Out-of-band release for Security Bulletin MS14-068

Security Bulletins / Advisories No Comments »
On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

More information about this bulletin can be found at Microsoft’s Bulletin Summary page.

Tracey Pretorius, Director Response Communications

http://blogs.technet.com/b/msrc/archive/2014/11/18/out-of-band-release-for-security-bulletin-ms14-068.aspx

Microsoft Security Bulletin Releases Issued: November 18, 2014

Security Bulletins / Advisories No Comments »
Summary
The following bulletin has been released.

* MS14-068 – Critical

The following bulletins have undergone a major revision increment.

* MS14-066 – Critical
* MS14-NOV

Bulletin Information:

MS14-068 – Critical

https://technet.microsoft.com/library/security/ms14-068
– Reason for Revision: V1.0 (November 18, 2014): Bulletin
published.
– Originally posted: November 18, 2014
– Updated: November 18, 2014
– Bulletin Severity Rating: Critical
– Version: 1.0

MS14-066 – Critical

https://technet.microsoft.com/library/security/ms14-066
– Reason for Revision: V2.0 (November 18, 2014): Bulletin revised
to announce the reoffering of the 2992611 update to systems
running Windows Server 2008 R2 and Windows Server 2012. The
reoffering addresses known issues that a small number of
customers experienced with the new TLS cipher suites that were
included in the original release. Customers running Windows
Server 2008 R2 or Windows Server 2012 who installed the 2992611
update prior to the November 18 reoffering should reapply the
update. See Microsoft Knowledge Base Article 2992611 for more
information.
– Originally posted: November 11, 2014
– Updated: November 18, 2014
– Bulletin Severity Rating: Critical
– Version: 2.0

MS14-NOV

https://technet.microsoft.com/library/security/ms14-nov
– Reason for Revision: V2.0 (November 18, 2014): Bulletin Summary
revised to document the out-of-band release of MS14-068 and,
for MS14-066, to announce the reoffering of the 2992611 update
to systems running Windows Server 2008 R2 and Windows Server
2012. See the respective bulletins for more information.
– Originally posted: November 11, 2014
– Updated: November 18, 2014
– Version: 2.0

Microsoft Security Advisory Notification Issued: November 11, 2014

Security Bulletins / Advisories No Comments »
Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
– »technet.microsoft.com/library/se···/2755801
– Revision Note: V31.0 (November 11, 2014): Added the 3004150
update to the Current Update section.

* Microsoft Security Advisory (3010060)
– Title: Vulnerability in Microsoft OLE Could Allow Remote
Code Execution
– »technet.microsoft.com/library/se···/3010060
– Revision Note: V2.0 (November 11, 2014): Advisory updated to
reflect publication of security bulletin.

Microsoft Security Bulletin(s) for November 11, 2014

Security Bulletins / Advisories No Comments »
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/library/se···ms14-nov

Critical (4)

Microsoft Security Bulletin MS14-064
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
»technet.microsoft.com/library/se···ms14-064

Microsoft Security Bulletin MS14-065
Cumulative Security Update for Internet Explorer (3003057)
»technet.microsoft.com/library/se···ms14-065

Microsoft Security Bulletin MS14-066
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
»technet.microsoft.com/library/se···ms14-066

Microsoft Security Bulletin MS14-067
Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
»technet.microsoft.com/library/se···ms14-067

Important (8)

Microsoft Security Bulletin MS14-069
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
»technet.microsoft.com/library/se···ms14-069

Microsoft Security Bulletin MS14-070
Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
»technet.microsoft.com/library/se···ms14-070

Microsoft Security Bulletin MS14-071
Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
»technet.microsoft.com/library/se···ms14-071

Microsoft Security Bulletin MS14-072
Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
»technet.microsoft.com/library/se···ms14-072

Microsoft Security Bulletin MS14-073
Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
»technet.microsoft.com/library/se···ms14-073

Microsoft Security Bulletin MS14-074
Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
»technet.microsoft.com/library/se···ms14-074

Microsoft Security Bulletin MS14-076
Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
»technet.microsoft.com/library/se···ms14-076

Microsoft Security Bulletin MS14-077
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
»technet.microsoft.com/library/se···ms14-077

Moderate (2)

Microsoft Security Bulletin MS14-078
Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
»technet.microsoft.com/library/se···ms14-078

Microsoft Security Bulletin MS14-079
Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)
»technet.microsoft.com/library/se···ms14-079

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website – visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Microsoft Security Bulletin Advance Notification – November 6, 2014

Security Bulletins / Advisories Comments Off
This is an advance notification of 16 security bulletins that Microsoft is intending to release on November 11, 2014.

5 rated as Critical
9 rated as Important
2 rated as Moderate

»technet.microsoft.com/library/se···ms14-nov

Microsoft Security Advisory Notification Issued: October 29, 2014

Security Bulletins / Advisories Comments Off
Security Advisories Updated or Released Today

* Microsoft Security Advisory (3009008)
– Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
– »technet.microsoft.com/library/se···/3009008
– Revision Note: V2.0 (October 29, 2014): Revised advisory to
announce the deprecation of SSL 3.0, to clarify the workaround
instructions for disabling SSL 3.0 on Windows servers and on
Windows clients, and to announce the availability of a Microsoft
Fix it solution for Internet Explorer. For more information see
Knowledge Base Article 3009008.

Microsoft Security Advisory Notification Issued: October 21, 2014

Security Bulletins / Advisories Comments Off
Security Advisories Updated or Released Today

* Microsoft Security Advisory (3010060)
– Title: Vulnerability in Microsoft OLE Could Allow Remote Code
Execution
– »technet.microsoft.com/library/se···/3010060
– Revision Note: V1.0 (October 21, 2014): Advisory published.

Microsoft Security Advisory Notification Issued: October 17, 2014

Security Bulletins / Advisories Comments Off
Security Advisories Updated or Released Today

* Microsoft Security Advisory (2949927)
– Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
– »technet.microsoft.com/library/se···/2949927
– Revision Note: V2.0 (October 17, 2014): Removed Download Center
links for Microsoft security update 2949927. Microsoft recommends
that customers experiencing issues uninstall this update.
Microsoft is investigating behavior associated with this update,
and will update the advisory when more information becomes
available.

Microsoft Security Advisory Notification Issued: October 15, 2014

Security Bulletins / Advisories Comments Off
Security Advisories Updated or Released Today

* Microsoft Security Advisory (3009008)
– Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
– »technet.microsoft.com/library/se···/3009008
– Revision Note: V1.1 (October 15, 2014): Advisory revised to
include a workaround for disabling the SSL 3.0 protocol in
Windows.

Microsoft Security Advisory Notification Issued: October 14, 2014

Security Bulletins / Advisories Comments Off
Security Advisories Updated or Released Today
* Microsoft Security Advisory (3009008)
– Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
– »technet.microsoft.com/library/se···/3009008
– Revision Note: V1.0 (October 14, 2014): Advisory published.

© 2014 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in