Microsoft hat vierzehn Security Bulletins im Rahmen des November 2014 Patchday veröffentlicht

Microsoft hat vierzehn Security Bulletins im Rahmen des November 2014 Patchday veröffentlicht

Microsoft hat heute vierzehn Sicherheit-Bulletins (obwohl sechszehn angekündigt wurden) im Rahmen des November 2014 Patchday veröffentlicht und zum sofortigen Download freigegeben. Vier davon werden als kritisch, acht als wichtig und zwei als moderat eingestuft. Angekündigt wurden fünf kritische, neun wichtige und zwei als moderat eingestufte Sicherheit-Bulletins. Die Sicherheit-Bulletins MS14-068 und MS14-075 werden laut Microsoft zum einen späteren Zeitpunkt erhältlich sein. Die heutigen Sicherheit-Bulletins beheben insgesamt dreiunddreißig Sicherheitslücken in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework und Microsoft Server Software. Rekordhalter ist auch heute der Internet Explorer, denn das kumulative Sicherheitsupdate MS14-065 für den Internet Explorer behebt siebzehn schwerwiegende Sicherheitslücken. Die kritischen Updates betreffen Windows und Internet Explorer, die wichtigen Windows, Office, .NET Framework und Server Software, die moderaten Windows und Office.

Microsoft Update

Benutzer, die die automatische Aktualisierung von Windows aktiviert haben, müssen keine Maßnahmen ergreifen, da alle Sicherheitsupdates automatisch heruntergeladen und installiert werden. Benutzer, die die automatische Aktualisierung nicht aktiviert haben, müssen auf Updates prüfen und diese Updates manuell installieren. Weitere Informationen über die Sicherheitsupdates für November 2014 von Microsoft finden sich im dazu passenden Microsoft Security Bulletin Summary für November 2014.

Download -> Microsoft Sicherheitsupdates für November 2014

  • MS14-064 - Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
    This security update resolves two vulnerabilities in Microsoft Windows Object Linking and Embedding (OLE). The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
  • MS14-065 - Cumulative Security Update for Internet Explorer (3003057)
    This security update resolves seventeen vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage.
  • MS14-066 - Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
    This security update resolves a vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.
  • MS14-067 - Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a logged-on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer.
  • MS14-069 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
    This security update resolves three vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected edition of Office 2007.
  • MS14-070 - Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
    This security update resolves a vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
  • MS14-071 - Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an application uses the Microsoft Windows Audio service.
  • MS14-072 - Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
    This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow elevation of privilege if an attacker sends specially crafted data to an affected workstation or server that uses .NET Remoting.
  • MS14-073 - Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
    This security update resolves a vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.
  • MS14-074 - Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass when Remote Desktop Protocol (RDP) fails to properly log audit events.
  • MS14-076 - Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
    This security update resolves a vulnerability in Microsoft Internet Information Services (IIS) that could lead to a bypass of the "IP and domain restrictions" security feature.
  • MS14-077 - Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
    This security update resolves a vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application, and an attacker reopens the application in the browser immediately after the user has logged off.
  • MS14-078 - Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
    This security update resolves a vulnerability in Microsoft Input Method Editor (IME) (Japanese). The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed.
  • MS14-079 - Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)
    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a network share and a user subsequently navigates there in Windows Explorer.

Microsoft Patch Day für November 2014 -> Weitere Infos

  • Microsoft Security Bulletin Summary for November 2014
    This bulletin summary lists security bulletins released for November 2014. With the release of the security bulletins for November 2014, this bulletin summary replaces the bulletin advance notification originally issued November 6, 2014 -> https://technet.microsoft.com/library/security/ms14-nov
  • TechNet Blogs » MSRC » November 2014 Updates
    Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD) -> http://blogs.technet.com/b/msrc/archive/2014/11/11/november-2014-updates.aspx

Alle Benutzer werden aufgefordert die verfügbaren Updates so schnell wie möglich zu installieren!

Kommentare sind geschlossen
it-blogger.net
Copyright © 2017 Valdet Beqiraj it-blogger.net