What’s New in Azure Guest OS 2.2?

This Azure Guest OS release come two months after the previous (v. 2.1).  Does this release provide minor changes, or does it include patches for substantial security issues?  Let’s dig and find out.

Microsoft announced Windows Azure Guest OS 2.2 (Release 201101-01) which contains 11 specified security patches.  More specifically, this Azure Guest OS is comprised of:

  • Windows Server 2008 R2, plus
  • All security patches through December, 2010, and
  • 2 updates to previous security patches

The 11 specified patches specified in the bulletin fall in to a few vulnerability categories.  9 of the patches were included in December’s Security Bulletin; the 3 marked with ‘*’ are patch updates.  The bulletin IDs, ‘MS10-…’ gives away that they originated in 2010.

Vulnerability Bulletins
Elevation of Privilege MS10-092, MS10-098, MS10-100
Remote Code Execution MS10-077*, MS10-091, MS10-095, MS10-096
Denial of Service MS10-101, MS10-102
IE Cumulative Updates MS10-090*
ASP.NET, Information Disclosure MS10-070*

MS10-070 & MS10-077 were originally released last year in September and October, respectively.  MS10-090 was originally released in December, 2010, but was update in early January, 2011.

Even though most of these were in December’s Security Bulletin, we should take a look at the criticality and exploitability ratings for each (relative to Windows Server 2008 R2 for x64 only; impacts to Itanium-based systems my differ slightly)

Bulletin Severity Rating Exploitability Rating
MS10-090 Critical Consistent Exploit Code Likely
MS10-091 Critical Consistent Exploit Code Likely
MS10-092 Important Consistent Exploit Code Likely
MS10-095 Important Consistent Exploit Code Likely
MS10-096 Important Consistent Exploit Code Likely
MS10-098 Important Consistent Exploit Code Likely
MS10-100 Important Consistent Exploit Code Likely
MS10-101 Important Functioning exploit code unlikely
MS10-102 Important Functioning exploit code unlikely

So, I think it’s safe to assess that this new Azure Guest OS includes some very significant security patches.  Agree? Don’t agree?  Leave a comment for us below.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.