Tuesday, December 09, 2014

Microsoft Security Bulletin Release for December, 2014

Microsoft released seven (7) bulletins.  Three (3) bulletins are identified as Critical and four (4) are rated Moderate in severity.

The updates address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

For those testing Windows 10 Technical Preview, please see the important information below.

    • MS14-080 -- Cumulative Security Update for Internet Explorer (3008923)
    • MS14-081 -- Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
    • MS14-084 -- Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
    • MS14-075 -- Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
    • MS14-082 -- Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
    • MS14-083 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
    • MS14-085 -- Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

    The following two Security Bulletins were re-released:
    Information on non-security update information can be found in KB 894199.

    Windows 10 Technical Preview

    Updates to Windows 10 Technical Preview include three updates for 9879.  Two of the updates address security vulnerabilities and one update is for a HDD failure affecting some people.

    Microsoft Office on Windows 10 Technical Preview:
    Via https://twitter.com/GabeAul:  For those running Microsoft Office on the Windows 10 Technical Preview, the installer fails on 9879 if Office is installed.  The decision was made to publish as is rather than rolling a new fix which would result in the loss of several days in the process.  Unfortunately, the workaround is painful: uninstall Office, install the hotfix, reinstall Office.

    Before attempting the workaround to uninstall Office, try to install KB3022827 first. It will work for many, no harm if not.

    Additional Update Notes

    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  The updated version does not include new families but includes updates to several prevelant malware families.  Additional details ave available in the MMPC blog post.

    • Internet Explorer -- For additional information about the blocking of out-of-date ActiveX controls see the TechNet article, Out-of-date ActiveX control blocking.  Additional changes introduced this month include the blocking of outdated Silverlight.  Additional information is available in the IE Blog.

    • Windows 8.x -- Non-security new features and improvements for Windows 8.1. are now included with the second Tuesday of the month updates.  Additional information is available at August updates for Windows 8.1 and Windows Server 2012 R2.

    • Windows XP -- Although Microsoft has stopped providing Microsoft Security Essentials for Windows XP, definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.  The MSRT still works on Windows XP.

    The following additional information is provided in the Security Bulletin:


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      No comments: