Microsoft Security Bulletins for October 2014

It sounds like this was a pretty busy month for the folks who create security patches at Microsoft …

Welcome to the Microsoft’s October 2014 Patch Day overview. It provides an in-depth analysis and information about all security bulletins and updates that Microsoft released for its products since the September patch day. Microsoft released eight security bulletins this month fixing a total of 24 vulnerabilities in company products such as the Microsoft Windows operating system, Internet Explorer or Microsoft Office.

Three of the bulletins have received the highest severity rating of critical and five the second highest rating of important.

You find details about those patches below including a video summary by Microsoft, distribution of updates as well as deployment and download information.

Microsoft announced today that it will add outdated versions of Silverlight to the out-of-date ActiveX control blocking feature starting November 11, 2014. All versions of Silverlight older than Silverlight 5.1.30514.0 are affected by this.

Executive Summary

  • A total of eight bulletins have been released on this patch day that fix a total of 24 vulnerabilities.
  • Affected products include Microsoft Windows, Microsoft .Net Framework, Microsoft Office and Internet Explorer.
  • Three of the nine bulletins received the highest severity rating critical.
  • Microsoft suggests to deploy the bulletins MS14-056, MS14-057 and MS14-058 first (the three critical ones).

Video Summary

Operating System Distribution

As far as client operating systems are concerned, all but Windows Vista are affected by three critical and one important bulletin. Windows Vista in addition to that is affected by another important rated bulletin.

Windows Server 2003 and Windows Server 2008 are affected by two critical, two important and 1 moderate bulletin, while all other server operating systems are affected by two critical, one important and moderate bulletin.

  • Windows Vista: 3 critical, 2 important
  • Windows 7:   3 critical, 1 important
  • Windows 8:  3 critical, 1 important
  • Windows 8.1: 3 critical, 1 important
  • Windows RT: 3 critical, 1 important
  • Windows RT 8.1:  3 critical, 1 important
  • Windows Server 2003: 2 critical, 2 important, 1 moderate
  • Windows Server 2008: 2 critical, 2 important, 1 moderate
  • Windows Server 2008 R2: 2 critical, 1 important, 1 moderate
  • Windows Server 2012: 2 critical, 1 important, 1 moderate
  • Windows Server 2012 R2: 2 critical, 1 important, 1 moderate
  • Server Core installation: 2 critical, 1 important

Other Microsoft Product Distribution

  • Microsoft Office 2007: 1 important
  • Microsoft Office 2010: 1 important
  • Microsoft Office for Mac: 1 important
  • Microsoft Office Compatibility Pack: 1 important
  • Microsoft SharePoint Server 2010: 1 important
  • Microsoft Office Web Apps 2010: 1 important
  • ASP .NET MVC: 1 important

Deployment Guide

The suggested deployment priority for the October 2014 is to deploy all three critical vulnerabilities with the highest priority, followed by vulnerabilities MS14-060 and MS14-061 that address issues in OLE and Word second.

october 2014 microsoft security bulletins

  • Tier 1: MS14-056 Internet Explorer, MS14-057 .Net Framework and MS14-058 KMD (all critical)
  • Tier 2: MS14-06 OLE, MS14-061 Microsoft Word (all important)
  • Tier 3: MS14-059 ASP.NET, MS14-062 Message Queuing, MS14-063 Fat32

Security Bulletins

MS14-056 – Cumulative Security Update for Internet Explorer (2987107) – critical – remote code execution
MS14-057 – Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) – critical – remote code execution
MS14-058 – Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) – critical – remote code execution
MS14-059 – Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) – important – security feature bypass
MS14-060 – Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) – important – remote code execution
MS14-061 – Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) – important – remote code execution
MS14-062 – Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) – important – elevation of privilege
MS14-063 – Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) – important – remote code execution

Security Advisories

Microsoft has released three security advisories this month.

  • Update to Improve Credentials Protection and Management (2871997) – This update improves “credential protection and domain authentication controls to reduce credential theft”.
  • Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 (2949927) – This adds support for SHA-2 signing and verification functionality.
  • Update for Microsoft EAP Implementation that Enables the Use of TLS (2977292) – Enables the use of Transport Layer Security (TLS) 1.1 or 1.2 through the modification of the system registry.

Non-security related updates

  • Update for Windows 7 – Compatibility update for upgrading Windows 7 (KB2952664)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2989542)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2994023)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2995387)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2995388)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2998174)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2998812)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3000988)
  • Windows Malicious Software Removal Tool – October 2014 (KB890830)/Windows Malicious Software Removal Tool – October 2014 (KB890830) – Internet Explorer Version
  • Update for Windows 7 and Windows Server 2008 R2 – Update to support the new currency symbol for the Russian ruble in Windows (KB2970228)
  • Update for Windows 8, Windows RT, and Windows Server 2012 – August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012 (KB2975331)
  • Update for Windows 8, Windows RT, and Windows Server 2012 – September 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012 (KB2984005)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 – September 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (KB2984006)
  • Update for Microsoft .NET Framework 3.5 – Update for .NET Framework 3.5 on Windows Server 2012 R2, and Windows Server 2012, Windows 8.1, and Windows 8 (KB3005628)
  • Update for Windows 7 – September 2014 update for DVD playback in Windows 7 SP1 (KB3001554)
  • Update for Windows 8.1 – Some versions of the OneDrive desktop app for Windows do not update automatically (KB2990967)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded – A September 2014 time zone update for Russia is available (KB2998527)

How to download and install the October 2014 security updates

microsoft october 2014 updates

security updates microsoft october 2014

The October 2014 security patches are made available via Windows Update to all systems running client or server based versions of Windows.

If automatic updates is enabled, the updates will be downloaded automatically to the system once the system picks them up.

It may still be a good idea to check for updates manually as it may take some time after the release before they get downloaded to the system automatically.

  1. Tap on the Windows-key, type Windows Update and select the result from the list displayed to you.
  2. There you need to click on check for updates to run a manual update check.

Microsoft will make the updates available on the Microsoft Download Center as well for manual download and in form of  monthly security ISO images.

Additional information

Link to Original Content

Tags: , , , ,

Comments are closed.