month.To date, almost every Patch Tuesday has come with a fix for Explorer, which has long been a target for abuse by malicious attackers.All the vulnerabilities the company issued patches for Tuesday — including one marked critical — are instead found in either the desktop or server editions of its Windows operating system.All in all, it’s a pretty low-key month for Patch Tuesday, compared to the dozens of bulletins that the company has sometimes released in months past. Affected editions include the desktop-oriented Vista, Windows 7, Windows 8 and 8.1, and Windows RT, as well as Windows Server 2003, 2008 and 2012.The vulnerability marked as having a critical severity rating, MS15-004, is found in the Telnet protocol, used to provide terminal connections to remote computers. Microsoft typically marks vulnerabilities as critical when they are already being misused by malicious parties to break into systems. Telnet can be installed on all Windows systems, and is frequently used on the server editions, though the company hasn’t enabled it by default for the desktop since Windows Vista.Administrators should also immediately tend to MS15-004, which describes a vulnerability in Windows 8.1 first brought to notice by Google’s Project Zero team on December 29. Google posted details of the vulnerability after waiting for Microsoft to respond, to no avail, for 90 days. Once a vulnerability is public knowledge, it can be abused by attackers.For the first time, Microsoft has declined to send out advance notices about upcoming patches. Historically, the company sent out an advance notice on the Thursday prior to Patch Tuesday, which Microsoft schedules on the second Tuesday each month.Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab’s e-mail address is Joab_Jackson@idg.com Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe