Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Microsoft Security Bulletin Summary for November 2014

Nov 11, 2014 3:27AM PST

Published : November 11, 2014

Microsoft released 14 new security updates today. Four (4) are rated Critical, Eight (Cool as Important and Two (2) as moderate. They address 33 Common Vulnerability and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 4

MS14-064 - Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
MS14-065 - Cumulative Security Update for Internet Explorer (3003057)
MS14-066 - Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
MS14-067 - Vulnerability in XML Core Services Could Allow Remote Code Execution (299395Cool

MS14-068 - Release date to be determined

Important: 8

MS14-069 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
MS14-070 - Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
MS14-071 - Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
MS14-072 - Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
MS14-073 - Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
MS14-074 - Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
MS14-075 - Release date to be determined
MS14-076 - Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (298299Cool
MS14-077 - Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)

Moderate: 2

MS14-078 - Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
MS14-079 - Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms14-nov

Read: "Assessing Risk for the November 2014 Security Updates" @ the Security Research and Defense Blog to help prioritize the deployment of updates for your environment.

http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx

Discussion is locked

- Collapse -
Let me HIGHLIGHT 064
Nov 13, 2014 3:21AM PST
- Collapse -
Revision of MS14-066
Nov 18, 2014 3:29AM PST
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

Published: November 11, 2014
Updated: November 18, 2014

Version: 2.0

Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.

Security Bulletin: https://technet.microsoft.com/library/security/ms14-066