Microsoft hat heute acht Security Bulletins im Rahmen des Oktober 2014 Patchday veröffentlicht

Microsoft hat heute acht Security Bulletins im Rahmen des Oktober 2014 Patchday veröffentlicht

Microsoft hat im Laufe des heutigen Abends acht Sicherheit-Bulletins im Rahmen des Oktober Patchday veröffentlicht und zum Download freigegeben. Drei davon werden von Microsoft als kritisch eingestuft, die restlichen fünf Sicherheit-Bulletins stuft Microsoft als wichtig ein. Die neues Sicherheitsupdates beheben insgesamt vierundzwanzig Sicherheitslücken in Windows, Office, .NET Framework, .ASP.NET und Internet Explorer. Allein das kumulative Sicherheitsupdate MS14-056 für den IE behebt vierzehn schwerwiegende Sicherheitslücken in alle unterstützten Versionen von Internet Explorer. Die kritischen Updates betreffen Windows, Office, .NET Framework, .ASP.NET und Internet Explorer, die wichtigen Updates Windows, die Developer Tools und Office. Diese Sicherheitslücken können Remotecodeausführung ermöglichen, wenn ein Benutzer eine speziell gestaltete Webseite mit dem Internet Explorer anzeigt oder wenn eine speziell gestaltete Word-Datei in einer betroffenen Version oder anderer Software geöffnet wird. Benutzer, die die automatische Aktualisierung von Windows aktiviert haben, müssen keine Maßnahmen ergreifen, da alle Sicherheitsupdates automatisch heruntergeladen und installiert werden. Benutzer, die die automatische Aktualisierung nicht aktiviert haben, müssen auf Updates prüfen und diese Updates manuell installieren. Weitere Informationen über die Sicherheitsupdates für Oktober 2014 von Microsoft finden sich im dazu passenden Microsoft Security Bulletin Summary für Oktober 2014.

Microsoft Update

Download -> Microsoft Sicherheitsupdates für Oktober 2014

  • MS14-056 - Cumulative Security Update for Internet Explorer (2987107)
    This security update resolves fourteen vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.
  • MS14-057 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
    This security upate resolves three vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application.
  • MS14-058 - Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
    This security update resolves two vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted website that contains embedded TrueType fonts.
  • MS14-059 - Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
    This security update resolves a vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link or to visit a webpage that contains specially crafted content designed to exploit the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a web browser, and then convince a user to view the website.
  • MS14-060 - Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object.
  • MS14-061 - Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
    This security update resolves one vulnerability in Microsoft Office. The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Word file.
  • MS14-062 - Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted input/output control (IOCTL) request to the Message Queuing service.
  • MS14-063 - Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
    This security update resolves a vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in the way the Windows FASTFAT system driver interacts with FAT32 disk partitions.

Microsoft Patch Day für Oktober 2014 -> Weitere Infos

  • Microsoft Security Bulletin Summary for October 2014
    This bulletin summary lists security bulletins released for October 2014. With the release of the security bulletins for October 2014, this bulletin summary replaces the bulletin advance notification originally issued October 9, 2014 -> https://technet.microsoft.com/library/security/ms14-oct
  • TechNet Blogs » MSRC » October 2014 Updates
    Today, as part of Update Tuesday, we released eight security updates – three rated Critical and five rated Important - to address 24 Common Vulnerabilities & Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize deployment planning, we recommend focusing on the Critical updates first.
    http://blogs.technet.com/b/msrc/archive/2014/10/14/october-2014-updates.aspx

Alle Benutzer werden aufgefordert die verfügbaren Updates so schnell wie möglich zu installieren!

Kommentare sind geschlossen
it-blogger.net
Copyright © 2017 Valdet Beqiraj it-blogger.net