9 Security Bulletins were released – 2 Critical, 7 Important, and 0 Moderate
This Month In Brief
9 Security Bulletins were released – 2 Critical, 7 Important
We have denied KB2982791, KB2976897 and KB2970228 in all patch policies.
All three have caused BSOD on a limited number of machines. KB2982791 and KB2976897 are Security Bulletin MS14-045 (Severity: Important) . They are both kernel-mode driver updates. More information is provided below. KB2970228 is a non-security optional update to support the new currency symbol for the Russian ruble in Windows .
KB2982791 and KB2976897:
Reports started surfacing yesterday that these patches were causing machines to blue screen on reboot. Microsoft has not yet acknowledged the problem. Affected machines appear to be Windows 7 64bit but there also been reports on Windows 2008 R2. The latest reports today seem to back off on implicating KB2976897 so the problems may lie entirely with only KB2982791. However until Microsoft recognizes the problem and provides guidance, we are denying both. Security Bulletin MS14-045 is rated as Important.
We monitor this over the coming weeks. If Microsoft releases an updated version, we will release it during the next patch cycle.
If you have machines that are updated with KB2982791 and KB2976897 through user intervention or Windows Automatic Updates and become unbootable, delete C:\Windows\System32\FNTCACHE.DAT and the system should reboot normally.
For more information see:
“Users find fix for botched KB 2982791 and KB 2970228 Windows update” – http://www.infoworld.com/t/microsoft-windows/users-find-fix-botched-kb-2982791-and-kb-2970228-windows-update-248476
“Blue Screen (Stop 0x50) after applying update KB2982791 to Windows 7 Home Premium 64 bit” – http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/blue-screen-stop-0x50-after-applying-update/6da4d264-02d8-458e-89e2-a78fe68766fd?page=1&tm=1408074004742
MS14-043 and MS14-051 are rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.
No out-of-band updates were released during the last month.
FYI – Internet Explorer begins blocking out-of-date ActiveX controls
Starting September 9th Internet Explorer will block out-of-date ActiveX controls
(http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx)
This feature will provide users with notifications when Web pages try to load the following versions of Java ActiveX controls:
-J2SE 1.4, everything below (but not including) update 43
-J2SE 5.0, everything below (but not including) update 71
-Java SE 6, everything below (but not including) update 81
-Java SE 7, everything below (but not including) update 65
-Java SE 8, everything below (but not including) update 11
Exploitability
- Publically disclosed: None
- Being exploited: MS14-051
- Rated CRITICAL: MS14-043, MS14-051
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
Requires Restart
- Servers: Yes
- Workstations: Yes
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
 |
MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) | (Microsoft Office) The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources. |
|
MS14-051 Cumulative Security Update for Internet Explorer (2976627) | (Internet Explorer) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
IMPORTANT
 |
MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) | (Microsoft SQL Server) The more severe of these vulnerabilities, affecting SQL Server Master Data Services, could allow elevation of privilege if a user visits a specially crafted website that injects a client-side script into the user’s instance of Internet Explorer. |
|
MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615) | (Microsoft Windows) The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. |
|
MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) | (.Net Framework) The vulnerability could allow security feature bypass if a user visits a specially crafted website. |
|
MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) | (Microsoft Windows) The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that takes advantage of the ASLR bypass to run arbitrary code. |
|
MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201) | (Microsoft Office) The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft OneNote. |
|
MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) | (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. |
|
MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) | (Sharepoint Server) An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site. |
