Microsoft November 2014 Patch Tuesday
Important: Please note that Microsoft released EMET 5.1 yesterday to address conflicts between EMET 5.0 / IE 11 and the patches released here (likely MS14-065)
We are aware that bulletin numbers are skipped below. Not sure if they will come later. It is possible that I used a version of the bulletin page that wasn't quite ready yet. I will update this page as needed.
Overview of the November 2014 Microsoft patches and their status.
# | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS14-064 | Vulnerabilities in Windows OLE Could Allow Remote Code Execution (ReplacesMS11-038 MS14-060 ) |
|||||
Microsoft Windows CVE-2014-6332 CVE-2014-6352 |
KB 3011443 | This fixes the OLE/PPT vuln that has been exploited and was partially fixed by MS14-060. | Severity:Critical Exploitability: 1 |
Critical | Important | |
MS14-065 | Cumulative Security Update for Internet Explorer (ReplacesMS14-056 ) |
|||||
Microsoft Windows, Internet Explorer , CVE-2014-4143, CVE-2014-6323, CVE-2014-6337, CVE-2014-6339, CVE-2014-6340, CVE-2014-6341, CVE-2014-6342, CVE-2014-6343, CVE-2014-6344, CVE-2014-6345, CVE-2014-6346, CVE-2014-6347, CVE-2014-6348, CVE-2014-6349, CVE-2014-6350, CVE-2014-6351, CVE-2014-6353 |
KB 3003057 | Severity:Critical Exploitability: 1 |
Critical | Important | ||
MS14-066 | Vulnerability in Schannel Could Allow Remote Code Execution (ReplacesMS10-085 MS12-049 ) |
|||||
Microsoft Windows CVE-2014-6321 |
KB 2992611 | Severity:Critical Exploitability: 1 |
Important | Critical | ||
MS14-067 | Vulnerability in XML Core Services Could Allow Remote Code Execution (ReplacesMS14-005 MS14-033 ) |
|||||
Microsoft Windows CVE-2014-4118 |
KB 2993958 | . | Severity:Critical Exploitability: 2 |
Critical | Critical | |
MS14-069 | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (ReplacesMS14-017 MS14-061 ) |
|||||
Microsoft Office CVE-2014-6333 CVE-2014-6334 CVE-2014-6335 |
KB 3009710 | Severity:Important Exploitability: 1 |
Critical | Important | ||
MS14-070 | Vulnerability in TCP/IP Could Allow Elevation of Privilege (ReplacesMS09-048 ) |
|||||
Microsoft Windows CVE-2014-4076 |
KB 2989935 | vuln. publicly known | Severity:Important Exploitability: 2 |
Important | Important | |
MS14-071 | Vulnerability in Windows Audio Service Could Allow Elevation of Privilege | |||||
Microsoft Windows CVE-2014-6322 |
KB 3005607 | Severity:Important Exploitability: 2 |
Important | Important | ||
MS14-072 | Vulnerability in .NET Framework Could Allow Elevation of Privilege (ReplacesMS14-026 ) |
|||||
Microsoft Windows, Microsoft .NET Framework CVE-2014-4149 |
KB 3005210 | Severity:Important Exploitability: 2 |
Important | Important | ||
MS14-073 | Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (ReplacesMS13-084 ) |
|||||
Microsoft Server Software CVE-2014-4116 |
KB 3000431 | Severity:Important Exploitability: 2 |
Important | Important | ||
MS14-074 | Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (ReplacesMS10-085 MS14-030 ) |
|||||
Microsoft Windows CVE-2014-6318 |
KB 3003743 | Severity:Important Exploitability: 3 |
Important | Important | ||
MS14-076 | Vulnerability in Internet Information Services | |||||
Microsoft Windows CVE-2014-4078 |
KB 2982998 | Severity:Important Exploitability: 3 |
Important | Important | ||
MS14-077 | Vulnerability in Active Directory Federation Services Could Allow Information Disclosure | |||||
Microsoft Windows CVE-2014-6331 |
KB 3003381 | Severity:Important Exploitability: 3 |
Important | Important | ||
MS14-078 | Vulnerability in IME | |||||
Microsoft Windows,Microsoft Office CVE-2014-4077 |
KB 3005210 | already exploited | Severity:Moderate Exploitability: 0 |
Important | Moderate | |
MS14-079 | Vulnerability in Kernel Mode Driver Could Allow Denial of Service (ReplacesMS14-058 ) |
|||||
Microsoft Windows CVE-2014-6317 |
KB 3002885 | Severity:Moderate Exploitability: 3 |
Moderate | Moderate |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
Keywords: mspatchday
6 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications."
So is it appropriate to interpret this as saying my IIS servers supporting HTTPS connections, have an unauthenticated RCE vuln? Or is it more complicated than that?
Anonymous
Nov 11th 2014
1 decade ago
Also, the SRD blog says "Most likely attack vector: User browses to a malicious webpage." While not a total contradiction, it does spin the vulnerability in a different light.
Any thoughts?
Anonymous
Nov 11th 2014
1 decade ago
MS14-068 -- Release date to be determined
----------------
So, you have not "skipped" anything.
Anonymous
Nov 11th 2014
1 decade ago
KB3008627 was released to address "This [unexpected UAC prompt] issue occurs because already installed applications do not have their hash cache created after update 2918614 is installed. When a repair is triggered for these applications, Microsoft Installer (MSI) cannot validate the installation files. Therefore, MSI needs consent from the user to finish the repair."
Anonymous
Nov 12th 2014
1 decade ago
http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/
Article cites Qualys's Director of Engineering on this one.
If this is the case, prepare for a quick exploit wave and if this happens the ISC rating for servers should be PATCH NOW.
Anonymous
Nov 12th 2014
1 decade ago
Anonymous
Nov 14th 2014
1 decade ago