Microsoft Security Bulletin & Bulletin Summary Minor Revisions Issued: December 19, 2014

Security Bulletins / Advisories No Comments »
Summary

The following bulletins and bulletin summary have undergone a minor
revision increment.

Please see the appropriate bulletin or bulletin summary for more
details.

* MS14-051 – Critical
* MS14-052 – Critical
* MS14-076 – Important
* MS14-AUG
* MS14-NOV

Bulletin Information:

MS14-051 – Critical

– Title: Cumulative Security Update for Internet Explorer
https://technet.microsoft.com/library/security/ms14-051
– Reason for Revision: V1.2 (December 19, 2014): Corrected the
severity table and vulnerability information to add CVE-2014-6354
as a vulnerability addressed by this update. This is an
informational change only. Customers who have already
successfully installed the update do not have to take any action.
– Originally posted: August 12, 2014
– Updated: December 19, 2014
– Bulletin Severity Rating: Critical
– Version: 1.2

MS14-052 – Critical

– Title: Cumulative Security Update for Internet Explorer
https://technet.microsoft.com/library/security/ms14-052
– Reason for Revision: V1.1 (December 19, 2014): Revised bulletin
to change Known Issues entry in the Knowledge Base Article section
from “None” to “Yes”. Corrected mitigations and workarounds for
the Internet Explorer Resource Information Disclosure
Vulnerability (CVE-2013-7331).
– Originally posted: September 9, 2014
– Updated: December 19, 2014
– Bulletin Severity Rating: Critical
– Version: 1.1

MS14-076 – Important

– Title: Vulnerability in Internet Information Services (IIS) Could
Allow Security Feature Bypass
https://technet.microsoft.com/library/security/ms14-076
– Reason for Revision: V1.1 (December 19, 2014): Bulletin revised
to include Windows 2012 Server Core installation and Windows 2012
R2 Server Core installation as affected software.
– Originally posted: November 11, 2014
– Updated: December 19, 2014
– Bulletin Severity Rating: Important
– Version: 1.1
Bulletin Summary Information:

MS14-AUG

– Title: Microsoft Security Bulletin Summary for August 2014
https://technet.microsoft.com/en-us/library/security/ms14-aug
– Reason for Revision: V2.2 (December 19, 2014): For MS14-051,
added an Exploitability Assessment in the Exploitability Index for
CVE-2014-6354. This is an informational change only.
– Originally posted: August 12, 2014
– Updated: December 19, 2014
– Version: 2.2

MS14-NOV

– Title: Microsoft Security Bulletin Summary for November 2014
https://technet.microsoft.com/library/security/ms14-nov
– Reason for Revision: V2.1 (December 19, 2014): Bulletin Summary
revised to include Windows 2012 Server Core installation and
Windows 2012 R2 Server Core installation in the Affected
Software table for MS14-076.
– Originally posted: November 11, 2014
– Updated: December 19, 2014
– Version: 2.1

Microsoft Security Bulletin Releases Issued: December 12, 2014

Security Bulletins / Advisories No Comments »
Summary

The following bulletins have undergone a major revision increment.

* MS14-075 – Important


Bulletin Information:

MS14-075 – Important

– Title: Vulnerabilities in Microsoft Exchange Server Could Allow
Elevation of Privilege
https://technet.microsoft.com/library/security/ms14-075
– Reason for Revision: V3.0 (December 12, 2014): Rereleased
bulletin to announce the reoffering of Microsoft security update
2986475 for Microsoft Exchange Server 2010 Service Pack 3. The
rereleased update addresses a known issue in the original
offering. Customers who uninstalled the original update should
install the updated version of 2986475 at the earliest
opportunity.
– Originally posted: December 9, 2014
– Updated: December 12, 2014
– Bulletin Severity Rating: Important
– Version: 3.0

Microsoft Security Bulletin Releases Issued: December 10, 2014

Security Bulletins / Advisories No Comments »
Summary

The following bulletins have undergone a major revision increment.

* MS14-075 – Important

Bulletin Information:

MS14-075 – Important

– Title: Vulnerabilities in Microsoft Exchange Server Could Allow
Elevation of Privilege
https://technet.microsoft.com/library/security/ms14-075
– Reason for Revision: V2.0 (December 10, 2014): Revised bulletin
to remove Download Center link for Microsoft security update
2986475 for Microsoft Exchange Server 2010 Service Pack 3 to
address a known issue with the update. Microsoft is working
to address the issue, and will update this bulletin when more
information becomes available. Microsoft has removed update
2986475 and recommends that customers uninstall update 2986475
if they have already installed it.
– Originally posted: December 9, 2014
– Updated: December 10, 2014
– Bulletin Severity Rating: Important
– Version: 2.0

Microsoft Security Bulletin Minor Revisions Issued: December 10, 2014

Security Bulletins / Advisories No Comments »
Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-057 – Critical

Bulletin Information:

MS14-057 – Critical

– Title: Vulnerabilities in .NET Framework Could Allow Remote Code
Execution
– »technet.microsoft.com/library/se···ms14-057
– Reason for Revision: V1.1 (December 10, 2014): Bulletin revised
to correct update replacement entries for Microsoft .NET
Framework 4.5/4.5.1/4.5.2 (update 2972107).
– Originally posted: October 14, 2014
– Updated: December 10, 2014
– Bulletin Severity Rating: Critical
– Version: 1.1

Microsoft Security Bulletin Releases Issued: December 9, 2014

Security Bulletins / Advisories No Comments »
Summary

The following bulletins have undergone a major revision increment.

