Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Microsoft Security Bulletin Summary for December 2014

Dec 9, 2014 2:51AM PST

Published : December 09, 2014

Microsoft released 7 new security updates today. Three are rated Critical and Four are rated as Important. They address 24 Common Vulnerability and Exposures (CVEs) in Microsoft Windows, Internet Explorer, Office and Exchange.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 3

MS14-080 - Cumulative Security Update for Internet Explorer (3008923)
MS14-081 - Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
MS14-084 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

Important: 4

MS14-075 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
MS14-082 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
MS14-085 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

Security Bulletin: https://technet.microsoft.com/library/security/ms14-dec

Discussion is locked

- Collapse -
Wierd Stuff Going On With Office 2010 Updates Here
Dec 9, 2014 8:50AM PST

After visiting the Windows Updates site on a couple of our Windows 7 SP1 computers which have Microsoft Office 2010 SP2 installed, the machines were offered approximately 12 separate updates for the Office installation. I selected all of the updates, since they appeared to be appropriate for the computers and I then let them install. The installation went fine, the computer restarted, and a recheck at the Windows Updates site showed the updates seemed to install correctly. Everything seemed to go fine.

Unfortunately, when I went into the Control Panel-Programs and Features-Installed Updates section, everything was wonky. Some of the updates for today showed as installing two or three times and some of the older updates now have an installed date of 12/09/14. Still, I've seen no problems with the updates other than their being listed "bad" in the "Installed Updates" section.

I may do a little testing to see if there is a fix, but it would be interesting to know if others with MS Office 2010, or even Office 2007 had the same issue. In addition, I can't seem to fine the individual downloads for the files on the Microsoft Download Center. Maybe they're also seeing the problem and are holding back the updates.

Hope this helps.

Grif

- Collapse -
After Testing, It's Only The Office 2010 Updates
Dec 9, 2014 11:04AM PST

I restored one of the machines back to before all of the Windows Updates, reinstalled the updates that applied to Windows only, and those updates were fine. No abnormalities. Next, I installed the updates which applied to Office 2010. When I installed the Office 2010 updates, a few at a time, the same thing happened as before.. Almost all of the Office updates showed a 12/09/14 install date and some of them appear to have installed twice. Still, the machine and Office seem to be functioning correctly, so I guess I'll leave things alone.

Strange but maybe normal for Microsoft.

Hope this helps.

Grif

- Collapse -
KB3024777 replaces KB3004394 to fix Windows 7 SP1 issues
Dec 12, 2014 4:58AM PST

See: Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2

"The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer."

Continued : https://support.microsoft.com/kb/3024777

* * * * * * *

Regarding KB3004394 : December 2014 update for Windows Root Certificate Program in Windows

Noted under "Issue for Windows 7 SP1 and Windows Server 2008 R2 SP1" :

"The KB 3004394 update does not cause any known problems on the other systems for which it is released. We recommend that you install the update on the other systems.

If you have not yet deployed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers, we recommend that you delay installation until a new version of this update becomes available.

If you have already installed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers that were not restarted after the update was installed, we recommend that you delay the restart if it is possible until more information is added to this article about a method to remove the update.

If the installation of KB 3004394 is causing problems on these computers, remove the update, and then restart the computers. The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed. "

Continued :https://support.microsoft.com/kb/3004394

- Collapse -
Thanks for that.
Dec 12, 2014 5:45AM PST

I checked my updates and didn't find that kb. But as usual, I leave a couple of days before I install updates to see if there are problems. I think MS must have pulled it before I installed.
Dafydd.

- Collapse -
You're welcome, Dafydd
Dec 12, 2014 7:44AM PST

Like you, I also wait. As the months go by, I've found myself waiting a lot longer than I used to.

Carol

- Collapse -
The new KB
Dec 12, 2014 6:13AM PST

installed just fine here, than a new Defender update installed so I guess everything's ok although I had no problems after Tuesday's update.

Digger

- Collapse -
Amonst other issues, the update was responsible for ...
Dec 12, 2014 7:44AM PST

Amongst other issues, the update was responsible for terminating Windows Defender's service. It's more than likely why you were offered the new update.

Patch Tuesday is turning into a weekly event!

Carol