Microsoft November out-of-cycle patch MS14-068
Microsoft November out-of-cycle patch
Note: MS14-066 was also updated today to fix some of the issues previously discussed with the introduction of the additional TLS cipher suites. Folks running Server 2008 R2 and Server 2012 are urged to reinstall
Update (2014-11-18 19:45 UTC) - After reading Microsoft's further explanation, the ISC ratings have been adjusted.
Ref: http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
Overview of the November 2014 Microsoft patches and their status.
# | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS14-068 | Vulnerability in Kerberos Could Allow Elevation of Privilege. Could allow for forging of part of Kerberos service ticket. (ReplacesMS11-013 MS10-014 ) |
|||||
Microsoft Windows CVE-2014-6324 |
KB 3011780 | Limited targeted attacks known to be in the wild | Severity:Critical Exploitability: 1 |
Important | Critical |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Keywords: mspatchday
21 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
×
Diary Archives
Comments
2014-11-18 11:51:08:549 3116 3b4 COMAPI ----------- COMAPI: IUpdateServiceManager::AddService -----------
2014-11-18 11:51:08:564 3116 3b4 COMAPI - ServiceId = {7971f918-a847-4430-9279-4a52d1efe18d}
2014-11-18 11:51:08:564 3116 3b4 COMAPI - AuthorizationCabPath = C:\WINDOWS\SoftwareDistribution\AuthCabs\muauth.cab
2014-11-18 11:51:08:580 848 824 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\7971f918-a847-4430-9279-4a52d1efe18d.auth.cab.temp\muauth.cab:
2014-11-18 11:51:08:596 848 824 Misc Microsoft signed: Yes
2014-11-18 11:51:08:611 848 824 Agent WARNING: WU client fails CClientCallRecorder::AddService2 with error 0x80248015
2014-11-18 11:51:08:611 3116 3b4 COMAPI WARNING: ISusInternal::AddService failed, hr=80248015
2014-11-18 11:51:08:611 3116 3b4 COMAPI - Exit code = 0x80248015
Anonymous
Nov 18th 2014
9 years ago
"This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
This should not be rated critical for clients.
"The update is also being provided on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1 "
If a desktop OS is running a KDC, that would fall into the ISC "The difference between the client and server rating is based on how you use the affected machine." - i.e., you're using it as a server.
Anonymous
Nov 18th 2014
9 years ago
Anonymous
Nov 18th 2014
9 years ago
Anonymous
Nov 18th 2014
9 years ago
Anonymous
Nov 18th 2014
9 years ago
Anonymous
Nov 18th 2014
9 years ago
Seeing that as well here.
Anonymous
Nov 18th 2014
9 years ago
Workaround: If you have automatic updates running, you can use: "wuauclt.exe /detectnow" at the command prompt. After waiting in silence for a few minutes, you should then get the alternative (non-IE-based) updating mechanism in the system tray (don't expect any GUI-feedback while the update detection is underway). This worked for me.
If Automatic Updates isn't enabled on the server (and thus this work-around won't work), perhaps that can be turned on via control panel, system panel, or registry?
Anonymous
Nov 18th 2014
9 years ago
1) Stop the Automatic Updates and Background Intelligent Transfer Service services.
2) Delete or rename the %windir%\SoftwareDistribution folder.
3) Restart Automatic Updates and Background Intelligent Transfer Service services.
4) Go to the Windows Update site, NOT the Microsoft Update site, and DO NOT enable Microsoft Update.
Direct link to Windows Update site: http://windowsupdate.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
5) From Windows Update you can install updates. (Obviously MS14-068 is what we’re talking about today.)
The workaround breaks on first reboot and will have to be repeated to install additional updates.
Hopefully Microsoft will fix their screwup with Microsoft Update soon...
Anonymous
Nov 18th 2014
9 years ago
Could not boot into any mode of the operating system. Efforts to repair with Windows System Recovery Disk and HP Recovery Disc failed.
Finally managed to restore system from full image backup.
The one thing that may be non-standard on my computer is that the hard disk is encrypted with HP's security software.
Apparently Microsoft did not test this patch on computers running HP encryption.
Anonymous
Nov 19th 2014
9 years ago