Tuesday, August 12, 2014

Microsoft Security Bulletin Release for August 2014


Microsoft released nine (9) bulletins.  Two of the bulletins are identified as Critical with the remaining seven as Important.

The updates address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). Reminder to those who have problems with .NET updates to install separately with a restart between other updates.

Critical:

  • MS14-051 -- Cumulative Security Update for Internet Explorer (2976627) 
  • MS14-043 -- Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) 
Important:
  • MS14-048 -- Vulnerability in OneNote Could Allow Remote Code Execution (2977201) 
  • MS14-044  -- Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) 
  • MS14-045  -- Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2984615) 
  • MS14-049  -- Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) 
  • MS14-050  -- Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) 
  • MS14-046  -- Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) 
  • MS14-047 -- Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

Notes

  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The updated version includes Win32/Lecpetex which will assist with the detection and clean-up of this family following the recent Facebook take-down of the Lecpetex botnet.  Additional details ave available in the MMPC blog post.
  • Internet Explorer -- As noted in the Addendum to Internet Explorer begins blocking out-of-date ActiveX controls, blocking out-of-date ActiveX controls is being delayed for 30 days in order to give customers time to test and manage their environments. 
  • Windows 8.1 -- Non-security new features and improvements for Windows 8.1. will now be included with the second Tuesday of the month updates.  Additional information is available at August updates for Windows 8.1 and Windows Server 2012 R2.
  • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.
  • Other -- Changes to Internet Explorer and .NET Framework end of support dates were announced.  Refer to the references linked below.

The following additional information is provided in the Security Bulletin:

References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    4 comments:

    pastywhitegurl said...

    Found this article that says this update is causing BSOD.

    http://www.theregister.co.uk/2014/08/17/remond_cries_uninstall_in_the_wake_of_blue_screens_of_death/

    Offending updates: KB2982791 KB2970228 KB2975719 or KB2975331

    Has this been resolved?

    Corrine said...

    Although there were a number of people who had BSODs after installing the updates, it was far from epidemic. The majority of computer users had no problems.

    The updates were removed from the download channel. See the Microsoft Security Bulletin MS14-045 Update FAQ about the Bulletin revised on August 15, 2014.

    Also see known issues and recommendations for KB2982791 here: MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014 which has the recommendation to uninstall the following updates:

    Windows 7: KB2982791 and KB2970228.
    Windows 8.x: In addition to KB2982791 and KB2970228, also included are KB2975719 and KB2975331.

    Personally, I had not installed KB2970228 (new symbol for Russian ruble).

    pastywhitegurl said...

    I have KB2982791 installed (windows7) but am not experiencing any fonts problems. Should I uninstall anyway?

    Corrine said...

    Yes, uninstall it. See my post and LzD: Microsoft Security Bulletin Release for August 2014