Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MS Security Bulletin Summary - October 2014


  • Please log in to reply
5 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 14 October 2014 - 11:35 AM

FYI...

- https://technet.micr...curity/ms14-oct
Oct 14, 2014 - "This bulletin summary lists security bulletins released for October 2014...
(Total of -8-)

Microsoft Security Bulletin MS14-056 - Critical
Cumulative Security Update for Internet Explorer (2987107)
- https://technet.micr...curity/ms14-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://support.micr....com/kb/2987107
"... resolves -14- privately reported vulnerabilities in Internet Explorer. This security update helps protect Internet Explorer from being attacked when you view a specially crafted webpage..."
- https://support.micr....com/kb/2987107
Last Review: Oct 20, 2014 - Rev: 3.0

Microsoft Security Bulletin MS14-057 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
- https://technet.micr...curity/ms14-057
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-058 - Critical
Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
- https://technet.micr...curity/ms14-058
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-059 - Important
Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
- https://technet.micr...curity/ms14-059
Important - Security Feature Bypass - May require restart - Microsoft Developer Tools
- https://support2.mic....com/kb/2990942
Last Review: Oct 16, 2014 - Rev: 2.0

Microsoft Security Bulletin MS14-060 - Important
Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
- https://technet.micr...curity/ms14-060
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://www.isightpar.../cve-2014-4114/
Oct 14, 2014
- https://support.micr....com/kb/3000869
Last Review: Oct 14, 2014 - Rev: 1.1

Microsoft Security Bulletin MS14-061 - Important
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
- https://technet.micr...curity/ms14-061
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
- https://support.micr....com/kb/3000434
Last Review: Oct 14, 2014 - Revision: 1.1

Microsoft Security Bulletin MS14-062 - Important
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
- https://technet.micr...curity/ms14-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-063 - Important
Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
- https://technet.micr...curity/ms14-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet...14-updates.aspx

Deployment Priority, Severity, and Exploit Index
- http://blogs.technet...ns-overview.png
___

- http://www.securityt....com/id/1031018 - MS14-056
CVE Reference: CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6, 7, 8, 9, 10, 11 ...
- http://www.securityt....com/id/1031021 - MS14-057
- http://www.securityt....com/id/1031022 - MS14-058
- http://www.securityt....com/id/1031023 - MS14-059
- http://www.securityt....com/id/1031017 - MS14-060
CVE Reference: CVE-2014-4114
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs ...
This vulnerability is being actively exploited via PowerPoint files.
The original advisory is available at: http://www.isightpar.../cve-2014-4114/
iSIGHT Partners reported this vulnerability...
- http://www.securityt....com/id/1031024 - MS14-061
- http://www.securityt....com/id/1031025 - MS14-062
- http://www.securityt....com/id/1031027 - MS14-063
___

October 2014 Office Update Release
- http://blogs.technet...te-release.aspx
14 Oct 2014 - "... There are 6 security updates (1 bulletin) and 21 non-security updates..."
___

MSRT October 2014 – Hikiti
- http://blogs.technet...014-hikiti.aspx
Oct 14, 2014 - "The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats. The target in this campaign is an advanced persistent threat that served as the infrastructure of actors that launched targeted attacks against multiple organizations around the world. This month, the MSRT along with all of the partners in our Virus Information Alliance program are releasing new coverage for this infrastructure: Win32/Hikiti and some of the related malware families, Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi. Novetta has released an executive summary* on this threat..."
* http://www.novetta.com/operationsmn
___

ISC Analysis
- https://isc.sans.edu...l?storyid=18819
2014-10-14 - "... only -8- instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSight has seen this vulnerability exploited in some "APT" style attacks against NATO/US military interests and attributes these attacks to Russia..."
___

MS Advisories for October 2014

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.micr...ecurity/2755801
Updated: Oct 14, 2014 - v30.0

Microsoft Security Advisory 2949927
Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
- https://technet.micr...ecurity/2949927
Oct 14, 2014
V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues -uninstall- this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
- https://support.micr....com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1

Microsoft Security Advisory 2977292
Update for Microsoft EAP Implementation that Enables the Use of TLS
- https://technet.micr...ecurity/2977292
Oct 14, 2014

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.micr...ty/3009008.aspx
V1.1 Oct 15, 2014: Advisory revised to include a workaround for disabling the SSL 3.0 protocol in Windows.

.


Edited by AplusWebMaster, 22 October 2014 - 09:45 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 15 October 2014 - 05:40 AM

FYI...

KB2952664 problems ...
- http://myonlinesecur...52664-problems/
15 Oct 2014 - "Once again the October 2014 windows updates are causing problems on many computers. The biggest problem this month appears to be KB2952664 update for Windows 7. Do -not- install KB 2952664 update for Windows 7 unless you intend to update the windows 7 computer to either Windows 8 or the windows 10 preview. Various forums, including Microsoft help forums* are full of posts complaining about it failing. There is absolutely no need for the majority of users to install this update on their computer. If you have installed it, it will appear in the update history as -failed-. Go to programs & features, all updates and select KB2952664, press uninstall, reboot the computer and all will be OK. Then go to windows update, press check for updates, when the KB2952664 appears in the window, right click the entry and select -hide- update. You might then get a prompt asking for your admin account password if you are running as a standard user or a normal UAC prompt to continue with hiding the update. This KB 2952664 update for Windows 7 has been continually pushed out by Microsoft almost every month since April 2014 with various tweaks and revisions. Most have had some degree of install problems or have caused some degree of system instabilities. The October 2014 version appears to be the most problematic. It isn’t needed so don’t install it..."
* http://answers.micro...8f-edcf9ac1347b

Compatibility update for upgrading Windows 7
- https://support.micr....com/kb/2952664

> http://www.infoworld...r-80242016.html
Oct 15, 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 15 October 2014 - 09:22 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 16 October 2014 - 03:51 PM

FYI...

