Skip to content

Virtual Administrator’s November 2014 Patch Recommendations

14 Security Bulletins were released – 4 Critical, 8 Important, and 2 Moderate

This Month In Brief

14 Security Bulletins were released – 4 Critical, 8 Important, 2 Moderate

“The Good, the Bad and the Ugly”

Good – No major problems with this month’s patch releases.
Bad – There are 14 of them.
Ugly – MS14-066 is an extremely dangerous vulnerability!

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS14-064, MS14-065, MS14-066 and MS14-067 are rated Critical. After your next patch cycle completes you should follow up and make sure MS14-066 is installed. MS14-066 requires a reboot. The other three Critical patches should also be followed up on but MS14-066 is the biggest concern. MS14-065 affect all version if Internet Explorer.

No out-of-band updates were released during the last month.

MS14-066 is an extremely dangerous vulnerability

“How bad is the SCHANNEL vulnerability (CVE-2014-6321) patched in MS14-066?”
https://isc.sans.edu/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066/18947

“Drop what you’re doing and patch the Windows Schannel bugs now”
http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/

Noteworthy – Both MS14-068 and MS14-075 are posted with “Release date to be determined”

Microsoft Security Bulletin Summary for November 2014
https://technet.microsoft.com/library/security/ms14-nov

“The reason for this is that two of the scheduled security bulletins have slipped out of the November bulletin release due to a quality issue found in testing early this week. The bulletins that have slipped out of the November bulletin release are being fixed and will be released once they meet quality standards sufficient for broad public distribution. There is no specific ETA for release of these bulletins at this time.”

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443) (Microsoft Windows) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB3006226, KB3010788
Affected Software: Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS: https://support.microsoft.com/kb/3011443
MS14-065 Cumulative Security Update for Internet Explorer (3003057) (Internet Explorer) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB3003057
Affected Software: IIS 5.0, Internet Explorer 6-11
Known Issues per MS: https://support.microsoft.com/kb/3003057
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution (2992611) (Microsoft Windows) The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.
Details
KB in Kaseya: KB2992611
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS14-067 Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958) (Microsoft Windows) The vulnerability could allow remote code execution if a logged-on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer.
Details
KB in Kaseya: KB2993958
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:

IMPORTANT

MS14-069 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710) (Microsoft Office) The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office 2007.
Details
KB in Kaseya: KB2899526, KB2899527, KB2899553
Affected Software: Office 2007, Word Viewer
Known Issues per MS: https://support.microsoft.com/kb/3009710
MS14-070 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935) (Microsoft Windows) This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Details
KB in Kaseya: KB2989935
Affected Software: Server 2003
Known Issues per MS:
MS14-071 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607) (Microsoft Windows) The vulnerability could allow elevation of privilege if an application uses the Microsoft Windows Audio service.
Details
KB in Kaseya: KB3005607
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210) (.NET Framework) The vulnerability could allow elevation of privilege if an attacker sends specially crafted data to an affected workstation or server that uses .NET Remoting.
Details
KB in Kaseya: KB2978114, KB2978116, KB2978120, KB2978121, KB2978122, KB2978124, KB2978125, KB2978126, KB2978127, KB2978128
Affected Software: .NET Framework 1.1sp1, 2.0sp2, 3.5/3.51, 4/4.5/4.5.1/4.5.2
Known Issues per MS:
MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431) ( Microsoft Server Software) An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.
Details
KB in Kaseya: KB2889838
Affected Software: SharePoint Server 2010
Known Issues per MS: https://support.microsoft.com/kb/3000431
MS14-074 Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743) (Microsoft Windows) The vulnerability could allow security feature bypass when Remote Desktop Protocol (RDP) fails to properly log audit events.
Details
KB in Kaseya: KB3003743
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998) (Microsoft IIS) Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources.
Details
KB in Kaseya: KB2982998
Affected Software: Windows 8/8.1, Server 2012/2012R2
Known Issues per MS:
MS14-077 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381) (Active Directory Federated Services) The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application, and an attacker reopens the application in the browser immediately after the user has logged off.
Details
KB in Kaseya: KB3003381
Affected Software: Server 2008/2008R2/2012/2012R2
Known Issues per MS:

MODERATE

MS14-078 Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719) (Microsoft Windows) The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed.
Details
KB in Kaseya: KB2889913, KB2991963
Affected Software: Vista, Windows 7, Server 2003, Server 2008/2008R2, Office 2007
Known Issues per MS: https://support.microsoft.com/kb/2992719
MS14-079 Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885) (Microsoft Windows) The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a network share and a user subsequently navigates there in Windows Explorer.
Details
KB in Kaseya: KB3002885
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
Scroll To Top