5 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...curity/ms14-sep
Sep 9, 2014 - "This bulletin summary lists security bulletins released for September 2014...
(Total of -4-)

Microsoft Security Bulletin MS14-052 - Critical
Cumulative Security Update for Internet Explorer (2977629)
- https://technet.micr...curity/MS14-052
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://support.micro....com/kb/2977629

Last Review: Sep 16, 2014 - Rev: 2.0
"... This security update resolves 1 publicly disclosed and 36 privately reported vulnerabilities..."

Microsoft Security Bulletin MS14-053 - Important
Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
- https://technet.micr...curity/MS14-053
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
V1.1 (Sep 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://web.nvd.nist...d=CVE-2014-4072 - 5.0

Microsoft Security Bulletin MS14-054 - Important
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)
- https://technet.micr...curity/MS14-054
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.micr...curity/MS14-055
Important - Denial of Service - Does not require restart - Microsoft Lync Server
V2.0 (Sep 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
- https://web.nvd.nist...d=CVE-2014-4068 - 5.0
- https://web.nvd.nist...d=CVE-2014-4070 - 5.0
- https://web.nvd.nist...d=CVE-2014-4071 - 5.0
___

- http://blogs.technet...ty-updates.aspx

Deployment Priority, Severity, Exploit Index
- http://blogs.technet....deployment.jpg
___

September 2014 Office Update Release
- http://blogs.technet...te-release.aspx
9 Sep 2014 - "... There are no security updates. There are 18 non-security updates..."
___

- http://www.securityt....com/id/1030818 - MS14-052
- http://www.securityt....com/id/1030819 - MS14-053
- http://www.securityt....com/id/1030820 - MS14-054
- http://www.securityt....com/id/1030821 - MS14-055
___

ISC Analysis
- https://isc.sans.edu...l?storyid=18627
2014-09-09

.

Edited by AplusWebMaster, 18 September 2014 - 02:26 PM.

[AplusWebMaster]

FYI...

Update for OneDrive for Business (KB2889866)
- https://support.micr....com/kb/2889866
Last Review: Sep 10, 2014 - Rev: 2.0
"Notice: We are investigating an issue that is affecting the September 2014 update for Microsoft OneDrive for Business. Therefore, we have removed the update from availability for now..."

- http://blogs.technet...te-release.aspx
10 Sep 2014 - "UPDATE - We have discovered an issue with update KB 2889866. We have removed the update from availability while we investigate."
___

- http://www.infoworld...-tuesday-250304
Sep 11, 2014
___

September 2014 Security Bulletin Webcast Q&A
- http://blogs.technet...0_q_2d00_a.aspx
12 Sep 2014 - "Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page*..."
* http://blogs.technet...ebcast-q-a.aspx
 

Edited by AplusWebMaster, 15 September 2014 - 03:00 PM.

[AplusWebMaster]

FYI...

MS14-055 revised - Vulnerabilities in Lync could allow denial of service ...
- https://technet.micr...curity/MS14-055
V2.0 (September 15, 2014): Bulletin revised to remove* Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010...
* Update FAQ
Why was this bulletin revised on September 15, 2014?
Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update...

Related: https://support.micr....com/kb/2990928
Last Review: Sep 16, 2014 - Rev: 2.0
 

[AplusWebMaster]

FYI...

MS14-046: Description of the security update for the .NET Framework 3.5
on Windows 8 and Windows Server 2012: Aug 12, 2014
* https://support.micr....com/kb/2966827
Last Review: Sep 19, 2014 - Rev: 3.0
 
Bulletin Information:
MS14-046 - Important
- https://technet.micr...curity/ms14-046
  - Reason for Revision: V1.2 (Sep 19, 2014): Bulletin
    revised with a change to the 'Known Issues' entry in the Knowledge
    Base Article section from "None" to "Yes".
  - Originally posted: August 12, 2014
  - Updated: September 19, 2014
  - Bulletin Severity Rating: Important
  - Version: 1.2
___
 
Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8
and Windows Server 2012 may -fail- after you install security update 2966827
- https://support.micr....com/kb/3002547
Last Review: Sep 19, 2014 - Rev: 2.0
 

[AplusWebMaster]

FYI...

Microsoft Security Bulletin MS14-055 - Important
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
- https://technet.micr...curity/MS14-055
V3.0 (September 23, 2014): Bulletin rereleased to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010...
Why was this bulletin revised on September 23, 2014?
Microsoft re-released this bulletin to announce the re-offering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. The re-released update addresses an issue in the original offering that prevented users from successfully installing the server.msp file. Customers who attempted to install the original update will be reoffered the 2982385* update and are encouraged to apply it at the earliest opportunity...

* https://support.micr....com/kb/2982385
Sep 23, 2014 - Rev: 2.0
 

[AplusWebMaster]

FYI...

IE10/IE11 in Win8/8.1 - Flash Player update
- https://technet.micr...ecurity/2755801
Sep 23, 2014
V29.0 (Sep 23, 2014): Added the 2999249* update to the Current Update section.

Update for Adobe Flash Player in Internet Explorer
* https://support.micr....com/kb/2999249
Sep 23, 2014 - Rev: 1.0 - "An issue was found in which some videos may not play, or you may receive an error message, when you try to watch video from certain websites. Microsoft has released an update for this issue for IT professionals. This release contains a fix that will significantly reduce the prevalence of video playback failures on sites where this problem previously occurred.
Known issues with this update: Windows Update will not offer this update to Windows RT-based computers until update 2808380 is installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 2808380** Windows RT-based device cannot download software updates or Windows Store apps."
** https://support.micr....com/kb/2808380
Mar 7, 2013 - Rev: 3.0
 
[ Hat tip to dvk01: http://myonlinesecur...-windows-8-8-1/ ]