Microsoft hat soeben sieben Sicherheit-Bulletins im Rahmen des Dezember Patchday veröffentlicht. Drei Sicherheit-Bulletins werden als kritisch und die restlichen vier als wichtig eingestuft. Die Sicherheit-Bulletins beheben insgesamt fünfundzwanzig Sicherheitslücken in Windows, Office, Internet Explorer und Exchange. Rekordhalter ist auch heute der Internet Explorer, denn das kumulative Sicherheitsupdate MS14-080 behebt vierzehn schwerwiegende Sicherheitslücken. Die kritischen Updates betreffen Windows, Office und Internet Explorer, die wichtigen Windows, Office und Exchange. Benutzer, die die automatische Aktualisierung von Windows aktiviert haben, müssen keine Maßnahmen ergreifen, da alle Sicherheitsupdates automatisch heruntergeladen und installiert werden. Benutzer, die die automatische Aktualisierung nicht aktiviert haben, müssen auf Updates prüfen und diese Updates manuell installieren. Weitere Informationen über die Sicherheitsupdates für Dezember 2014 von Microsoft finden sich im dazu passenden Microsoft Security Bulletin Summary für Dezember 2014.
Download -> Microsoft Sicherheitsupdates für Dezember 2014
- MS14-075 – Vulnerabilities in Exchange Server Could Allow Elevation of Privilege (3009712)
This security update resolves four vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. - MS14-080 – Cumulative Security Update for Internet Explorer (3008923)
This security update resolves fourteen vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. - MS14-081 – Vulnerabilities in Word and Web Apps Could Allow Remote Code Execution (3017301)
This security update resolves two vulnerabilities in Microsoft Word and Microsoft Office Web Apps. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software. - MS14-082 – Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
This security update resolves one vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office. - MS14-083 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
This security update resolves two vulnerabilities in Microsoft Excel. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Excel file in an affected version of Microsoft Office software. - MS14-084 – Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. - MS14-085 – Vulnerability in Graphics Component Could Allow Information Disclosure (3013126)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content.
Microsoft Patchday für Dezember 2014 -> Weitere Infos
- Microsoft Security Bulletin Summary for December 2014
This bulletin summary lists security bulletins released for December 2014. With the release of the security bulletins for December 2014, this bulletin summary replaces the bulletin advance notification originally issued December 4, 2014 -> https://technet.microsoft.com/library/security/ms14-dec - TechNet Blogs » MSRC » December 2014 Updates
Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange -> http://blogs.technet.com/b/msrc/archive/2014/12/09/december-2014-updates.aspx
Microsoft empfiehlt Benutzern, ihre Software auf die neueste Version zu aktualisieren.