Patch Tuesday Wednesday (Nov-2014)

patch-tuesday This month Microsoft have released fourteen (14) security bulletins of which four (4) have a maximum rating of Critical, nine (9) have a maximum rating of Important and two (2) rated Moderate.

❝ Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). ❞ [1]

Bulletin KB number Description Impact / Severity Software
MS14-064 3011443 Vulnerabilities in Windows OLE Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS14-065 3003057 Cumulative Security Update for Internet Explorer Critical:
Remote Code Execution
Microsoft Windows, Internet Explorer
MS14-066 2992611 Vulnerability in Schannel Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS14-067 2993958 Vulnerability in XML Core Services Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS14-068 Release date to be determined
MS14-069 3009710 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Important:
Remote Code Execution
Microsoft Office
MS14-070 2989935 Vulnerability in TCP/IP Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows
MS14-071 3005607 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft windows
MS14-072 3005210 Vulnerability in .NET Framework Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Windows, Microsoft .NET Framework
MS14-073 3000431 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege Important:
Elevation of Privilege
Microsoft Server Software
MS14-074 3003743 Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft windows
MS14-075 Release date to be determined
MS14-076 2982998 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass Important:
Security Feature Bypass
Microsoft Windows
MS14-077 3003381 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure Important:
Information Disclosure
Microsoft Windows
MS14-078 2992719 Vulnerability in IME (Japanese) Could Allow Elevation of Privilege Moderate:
Elevation of Privilege
Microsoft Windows, Microsoft Office
MS14-079 3002885 Vulnerability in Kernel Mode Driver Could Allow Denial of Service Moderate:
Denial of Service
Microsoft Windows

PATCH NOW:
* MS14-064, MS14-070, MS14-078

Advertisements
This entry was posted in microsoft, patch, Patch_Tuesday, security. Bookmark the permalink.

2 Responses to Patch Tuesday Wednesday (Nov-2014)

  1. As expected, the VPN issue is tied to the MS14-066 SCHANNEL vulnerability;
    “Microsoft has issued a warning in the knowledge base article for the MS14-066 update released this past week. The company has provided a workaround, but is not recommending that users avoid the update or uninstall it. … In addition to the security updates, the MS14-066 update includes some new features: four ciphers for TLS. These ciphers are somehow the cause of the problem. To work around the problem, delete the four new ciphers …”
    http://www.zdnet.com/microsoft-warns-of-problems-with-schannel-security-update-7000035835/

  2. MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014
    “Known issues with this security update
    Some customers have reported an issue that is related to the changes in this release. These changes added the following new cipher suites to Windows Server 2008 R2 and Windows Server 2012. In order to give customers more control over whether these cipher suites are used in the short term, we are removing them from the default cipher suite priority list in the registry.
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256 ”
    https://support.microsoft.com/kb/2992611

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s