Free File

Microsoft Security Bulletin Release for November 2014

Microsoft Security Bulletin Release for November 2014

Microsoft released fourteen (14) bulletins*.  Four (4) bulletins are identified as Critical, eight (8) as Important, and two (2) are rated Moderate in severity.

The updates address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). 

Anyone who frequently experiences issues with .NET Framework updates should install those updates separately with a shutdown/restart between other updates.

Critical:

• MS14-064 -- Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
• MS14-065 -- Cumulative Security Update for Internet Explorer (3003057)
• MS14-066 -- Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
• MS14-067 --Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)

Important:

• MS14-069 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
• MS14-070 -- Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
• MS14-071 -- Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
• MS14-072 -- Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
• MS14-073 -- Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
• MS14-074 -- Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
• MS14-076 -- Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
• MS14-077 -- Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381) 

Moderate:

• MS14-078 -- Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
• MS14-079 -- Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)

*Note: MS14-068 and MS14-075 are shown as "Release date to be determined".

Information on non-security update information can be found in KB 894199.

Notes

• MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The updated version includes the Win32/Tofsee and Win32/Zoxpng malware families.  Additional details ave available in the MMPC blog post.
  
  
• Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.
  
  
• Windows 8.1 -- Non-security new features and improvements for Windows 8.1. are now included with the second Tuesday of the month updates.  Additional information is available at August updates for Windows 8.1 and Windows Server 2012 R2.
  
  
• Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.
  

The following additional information is provided in the Security Bulletin:

• The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
• Security solutions for IT professionals: TechNet Security Troubleshooting and Support
• Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
• Local support according to your country: International Support

References

• MSRC: November 2014 Security Updates
• TechNet: Microsoft Security Bulletin for November 2014 

Available link for download