What’s New in Azure Guest OS 2.2?

This Azure Guest OS release come two months after the previous (v. 2.1).  Does this release provide minor changes, or does it include patches for substantial security issues?  Let’s dig and find out.

Microsoft announced Windows Azure Guest OS 2.2 (Release 201101-01) which contains 11 specified security patches.  More specifically, this Azure Guest OS is comprised of:

  • Windows Server 2008 R2, plus
  • All security patches through December, 2010, and
  • 2 updates to previous security patches

The 11 specified patches specified in the bulletin fall in to a few vulnerability categories.  9 of the patches were included in December’s Security Bulletin; the 3 marked with ‘*’ are patch updates.  The bulletin IDs, ‘MS10-…’ gives away that they originated in 2010.

VulnerabilityBulletins
Elevation of PrivilegeMS10-092, MS10-098, MS10-100
Remote Code ExecutionMS10-077*, MS10-091, MS10-095, MS10-096
Denial of ServiceMS10-101, MS10-102
IE Cumulative UpdatesMS10-090*
ASP.NET, Information DisclosureMS10-070*

MS10-070 & MS10-077 were originally released last year in September and October, respectively.  MS10-090 was originally released in December, 2010, but was update in early January, 2011.

Even though most of these were in December’s Security Bulletin, we should take a look at the criticality and exploitability ratings for each (relative to Windows Server 2008 R2 for x64 only; impacts to Itanium-based systems my differ slightly)

BulletinSeverity RatingExploitability Rating
MS10-090CriticalConsistent Exploit Code Likely
MS10-091CriticalConsistent Exploit Code Likely
MS10-092ImportantConsistent Exploit Code Likely
MS10-095ImportantConsistent Exploit Code Likely
MS10-096ImportantConsistent Exploit Code Likely
MS10-098ImportantConsistent Exploit Code Likely
MS10-100ImportantConsistent Exploit Code Likely
MS10-101ImportantFunctioning exploit code unlikely
MS10-102ImportantFunctioning exploit code unlikely

So, I think it’s safe to assess that this new Azure Guest OS includes some very significant security patches.  Agree? Don’t agree?  Leave a comment for us below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.