Tuesday, November 22, 2016

Microsoft Security Bulletin Release for October 2014

Microsoft Security Bulletin Release for October 2014



Microsoft released eight (8) bulletins.  Three (3) bulletins are identified as Critical and five (5) as Important.

The updates address 24 Common Vulnerabilities & Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer (IE). Reminder to those who have problems with .NET updates to install separately with a restart between other updates.

Critical:

  • MS14-056 -- Cumulative Security Update for Internet Explorer (2987107)  
  • MS14-057 -- Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) 
  • MS14-058 -- Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) 

Important:
  • MS14-059 -- Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) 
  • MS14-060 -- Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
  • MS14-061 -- Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) 
  • MS14-062 -- Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) 
  • MS14-063 -- Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)   
Information on non-security update information can be found in KB 894199.

Security Advisories


The following security advisories were released:
  • Update to Improve Credentials Protection and Management (2871997)
  • Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008R (2949927)
  • Update for Microsoft EAP Implementation that Enables the Use of TLS (2977292)
Revised advisories:
  • Security Bulletin MS14-042: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)
  • Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The updated version includes Win32/Hikiti and related families. Additional details ave available in the MMPC blog post.

  • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Upcoming changes are included in the IE Blog.

  • Windows 8.1 -- Non-security new features and improvements for Windows 8.1. are now included with the second Tuesday of the month updates.  Additional information is available at August updates for Windows 8.1 and Windows Server 2012 R2.

  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.


The following additional information is provided in the Security Bulletin:
  • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  • Security solutions for IT professionals: TechNet Security Troubleshooting and Support
  • Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
  • Local support according to your country: International Support

References

  • MSRC: October 2014 Security Updates
  • TechNet: Microsoft Security Bulletin for October 2014 



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Computer security news & information, help, tips, tutorials, and more.
    ©2006 - 2016 "Security Garden" By Corrine

    Available link for download

    Posted by at
    Labels: , , , , , ,