Spyware, Viruses, & Security forum


Microsoft Security Bulletin Summary for December 2014

by Carol~ Moderator / December 9, 2014 2:51 AM PST

Published : December 09, 2014

Microsoft released 7 new security updates today. Three are rated Critical and Four are rated as Important. They address 24 Common Vulnerability and Exposures (CVEs) in Microsoft Windows, Internet Explorer, Office and Exchange.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 3

MS14-080 - Cumulative Security Update for Internet Explorer (3008923)
MS14-081 - Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
MS14-084 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

Important: 4

MS14-075 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
MS14-082 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
MS14-085 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

Security Bulletin: https://technet.microsoft.com/library/security/ms14-dec

Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for December 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for December 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Wierd Stuff Going On With Office 2010 Updates Here
by Grif Thomas Forum moderator / December 9, 2014 8:50 AM PST

After visiting the Windows Updates site on a couple of our Windows 7 SP1 computers which have Microsoft Office 2010 SP2 installed, the machines were offered approximately 12 separate updates for the Office installation. I selected all of the updates, since they appeared to be appropriate for the computers and I then let them install. The installation went fine, the computer restarted, and a recheck at the Windows Updates site showed the updates seemed to install correctly. Everything seemed to go fine.

Unfortunately, when I went into the Control Panel-Programs and Features-Installed Updates section, everything was wonky. Some of the updates for today showed as installing two or three times and some of the older updates now have an installed date of 12/09/14. Still, I've seen no problems with the updates other than their being listed "bad" in the "Installed Updates" section.

I may do a little testing to see if there is a fix, but it would be interesting to know if others with MS Office 2010, or even Office 2007 had the same issue. In addition, I can't seem to fine the individual downloads for the files on the Microsoft Download Center. Maybe they're also seeing the problem and are holding back the updates.

Hope this helps.


Collapse -
After Testing, It's Only The Office 2010 Updates
by Grif Thomas Forum moderator / December 9, 2014 11:04 AM PST

I restored one of the machines back to before all of the Windows Updates, reinstalled the updates that applied to Windows only, and those updates were fine. No abnormalities. Next, I installed the updates which applied to Office 2010. When I installed the Office 2010 updates, a few at a time, the same thing happened as before.. Almost all of the Office updates showed a 12/09/14 install date and some of them appear to have installed twice. Still, the machine and Office seem to be functioning correctly, so I guess I'll leave things alone.

Strange but maybe normal for Microsoft.

Hope this helps.


Collapse -
KB3024777 replaces KB3004394 to fix Windows 7 SP1 issues
by Carol~ Moderator / December 12, 2014 4:58 AM PST

See: Install KB3024777 to fix an issue with KB3004394 on Windows 7 and Windows Server 2008 R2

"The KB 3004394 update that was dated December 10, 2014 can cause additional problems on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. This new update is available to remove KB 3004394 from your computer."

Continued : https://support.microsoft.com/kb/3024777

* * * * * * *

Regarding KB3004394 : December 2014 update for Windows Root Certificate Program in Windows

Noted under "Issue for Windows 7 SP1 and Windows Server 2008 R2 SP1" :

"The KB 3004394 update does not cause any known problems on the other systems for which it is released. We recommend that you install the update on the other systems.

If you have not yet deployed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers, we recommend that you delay installation until a new version of this update becomes available.

If you have already installed KB 3004394 on Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers that were not restarted after the update was installed, we recommend that you delay the restart if it is possible until more information is added to this article about a method to remove the update.

If the installation of KB 3004394 is causing problems on these computers, remove the update, and then restart the computers. The ability to remove Windows Updates through Control Panel may no longer function on some Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers after KB 3004394 is installed. "

Continued :https://support.microsoft.com/kb/3004394

Collapse -
Thanks for that.
by Dafydd Forum moderator / December 12, 2014 5:45 AM PST

I checked my updates and didn't find that kb. But as usual, I leave a couple of days before I install updates to see if there are problems. I think MS must have pulled it before I installed.

Collapse -
You're welcome, Dafydd
by Carol~ Moderator / December 12, 2014 7:44 AM PST
In reply to: Thanks for that.

Like you, I also wait. As the months go by, I've found myself waiting a lot longer than I used to.


Collapse -
The new KB
by itsdigger / December 12, 2014 6:13 AM PST

installed just fine here, than a new Defender update installed so I guess everything's ok although I had no problems after Tuesday's update.


Collapse -
Amonst other issues, the update was responsible for ...
by Carol~ Moderator / December 12, 2014 7:44 AM PST
In reply to: The new KB

Amongst other issues, the update was responsible for terminating Windows Defender's service. It's more than likely why you were offered the new update.

Patch Tuesday is turning into a weekly event!


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.