14 Security Bulletins were released – 4 Critical, 8 Important, and 2 Moderate
This Month In Brief
14 Security Bulletins were released – 4 Critical, 8 Important, 2 Moderate
“The Good, the Bad and the Ugly”
Good – No major problems with this month’s patch releases.
Bad – There are 14 of them.
Ugly – MS14-066 is an extremely dangerous vulnerability!
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
MS14-064, MS14-065, MS14-066 and MS14-067 are rated Critical. After your next patch cycle completes you should follow up and make sure MS14-066 is installed. MS14-066 requires a reboot. The other three Critical patches should also be followed up on but MS14-066 is the biggest concern. MS14-065 affect all version if Internet Explorer.
No out-of-band updates were released during the last month.
MS14-066 is an extremely dangerous vulnerability
“How bad is the SCHANNEL vulnerability (CVE-2014-6321) patched in MS14-066?”
https://isc.sans.edu/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066/18947
“Drop what you’re doing and patch the Windows Schannel bugs now”
http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/
Noteworthy – Both MS14-068 and MS14-075 are posted with “Release date to be determined”
Microsoft Security Bulletin Summary for November 2014
https://technet.microsoft.com/library/security/ms14-nov
“The reason for this is that two of the scheduled security bulletins have slipped out of the November bulletin release due to a quality issue found in testing early this week. The bulletins that have slipped out of the November bulletin release are being fixed and will be released once they meet quality standards sufficient for broad public distribution. There is no specific ETA for release of these bulletins at this time.”
Exploitability
- Publically disclosed: None
- Being exploited: MS14-064, MS14-078
- Rated CRITICAL: MS14-064, MS14-065, MS14-066, MS14-067
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
Requires Restart
- Servers: Yes
- Workstations: Yes
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
 |
MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443) | (Microsoft Windows) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS14-065 Cumulative Security Update for Internet Explorer (3003057) | (Internet Explorer) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution (2992611) | (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. |
|
MS14-067 Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958) | (Microsoft Windows) The vulnerability could allow remote code execution if a logged-on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer. |
IMPORTANT
 |
MS14-069 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710) | (Microsoft Office) The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office 2007. |
|
MS14-070 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935) | (Microsoft Windows) This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. |
|
MS14-071 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607) | (Microsoft Windows) The vulnerability could allow elevation of privilege if an application uses the Microsoft Windows Audio service. |
|
MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210) | (.NET Framework) The vulnerability could allow elevation of privilege if an attacker sends specially crafted data to an affected workstation or server that uses .NET Remoting. |
|
MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431) | ( Microsoft Server Software) An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site. |
|
MS14-074 Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743) | (Microsoft Windows) The vulnerability could allow security feature bypass when Remote Desktop Protocol (RDP) fails to properly log audit events. |
|
MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998) | (Microsoft IIS) Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources. |
|
MS14-077 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381) | (Active Directory Federated Services) The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application, and an attacker reopens the application in the browser immediately after the user has logged off. |
MODERATE
 |
MS14-078 Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719) | (Microsoft Windows) The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed. |
|
MS14-079 Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885) | (Microsoft Windows) The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a network share and a user subsequently navigates there in Windows Explorer. |
