Microsoft Security Bulletin(s) for November 11, 2014

Microsoft Security Bulletin(s) for November 11, 2014

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

https://technet.microsoft.com/library/security/ms14-nov





Critical (5)

Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)

http://go.microsoft.com/fwlink/?LinkId=518106



Cumulative Security Update for Internet Explorer (3003057)

http://go.microsoft.com/fwlink/?LinkId=518103



Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

http://go.microsoft.com/fwlink/?LinkId=518112



Vulnerability in XML Core Services Could Allow Remote Code Execution [299395]

http://go.microsoft.com/fwlink/?LinkId=513100



MS14-068 Release date to be determined



Important (9)

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)

http://go.microsoft.com/fwlink/?LinkId=518105



Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)

http://go.microsoft.com/fwlink/?LinkId=507675



Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)

http://go.microsoft.com/fwlink/?LinkId=518113



Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

http://go.microsoft.com/fwlink/?LinkId=518107



Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)

http://go.microsoft.com/fwlink/?LinkId=513105



Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)

http://go.microsoft.com/fwlink/?LinkId=518111



MS14-075 Release date to be determined



Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass [298299]

http://go.microsoft.com/fwlink/?LinkId=509986



Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)

http://go.microsoft.com/fwlink/?LinkId=518108





Moderate (2)

Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)

http://go.microsoft.com/fwlink/?LinkId=509952



Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)

http://go.microsoft.com/fwlink/?LinkId=518110



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

Which of these fixes a 19 year old bug?

I'll be installing in a few weeks - the last lot made my machine unstable and very slow until I did a restore. A couple of weeks later I re-installed and no issues. With this number of updates I think automatic updates should be a thing of the past!

In reply to a post by MrTAToad2:

Which of these fixes a 19 year old bug?

this is the one i belive
Microsoft Security Bulletin MS14-064 - Critical

Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)


Published: November 11, 2014

https://technet.microsoft.com/library/security/MS14-064

I have mine set to download them but let me install them manually. That way i can wait a few days and make sure they're ok

Only problem is Windows moans if you have that setting, it prefers to have them install automatically

Ah, thanks

Out-of-band release for Security Bulletin MS14-068

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.



More information about this bulletin can be found at Microsoft�s Advance Notification Service page.



Tracey Pretorius, Director

Response Communications

https://technet.microsoft.com/en-us/library/security...

********************************************************************

Title: Microsoft Security Bulletin Releases

Issued: November 18, 2014

********************************************************************

Summary

=======

The following bulletin has been released.

* MS14-068 - Critical

The following bulletins have undergone a major revision increment.

* MS14-066 - Critical

* MS14-NOV



Bulletin Information:

=====================

MS14-068 - Critical

- https://technet.microsoft.com/library/security/ms14-068

- Reason for Revision: V1.0 (November 18, 2014): Bulletin

published.

- Originally posted: November 18, 2014

- Updated: November 18, 2014

- Bulletin Severity Rating: Critical

- Version: 1.0



MS14-066 - Critical

- https://technet.microsoft.com/library/security/ms14-066

- Reason for Revision: V2.0 (November 18, 2014): Bulletin revised

to announce the reoffering of the 2992611 update to systems

running Windows Server 2008 R2 and Windows Server 2012. The

reoffering addresses known issues that a small number of

customers experienced with the new TLS cipher suites that were

included in the original release. Customers running Windows

Server 2008 R2 or Windows Server 2012 who installed the 2992611

update prior to the November 18 reoffering should reapply the

update. See Microsoft Knowledge Base Article 2992611 for more

information.

- Originally posted: November 11, 2014

- Updated: November 18, 2014

- Bulletin Severity Rating: Critical

- Version: 2.0



MS14-NOV

- https://technet.microsoft.com/library/security/ms14-nov

- Reason for Revision: V2.0 (November 18, 2014): Bulletin Summary

revised to document the out-of-band release of MS14-068 and,

for MS14-066, to announce the reoffering of the 2992611 update

to systems running Windows Server 2008 R2 and Windows Server

2012. See the respective bulletins for more information.

- Originally posted: November 11, 2014

- Updated: November 18, 2014

- Version: 2.0