Skip to content

Virtual Administrator’s August 2014 Patch Recommendations

9 Security Bulletins were released – 2 Critical, 7 Important, and 0 Moderate

This Month In Brief

9 Security Bulletins were released – 2 Critical, 7 Important

We have denied KB2982791, KB2976897 and KB2970228 in all patch policies.
All three have caused BSOD on a limited number of machines. KB2982791 and KB2976897 are Security Bulletin MS14-045 (Severity: Important) . They are both kernel-mode driver updates. More information is provided below. KB2970228 is a non-security optional update to support the new currency symbol for the Russian ruble in Windows .

KB2982791 and KB2976897:

Reports started surfacing yesterday that these patches were causing machines to blue screen on reboot. Microsoft has not yet acknowledged the problem. Affected machines appear to be Windows 7 64bit but there also been reports on Windows 2008 R2. The latest reports today seem to back off on implicating KB2976897 so the problems may lie entirely with only KB2982791. However until Microsoft recognizes the problem and provides guidance, we are denying both. Security Bulletin MS14-045 is rated as Important.
We monitor this over the coming weeks. If Microsoft releases an updated version, we will release it during the next patch cycle.

If you have machines that are updated with KB2982791 and KB2976897 through user intervention or Windows Automatic Updates and become unbootable, delete C:\Windows\System32\FNTCACHE.DAT and the system should reboot normally.

For more information see:

“Users find fix for botched KB 2982791 and KB 2970228 Windows update” – http://www.infoworld.com/t/microsoft-windows/users-find-fix-botched-kb-2982791-and-kb-2970228-windows-update-248476

“Blue Screen (Stop 0x50) after applying update KB2982791 to Windows 7 Home Premium 64 bit” – http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/blue-screen-stop-0x50-after-applying-update/6da4d264-02d8-458e-89e2-a78fe68766fd?page=1&tm=1408074004742

MS14-043 and MS14-051 are rated Critical. After your next patch cycle completes you should follow up and make sure this is installed.

No out-of-band updates were released during the last month.

FYIInternet Explorer begins blocking out-of-date ActiveX controls

Starting September 9th Internet Explorer will block out-of-date ActiveX controls
(http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx)
This feature will provide users with notifications when Web pages try to load the following versions of Java ActiveX controls:
-J2SE 1.4, everything below (but not including) update 43
-J2SE 5.0, everything below (but not including) update 71
-Java SE 6, everything below (but not including) update 81
-Java SE 7, everything below (but not including) update 65
-Java SE 8, everything below (but not including) update 11

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) (Microsoft Office) The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources.
Details
KB in Kaseya: KB2978742
Affected Software: Windows 7/8/8.1
Known Issues per MS:
MS14-051 Cumulative Security Update for Internet Explorer (2976627) (Internet Explorer) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2976627
Affected Software: Internet Explorer 6-11
Known Issues per MS: https://support.microsoft.com/kb/2976627

IMPORTANT

MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) (Microsoft SQL Server) The more severe of these vulnerabilities, affecting SQL Server Master Data Services, could allow elevation of privilege if a user visits a specially crafted website that injects a client-side script into the user’s instance of Internet Explorer.
Details
KB in Kaseya: KB2977315, KB2977320, KB2977321, KB2977326
Affected Software: SQL Server 2008/2008R2/2012/2014
Known Issues per MS: https://support.microsoft.com/kb/2984340Known Issues per MS: https://support.microsoft.com/kb/2977315
MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615) (Microsoft Windows) The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2976897, KB2982791
Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT/RT8.1
Known Issues per MS: https://support.microsoft.com/kb/2984615
MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) (.Net Framework) The vulnerability could allow security feature bypass if a user visits a specially crafted website.
Details
KB in Kaseya: KB2937608, KB2937610, KB2943344, KB2943357, KB2966825, KB2966826, KB2966827, KB2966828
Affected Software: .NET Framework 2.0 SP2/3.0 SP2/3.5/3.5.1
Known Issues per MS:
MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) (Microsoft Windows) The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that takes advantage of the ASLR bypass to run arbitrary code.
Details
KB in Kaseya: KB2978668
Affected Software: Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT/RT8.1
Known Issues per MS:
MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201) (Microsoft Office) The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft OneNote.
Details
KB in Kaseya: KB2596857
Affected Software: OneNote 2007
Known Issues per MS:
MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application.
Details
KB in Kaseya: KB2918614
Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT/RT8.1
Known Issues per MS:
MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) (Sharepoint Server) An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.
Details
KB in Kaseya: KB2880994
Affected Software: SharePoint Server 2013
Known Issues per MS: https://support.microsoft.com/kb/2977202
Scroll To Top