Four more botched MS patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388
Windows users are reporting significant problems with four more October Black Tuesday patches
- http://www.infoworld...kb-2995388.html
Oct 16, 2014 - "... Black Tuesday problems continue to pile up. Yesterday brought to light problems with KB 2952664*, the seventh patch with that name, which fails to install on a large number of Windows 7 machines. Now there are reports of four more botched patches. It's too early to tell exactly what's causing the problems, but if you're having headaches, you aren't alone - and there are solutions.
* http://www.infoworld...r-80242016.html
KB 3000061**... is a kernel mode driver update, MS 14-058. It's one of Microsoft's zero-day patches this month - there are very limited but identified attacks in the wild that use this security hole.
** https://support.micr....com/kb/3000061
 TechNet has a thread*** about failure to install on Server 2012 machines. Poster jcs916 describes a problem with installing KB 3000061 on a Windows 8.1 machine...
*** https://social.techn...m=winserver8gen
 Microsoft released seven separately identified security patches that weren't associated with Security Bulletins. One of them, KB 2984972, isn't faring well... AndrewKelly, posting on the TechNet forum[4], says he has had problems with Autodesk packages after applying the patch:
4] https://social.techn...?forum=mdopappv
... Finally, a nonsecurity update rollup, KB 2995388[5] - also distributed Tuesday - is causing problems with VMware. After installing the patch, every time you try to boot a virtual machine, you get a message: "Not enough physical memory is available to power on this virtual machine with its configured settings." The VMware folks[6] recommend you -not- install KB 2995388; if you have, they recommend that you uninstall it."
5] http://support.micro....com/kb/2995388

6] http://blogs.vmware....8-1-update.html
___

- http://blogs.msmvps....keep-an-eye-on/
Oct 15, 2014
 

:ph34r: :ph34r:  :(


Edited by AplusWebMaster, 16 October 2014 - 06:32 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 17 October 2014 - 10:31 AM

FYI...

M$ yanks botched patch KB 2949927, re-issues KB 2952664
Windows 7 upgrade compatibility patch gets a tweaked installer, while the SHA-2 hashing patch is summarily removed without explanation
- http://www.infoworld...kb-2952664.html
Oct 17, 2014 - "Tell me if you've heard this one before: Microsoft has pulled a patch - KB 2949927*, a patch so important it rated its own Security Advisory - and there's no official notification that the patch was yanked, no explanation as to why it's been pulled, and no instructions for removing (or keeping) the patch if it did somehow get installed... Take-away lesson: Ignore Windows error messages. Aunt Martha can handle that. The more disconcerting patch, KB 2949927, was one of the -four- botched patches I mentioned yesterday. It adds SHA-2 hash signing and verification capability to Windows 7. Trying to install it on some machines led to multiple reboots failing with error 80004005 - a nice way to spend your Tuesday afternoon. And Wednesday. And Thursday morning... What should you do if the patch was installed? I have no idea, and Microsoft isn't saying a thing. Still -no- word on the other bad patches..."
* https://support.micr....com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1

:ph34r: :ph34r: :ph34r:  <_<


Edited by AplusWebMaster, 21 October 2014 - 01:43 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 21 October 2014 - 10:10 PM

FYI...

Security Advisory 3010060 released
- http://blogs.technet...0-released.aspx
21 Oct 2014 - "Today, we released Security Advisory 3010060* to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it** solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems..."

Microsoft Security Advisory 3010060
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
* http://technet.micro...dvisory/3010060
21 Oct 2014 - "... we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint..."

** https://support.micr...0060#FixItForMe
Last Review: Oct 22, 2014 - Rev: 2.0
Enable this fix it - Microsoft Fix it 51026

- http://www.securityt....com/id/1031097
CVE Reference:

- https://web.nvd.nist...d=CVE-2014-6352 - 9.3 (HIGH)
Last revised: 10/23/2014 "... as exploited in the wild in October 2014 with a crafted PowerPoint document."
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs...
> https://support.micr...0060#FixItForMe
___

- http://www.symantec....m-vulnerability
22 Oct 2014 - "At least two groups of attackers are continuing to take advantage of the recently discovered Sandworm vulnerability in Windows by using an exploit that bypasses the patch... Microsoft is aware of the vulnerability and has issued a -new- security advisory warning users of possible attacks. The company has yet to release a patch for this latest issue, which is being tracked as the Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352*)... The -new- vulnerability affects all supported releases of Microsoft Windows, excluding Windows Server 2003. Microsoft has produced a Fix it** solution to address -known- exploits. Windows users are advised to exercise caution when opening Microsoft PowerPoint files or other files from -untrusted- sources. It is also recommended that the User Account Control (UAC) be enabled, if it is not already..."
* https://web.nvd.nist...d=CVE-2014-6352 - 9.3 (HIGH)

** https://support.micr...0060#FixItForMe

- http://atlas.arbor.n...index#973033948
Elevated Severity
23 Oct 2014
 

:ph34r:


Edited by AplusWebMaster, 24 October 2014 - 06:51 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 October 2014 - 02:50 AM

FYI...

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.micr...ecurity/3009008
V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify the workaround instructions for disabling SSL 3.0 on Windows servers and on Windows clients, and to announce the availability of a Microsoft Fix it solution for Internet Explorer. For more information see Knowledge Base Article 3009008*.
* https://support.micr...9008#FixItForMe
Last Review: Oct 29, 2014 - Rev: 2.3
Disable SSL 3.0 in Internet Explorer - Microsoft Fix it 51024
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users