Patch Tuesday Wednesday (Dec-2014)

patch-tuesday This month Microsoft have released seven (7) security bulletins of which three (3) have a maximum rating of Critical and four (4) have a maximum rating of Important.

❝ Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange. ❞ [1]

Bulletin KB number Description Impact / Severity Software
MS14-075 3009712 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege Important:
Remote Code Execution
Microsoft Exchange
MS14-080 3008923 Cumulative Security Update for Internet Explorer Critical:
Remote Code Execution
Microsoft Windows, Internet Explorer
MS14-081 3017301 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Office
MS14-082 3017349 Vulnerability in Microsoft Office Could Allow Remote Code Execution Important:
Remote Code Execution
Microsoft Office
MS14-083 3017347 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution Important:
Remote Code Execution
Microsoft Office
MS14-084 3016711 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution Critical:
Remote Code Execution
Microsoft Windows
MS14-085 3013126 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure Important:
Information Disclosure
Microsoft Windows

❝ We re-released two Security Bulletins:
• MS14-065 Cumulative Security Update for Internet Explorer
• MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution

One Security Advisory was revised:
• Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801).❞ [1]

UPDATE:
(2014-Dec-11) MS14-075 has undergone a MAJOR revision due to an issue identified with the Exchange 2010 SP3 version of this update. Microsoft has removed the download of update 2986475 and recommends you hold off any new deployments of 2986475 and uninstall 2986475 if you have already deployed it.

Update 12/10/2014: [4]
An issue has been identified in the Exchange Server 2010 SP3 Update Rollup 8. The update has been recalled and is no longer available on the download center pending a new RU8 release. Customers should not proceed with deployments of this update until the new RU8 version is made available. Customers who have already started deployment of RU8 should rollback this update.
The issue impacts the ability of Outlook to connect to Exchange, thus we are taking the action to recall the RU8 to resolve this problem. We will deliver a revised RU8 package as soon as the issue can be isolated, corrected, and validated. We will publish further updates to this blog post regarding RU8.
This issue only impacts the Exchange Server 2010 SP3 RU8 update, the other updates remain valid and customers can continue with deployment of these packages.

PATCH NOW:
* MS14-080, MS14-084

LINKS:
[1.] December 2014 Updates (2014-Dec-09) [MS: MSRC]
[2.] Microsoft Patch Tuesday – December 2014 (2014-Dec-09) [SANS]
[3.] Microsoft Security Bulletin Summary for December 2014 (2014-Dec-09) [MS]
[4.] Exchange releases: December 2014 (2014-Dec-10) [MS: The Exchange Team]
Advertisements
This entry was posted in microsoft, patch, Patch_Tuesday, security. Bookmark the permalink.

One Response to Patch Tuesday Wednesday (Dec-2014)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s