Microsoft Security Bulletins for September 9 2014

Microsoft Security Bulletins for September 9 2014

Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://technet.microsoft.com/library/security/ms14-sep

Critical (1)
Cumulative Security Update for Internet Explorer (2977629)
Published: September 9, 2014
https://technet.microsoft.com/library/security/MS14-052

Important (3)
Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
Published: September 9, 2014
technet.microsoft.com/library/se···MS14-053
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege [298894]
Published: September 9, 2014
https://technet.microsoft.com/library/security/MS14-054
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service [299092]
Published: September 9, 2014
https://technet.microsoft.com/library/security/MS14-055

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Watch September 2014 security bulletin overview•Dustin Childs and Jonathan Ness from Microsoft Trustworthy Computing goes through this month’s Microsoft security bulletins.
https://www.youtube.com/watch?v=1Ek4KacFUeM

Watch September 2014 security bulletin webcast live at 11 a.m. PT
http://event.worktankseattle.com/el/SecBulletin-Sept2014-3319

 

Microsoft Security Advisory Notification Issued: September 9, 2014
Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
- »technet.microsoft.com/library/se···/2755801
- Revision Note: V28.0 (September 9, 2014): Added the 2987114
update to the Current Update section.

* Microsoft Security Advisory (2871997)
- Title: Update to Improve Credentials Protection and Management
- »technet.microsoft.com/library/se···/2871997
- Revision Note: V3.0 (September 9, 2014): Rereleased advisory to
announce the release of update 2982378 to provide additional
protection for users credentials when logging into a Windows 7
or Windows Server 2008 R2 system. See Updates Related to this
Advisory for details.

* Microsoft Security Advisory (2905247)
- Title: Insecure ASP.NET Site Configuration Could Allow Elevation
of Privilege
- »technet.microsoft.com/library/se···/2905247
- Revision Note: V2.0 (September 9, 2014): Advisory rereleased to
announce the offering of the security update via Microsoft
Update, in addition to the Download-Center-only option that was
provided when this advisory was originally released.
Additionally, some of the updates were reissued to improve their
quality. See the Update FAQ for details.

 

Microsoft Security Bulletin Minor Revisions Issued: September 10, 2014
Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-016 - Important

Bulletin Information:

MS14-016 - Important

- »technet.microsoft.com/library/se···ms14-016
- Reason for Revision: V1.1 (September 10, 2014): Revised Update
FAQ and entries in the Operating System column of the Affected
Software table to further clarify what version of Active
Directory must be installed on a system to be offered the update.
These are informational changes only.
- Originally posted: March 11, 2014
- Updated: September 10, 2014
- Bulletin Severity Rating: Important
- Version: 1.2
--

 

*******************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: September 15, 2014
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS14-055 - Important


Bulletin Information:
=====================

MS14-055 - Important

- https://technet.microsoft.com/library/security/ms14-055
- Reason for Revision: V2.0 (September 15, 2014): Bulletin revised to
remove Download Center links for Microsoft security update
2982385 for Microsoft Lync Server 2010. See the Update FAQ for
details.
- Originally posted: September 9, 2014
- Updated: September 15, 2014
- Bulletin Severity Rating: Important
- Version: 2.0

 

Microsoft Security Bulletin Minor Revisions Issued: September 16, 2014
Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-046 - Important

Bulletin Information:

MS14-046 - Important

- »technet.microsoft.com/library/se···ms14-046
- Reason for Revision: V1.1 (September 16, 2014): Bulletin revised
to announce a detection change in the 2966827 update for
Microsoft .NET Framework 3.0 Service Pack 2 on Windows 8 and
Windows Server 2012. This is a detection change only. There were
no changes to the update files. Customers who have already
successfully updated their systems do not need to take any
action.
- Originally posted: August 12, 2014
- Updated: September 16, 2014
- Bulletin Severity Rating: Important
- Version: 1.1

 

Microsoft Security Bulletin Minor Revisions Issued: September 19, 2014
Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-046 - Important

Bulletin Information:

MS14-046 - Important

- »technet.microsoft.com/library/se···ms14-046
- Reason for Revision: V1.2 (September 19, 2014): Bulletin
revised with a change to the Known Issues entry in the Knowledge
Base Article section from "None" to "Yes".
- Originally posted: August 12, 2014
- Updated: September 19, 2014
- Bulletin Severity Rating: Important
- Version: 1.2

 

Microsoft Security Bulletin Minor Revisions Issued: September 18, 2014
Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-012
* MS14-MAR

Bulletin Information:

MS14-012 - Important

- »technet.microsoft.com/library/se···ms14-012
- Reason for Revision: V1.1 (September 18, 2014): Corrected the
severity table and vulnerability information to add
CVE-2014-4112 as a vulnerability addressed by this update. This is
an informational change only. Customers who have already
successfully installed the update do not have to take any action.
- Originally posted: March 11, 2014
- Updated: September 18, 2014
- Bulletin Severity Rating: Important
- Version: 1.1

MS14-MAR

- »technet.microsoft.com/library/se···mar.aspx
- Reason for Revision: V1.1 (September 18, 2014): For MS14-012,
added an Exploitability Assessment in the Exploitability Index
for CVE-2014-4112. This is an informational change only.
- Originally posted: March 11, 2014
- Updated: September 18, 2014
- Version: 1.1

 

Microsoft Security Bulletin Minor Revisions Issued: September 18, 2014
Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-053 - Important

Bulletin Information:

MS14-053 - Important

- »technet.microsoft.com/library/se···ms14-053
- Reason for Revision: V1.1 (September 17, 2014): Bulletin
revised to clarify language in the Executive Summary,
Mitigating Factors, and Vulnerability FAQ sections that
describes the attack vector for CVE-2014-4072. This is
an informational change only. Customers who have already
successfully installed the update do not have to take
any action.
- Originally posted: September 9, 2014
- Updated: September 17, 2014
- Bulletin Severity Rating: Important
- Version: 1.1

 

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 9, 2014.

Version:
913086
File Name:
Windows-KB913086-201409.iso
Date Published:
9/9/2014
File Size:
3.3 GB
http://www.microsoft.com/en-us/download/details.aspx?id=44215

 

Title: Microsoft Security Bulletin Re-Releases
Issued: September 23, 2014
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS14-055 - Important

Bulletin Information:
=====================
MS14-055 - Important
- https://technet.microsoft.com/library/security/ms14-055
- Reason for Revision: V3.0 (September 23, 2014): Bulletin
rereleased to announce the reoffering of the 2982385 security
update file (server.msp) for Microsoft Lync Server 2010. See
the Update FAQ for details.
- Originally posted: September 9, 2014
- Updated: September 23, 2014
- Bulletin Severity Rating: Important
- Version: 3.0

 

Microsoft Security Advisory Notification Issued: September 23, 2014
Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
- »technet.microsoft.com/library/se···/2755801
- Revision Note: V29.0 (September 23, 2014): Added the 2999249
update to the Current Update section.

 

Microsoft Security Bulletin Minor Revisions Issued: September 24, 2014
Summary

The following documents have undergone a minor revision increment.
Please see the appropriate bulletin or summary for more details.

* MS14-009 - Important
* MS14-feb

Bulletin Information:

MS14-009 - Important

- »technet.microsoft.com/library/se···ms14-009
- Reason for Revision: V1.3 (September 24, 2014): Bulletin
revised to correct a missing Server Core installation
entry in the Affected Software table for Microsoft .NET
Framework 4 when installed on Windows Server 2008 R2 for
x64-based Systems Service Pack 1 (2898855). This is an
informational change only. Customers running this affected
software on Server Core installations who have already
applied the 2898855 update do not need to take any action.
Customers running this affected software on Server Core
installations who have not already installed the update
should do so to be protected from the vulnerabilities
addressed in this bulletin.
- Originally posted: February 11, 2014
- Updated: September 24, 2014
- Bulletin Severity Rating: Important
- Version: 1.3

MS14-feb

- »technet.microsoft.com/library/se···ms14-feb
- Reason for Revision: V1.3 (September 24, 2014): For
MS14-009, added a missing Server Core entry in the
Affected Software table for Microsoft .NET Framework 4
when installed on Windows Server 2008 R2 for x64-based
Systems Service Pack 1 (2898855). This is an informational
change only. Customers running this affected software on
Server Core installations who have already applied the
2898855 update do not need to take any action. Customers
running this affected software on Server Core installations
who have not already installed the update should do so to
be protected from the vulnerabilities addressed in MS14-009.
See the bulletin for download links.
- Originally posted: February 11, 2014
- Updated: September 24, 2014
- Bulletin Severity Rating: Important
- Version: 1.3

 

Microsoft Security Bulletin Minor Revisions Issued: September 24, 2014
Summary

The following document has undergone a minor revision increment.
Please see the bulletin for more details.

* MS14-049 - Important

Bulletin Information:

MS14-049 - Important

- »technet.microsoft.com/library/se···ms14-049
- Reason for Revision: V1.2 (September 24, 2014): Bulletin
revised to change Known issues entry in the Knowledge
Base Article section from "None" to "Yes".
- Originally posted: August 12, 2014
- Updated: September 24, 2014
- Bulletin Severity Rating: Important
- Version: 1.2
--

 

Microsoft Security Bulletin Minor Revisions Issued: October 2, 2014
Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-030 - Important


Bulletin Information:

MS14-030 - Important

- »technet.microsoft.com/library/se···ms14-030
- Reason for Revision: V1.3 (October 2, 2014): Bulletin revised
to clarify the conditions under which Windows 7 editions are
affected. See the Update FAQ for more information.
- Originally posted: June 10, 2014
- Updated: October 2, 2014
- Bulletin Severity Rating: Important
- Version: 1.3

 

Microsoft Security Bulletin Minor Revisions Issued: October 8, 2014
Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-051 - Critical
* MS14-AUG

Bulletin Information:

MS14-051 - Critical

- »technet.microsoft.com/library/se···ms14-051
- Reason for Revision: V1.1 (October 8, 2014): Corrected the
severity table and vulnerability information to add CVE-2014-4145
as a vulnerability addressed by this update. This is an
informational change only. Customers who have already
successfully installed the update do not have to take any action.
- Originally posted: August 12, 2014
- Updated: October 8, 2014
- Bulletin Severity Rating: Critical
- Version: 1.1

MS14-AUG

- »technet.microsoft.com/library/se···ms14-aug
- Reason for Revision: V2.1 (October 8, 2014): For MS14-051, added
an Exploitability Assessment in the Exploitability Index for
CVE-2014-4145. This is an informational change only.
- Originally posted: August 12, 2014
- Updated: October 8, 2014
- Version: 2.1
--