* MS14-065 – Critical
* MS14-066 – Critical

Bulletin Information:

MS14-065 – Critical

– Title: Cumulative Security Update for Internet Explorer
– »technet.microsoft.com/library/se···ms14-065
– Reason for Revision: V2.0 (December 9, 2014): To address issues
with Security Update 3003057, Microsoft re-released MS14-065 to
comprehensively address CVE-2014-6353. Customers running
Internet Explorer 8 on Windows 7 or Windows Server 2008, or
Internet Explorer 10 should either install the newly offered
update or install the December Internet Explorer Cumulative
Update (3008923). See Microsoft Knowledge Base Article 3003057
for more information.
– Originally posted: November 11, 2014
– Updated: December 9, 2014
– Bulletin Severity Rating: Critical
– Version: 2.0

MS14-066 – Critical

– Title: Vulnerability in Schannel Could Allow Remote Code
Execution
– »technet.microsoft.com/library/se···ms14-066
– Reason for Revision: V3.0 (December 9, 2014): Bulletin revised to
announce the reoffering of the 2992611 update to systems running
Windows Vista and Windows Server 2008. The reoffering addresses
an issue in the original release. Customers running Windows Vista
or Windows Server 2008 who installed the 2992611 update prior to
the December 9 reoffering should reapply the update. See
Microsoft Knowledge Base Article 2992611 for more information.
– Originally posted: November 11, 2014
– Updated: December 9, 2014
– Bulletin Severity Rating: Critical
– Version: 3.0

Microsoft Security Bulletin(s) for December 9, 2014

Security Bulletins / Advisories No Comments »


Note: There may be latency issues due to replication, if the page does not display keep refreshingToday Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/library/se···ms14-dec

Critical (3)

Microsoft Security Bulletin MS14-080
Cumulative Security Update for Internet Explorer (3008923)
»technet.microsoft.com/library/se···ms14-080

Microsoft Security Bulletin MS14-081
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
»technet.microsoft.com/library/se···ms14-081

Microsoft Security Bulletin MS14-084
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
»technet.microsoft.com/library/se···ms14-084

Important (4)

Microsoft Security Bulletin MS14-075
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
»technet.microsoft.com/library/se···ms14-075

Microsoft Security Bulletin MS14-082
Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
»technet.microsoft.com/library/se···ms14-082

Microsoft Security Bulletin MS14-083
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
»technet.microsoft.com/library/se···ms14-083

Microsoft Security Bulletin MS14-085
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
»technet.microsoft.com/library/se···ms14-085

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website – visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

Microsoft Security Bulletin Advance Notification – December 4, 2014

Security Bulletins / Advisories 1 Comment »
This is an advance notification of 7 security bulletins that Microsoft is intending to release on December 9, 2014.

3 rated as Critical and 4 with a rating of Important

https://technet.microsoft.com/library/security/ms14-dec

Microsoft Security Advisory Notification Issued: November 25, 2014

Security Bulletins / Advisories Comments Off
Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
https://technet.microsoft.com/library/security/2755801
– Revision Note: V32.0 (November 25, 2014): Added the 3018943
update to the Current Update section.

Out-of-band release for Security Bulletin MS14-068

Security Bulletins / Advisories Comments Off
On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

More information about this bulletin can be found at Microsoft’s Bulletin Summary page.

Tracey Pretorius, Director Response Communications

http://blogs.technet.com/b/msrc/archive/2014/11/18/out-of-band-release-for-security-bulletin-ms14-068.aspx

Microsoft Security Bulletin Releases Issued: November 18, 2014

Security Bulletins / Advisories Comments Off
Summary
The following bulletin has been released.

* MS14-068 – Critical

The following bulletins have undergone a major revision increment.

* MS14-066 – Critical
* MS14-NOV

Bulletin Information:

MS14-068 – Critical

https://technet.microsoft.com/library/security/ms14-068
– Reason for Revision: V1.0 (November 18, 2014): Bulletin
published.
– Originally posted: November 18, 2014
– Updated: November 18, 2014
– Bulletin Severity Rating: Critical
– Version: 1.0

MS14-066 – Critical

https://technet.microsoft.com/library/security/ms14-066
– Reason for Revision: V2.0 (November 18, 2014): Bulletin revised
to announce the reoffering of the 2992611 update to systems
running Windows Server 2008 R2 and Windows Server 2012. The
reoffering addresses known issues that a small number of
customers experienced with the new TLS cipher suites that were
included in the original release. Customers running Windows
Server 2008 R2 or Windows Server 2012 who installed the 2992611
update prior to the November 18 reoffering should reapply the
update. See Microsoft Knowledge Base Article 2992611 for more
information.
– Originally posted: November 11, 2014
– Updated: November 18, 2014
– Bulletin Severity Rating: Critical
– Version: 2.0

MS14-NOV

https://technet.microsoft.com/library/security/ms14-nov
– Reason for Revision: V2.0 (November 18, 2014): Bulletin Summary
revised to document the out-of-band release of MS14-068 and,
for MS14-066, to announce the reoffering of the 2992611 update
to systems running Windows Server 2008 R2 and Windows Server
2012. See the respective bulletins for more information.
– Originally posted: November 11, 2014
– Updated: November 18, 2014
– Version: 2.0

© 2014 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in