Tuesday, November 11, 2014

Microsoft Security Bulletin Release for November 2014


Microsoft released fourteen (14) bulletins*.  Four (4) bulletins are identified as Critical, eight (8) as Important, and two (2) are rated Moderate in severity.

The updates address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). 

Anyone who frequently experiences issues with .NET Framework updates should install those updates separately with a shutdown/restart between other updates.

Critical:
  • MS14-064 -- Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
  • MS14-065 -- Cumulative Security Update for Internet Explorer (3003057)
  • MS14-066 -- Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
  • MS14-067 --Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)

Important:
  • MS14-069 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
  • MS14-070 -- Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
  • MS14-071 -- Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
  • MS14-072 -- Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
  • MS14-073 -- Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
  • MS14-074 -- Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
  • MS14-076 -- Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
  • MS14-077 -- Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381) 

Moderate:
  • MS14-078 -- Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
  • MS14-079 -- Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)

*Note: MS14-068 and MS14-075 are shown as "Release date to be determined".

Information on non-security update information can be found in KB 894199.

Notes



The following additional information is provided in the Security Bulletin:

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    No comments: