Microsoft Security Bulletins for September 9 2014

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 9, 2014.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletins for September 9 2014

    Note: There may be latency issues due to replication, if the page does not display keep refreshing
    Today Microsoft released the following Security Bulletin(s).
    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    https://technet.microsoft.com/library/security/ms14-sep

    Critical (1)
    Cumulative Security Update for Internet Explorer (2977629)
    Published: September 9, 2014
    https://technet.microsoft.com/library/security/MS14-052

    Important (3)
    Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
    Published: September 9, 2014
    technet.microsoft.com/library/se···MS14-053
    Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege [298894]
    Published: September 9, 2014
    https://technet.microsoft.com/library/security/MS14-054
    Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service [299092]
    Published: September 9, 2014
    https://technet.microsoft.com/library/security/MS14-055

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA
     
    Last edited: Sep 20, 2014
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory Notification Issued: September 9, 2014
    Security Advisories Updated or Released Today

    * Microsoft Security Advisory (2755801)
    - Title: Update for Vulnerabilities in Adobe Flash Player in
    Internet Explorer
    - »technet.microsoft.com/library/se···/2755801
    - Revision Note: V28.0 (September 9, 2014): Added the 2987114
    update to the Current Update section.

    * Microsoft Security Advisory (2871997)
    - Title: Update to Improve Credentials Protection and Management
    - »technet.microsoft.com/library/se···/2871997
    - Revision Note: V3.0 (September 9, 2014): Rereleased advisory to
    announce the release of update 2982378 to provide additional
    protection for users credentials when logging into a Windows 7
    or Windows Server 2008 R2 system. See Updates Related to this
    Advisory for details.

    * Microsoft Security Advisory (2905247)
    - Title: Insecure ASP.NET Site Configuration Could Allow Elevation
    of Privilege
    - »technet.microsoft.com/library/se···/2905247
    - Revision Note: V2.0 (September 9, 2014): Advisory rereleased to
    announce the offering of the security update via Microsoft
    Update, in addition to the Download-Center-only option that was
    provided when this advisory was originally released.
    Additionally, some of the updates were reissued to improve their
    quality. See the Update FAQ for details.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 10, 2014
    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-016 - Important

    Bulletin Information:

    MS14-016 - Important

    - »technet.microsoft.com/library/se···ms14-016
    - Reason for Revision: V1.1 (September 10, 2014): Revised Update
    FAQ and entries in the Operating System column of the Affected
    Software table to further clarify what version of Active
    Directory must be installed on a system to be offered the update.
    These are informational changes only.
    - Originally posted: March 11, 2014
    - Updated: September 10, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.2
    --
     
    Last edited: Sep 20, 2014
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    *******************************************************************
    Title: Microsoft Security Bulletin Re-Releases
    Issued: September 15, 2014
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-055 - Important


    Bulletin Information:
    =====================

    MS14-055 - Important

    - https://technet.microsoft.com/library/security/ms14-055
    - Reason for Revision: V2.0 (September 15, 2014): Bulletin revised to
    remove Download Center links for Microsoft security update
    2982385 for Microsoft Lync Server 2010. See the Update FAQ for
    details.
    - Originally posted: September 9, 2014
    - Updated: September 15, 2014
    - Bulletin Severity Rating: Important
    - Version: 2.0
     
    Last edited: Sep 20, 2014
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 16, 2014
    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-046 - Important

    Bulletin Information:

    MS14-046 - Important

    - »technet.microsoft.com/library/se···ms14-046
    - Reason for Revision: V1.1 (September 16, 2014): Bulletin revised
    to announce a detection change in the 2966827 update for
    Microsoft .NET Framework 3.0 Service Pack 2 on Windows 8 and
    Windows Server 2012. This is a detection change only. There were
    no changes to the update files. Customers who have already
    successfully updated their systems do not need to take any
    action.
    - Originally posted: August 12, 2014
    - Updated: September 16, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.1
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 19, 2014
    Summary

    The following bulletin has undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-046 - Important


    Bulletin Information:

    MS14-046 - Important

    - »technet.microsoft.com/library/se···ms14-046
    - Reason for Revision: V1.2 (September 19, 2014): Bulletin
    revised with a change to the Known Issues entry in the Knowledge
    Base Article section from "None" to "Yes".
    - Originally posted: August 12, 2014
    - Updated: September 19, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.2
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 18, 2014
    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-012
    * MS14-MAR

    Bulletin Information:

    MS14-012 - Important

    - »technet.microsoft.com/library/se···ms14-012
    - Reason for Revision: V1.1 (September 18, 2014): Corrected the
    severity table and vulnerability information to add
    CVE-2014-4112 as a vulnerability addressed by this update. This is
    an informational change only. Customers who have already
    successfully installed the update do not have to take any action.
    - Originally posted: March 11, 2014
    - Updated: September 18, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.1

    MS14-MAR


    - »technet.microsoft.com/library/se···mar.aspx
    - Reason for Revision: V1.1 (September 18, 2014): For MS14-012,
    added an Exploitability Assessment in the Exploitability Index
    for CVE-2014-4112. This is an informational change only.
    - Originally posted: March 11, 2014
    - Updated: September 18, 2014
    - Version: 1.1
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 18, 2014
    Summary

    The following bulletin has undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-053 - Important

    Bulletin Information:

    MS14-053 - Important

    - »technet.microsoft.com/library/se···ms14-053
    - Reason for Revision: V1.1 (September 17, 2014): Bulletin
    revised to clarify language in the Executive Summary,
    Mitigating Factors, and Vulnerability FAQ sections that
    describes the attack vector for CVE-2014-4072. This is
    an informational change only. Customers who have already
    successfully installed the update do not have to take
    any action.
    - Originally posted: September 9, 2014
    - Updated: September 17, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.1
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  11. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Title: Microsoft Security Bulletin Re-Releases
    Issued: September 23, 2014
    ********************************************************************
    Summary
    =======
    The following bulletin has undergone a major revision increment.
    Please see the appropriate bulletin for more details.
    * MS14-055 - Important

    Bulletin Information:
    =====================
    MS14-055 - Important
    - https://technet.microsoft.com/library/security/ms14-055
    - Reason for Revision: V3.0 (September 23, 2014): Bulletin
    rereleased to announce the reoffering of the 2982385 security
    update file (server.msp) for Microsoft Lync Server 2010. See
    the Update FAQ for details.
    - Originally posted: September 9, 2014
    - Updated: September 23, 2014
    - Bulletin Severity Rating: Important
    - Version: 3.0
     
  12. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory Notification Issued: September 23, 2014
    Security Advisories Updated or Released Today

    * Microsoft Security Advisory (2755801)
    - Title: Update for Vulnerabilities in Adobe Flash Player in
    Internet Explorer
    - »technet.microsoft.com/library/se···/2755801
    - Revision Note: V29.0 (September 23, 2014): Added the 2999249
    update to the Current Update section.
     
  13. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 24, 2014
    Summary

    The following documents have undergone a minor revision increment.
    Please see the appropriate bulletin or summary for more details.

    * MS14-009 - Important
    * MS14-feb

    Bulletin Information:

    MS14-009 - Important

    - »technet.microsoft.com/library/se···ms14-009
    - Reason for Revision: V1.3 (September 24, 2014): Bulletin
    revised to correct a missing Server Core installation
    entry in the Affected Software table for Microsoft .NET
    Framework 4 when installed on Windows Server 2008 R2 for
    x64-based Systems Service Pack 1 (2898855). This is an
    informational change only. Customers running this affected
    software on Server Core installations who have already
    applied the 2898855 update do not need to take any action.
    Customers running this affected software on Server Core
    installations who have not already installed the update
    should do so to be protected from the vulnerabilities
    addressed in this bulletin.
    - Originally posted: February 11, 2014
    - Updated: September 24, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.3

    MS14-feb

    - »technet.microsoft.com/library/se···ms14-feb
    - Reason for Revision: V1.3 (September 24, 2014): For
    MS14-009, added a missing Server Core entry in the
    Affected Software table for Microsoft .NET Framework 4
    when installed on Windows Server 2008 R2 for x64-based
    Systems Service Pack 1 (2898855). This is an informational
    change only. Customers running this affected software on
    Server Core installations who have already applied the
    2898855 update do not need to take any action. Customers
    running this affected software on Server Core installations
    who have not already installed the update should do so to
    be protected from the vulnerabilities addressed in MS14-009.
    See the bulletin for download links.
    - Originally posted: February 11, 2014
    - Updated: September 24, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.3
     
  14. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: September 24, 2014
    Summary

    The following document has undergone a minor revision increment.
    Please see the bulletin for more details.

    * MS14-049 - Important

    Bulletin Information:

    MS14-049 - Important

    - »technet.microsoft.com/library/se···ms14-049
    - Reason for Revision: V1.2 (September 24, 2014): Bulletin
    revised to change Known issues entry in the Knowledge
    Base Article section from "None" to "Yes".
    - Originally posted: August 12, 2014
    - Updated: September 24, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.2
    --
     
  15. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: October 2, 2014
    Summary

    The following bulletin has undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-030 - Important


    Bulletin Information:


    MS14-030 - Important

    - »technet.microsoft.com/library/se···ms14-030
    - Reason for Revision: V1.3 (October 2, 2014): Bulletin revised
    to clarify the conditions under which Windows 7 editions are
    affected. See the Update FAQ for more information.
    - Originally posted: June 10, 2014
    - Updated: October 2, 2014
    - Bulletin Severity Rating: Important
    - Version: 1.3
     
  16. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: October 8, 2014
    Summary

    The following bulletins have undergone a minor revision increment.
    Please see the appropriate bulletin for more details.

    * MS14-051 - Critical
    * MS14-AUG

    Bulletin Information:

    MS14-051 - Critical

    - »technet.microsoft.com/library/se···ms14-051
    - Reason for Revision: V1.1 (October 8, 2014): Corrected the
    severity table and vulnerability information to add CVE-2014-4145
    as a vulnerability addressed by this update. This is an
    informational change only. Customers who have already
    successfully installed the update do not have to take any action.
    - Originally posted: August 12, 2014
    - Updated: October 8, 2014
    - Bulletin Severity Rating: Critical
    - Version: 1.1

    MS14-AUG

    - »technet.microsoft.com/library/se···ms14-aug
    - Reason for Revision: V2.1 (October 8, 2014): For MS14-051, added
    an Exploitability Assessment in the Exploitability Index for
    CVE-2014-4145. This is an informational change only.
    - Originally posted: August 12, 2014
    - Updated: October 8, 2014
    - Version: 2.1
    --
     
Loading...
Thread Status:
Not open for further replies.