Microsoft Critical Security Bulletins Summary for November 2014

Number: AV14-089
Date: 12 November 2014

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for November.

Assessment

The summary covers 14 bulletins (4 Critical, 8 Important and 2 Moderate - NOTE: MS14-068 and MS14-075 will have a later release date), which addresses multiple vulnerabilities in Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software and Microsoft Windows.

*** Critical ***
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
https://technet.microsoft.com/library/security/MS14-064

Cumulative Security Update for Internet Explorer (3003057)
https://technet.microsoft.com/library/security/MS14-065

Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
https://technet.microsoft.com/library/security/MS14-066

Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
https://technet.microsoft.com/library/security/MS14-067

MS14-068 - Release date to be determined

*** Important ***
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
https://technet.microsoft.com/library/security/MS14-069

Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
https://technet.microsoft.com/library/security/MS14-070

Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
https://technet.microsoft.com/library/security/MS14-071

Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
https://technet.microsoft.com/library/security/MS14-072

Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)
https://technet.microsoft.com/library/security/MS14-073

Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
https://technet.microsoft.com/library/security/MS14-074

MS14-075 - Release date to be determined

Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)
https://technet.microsoft.com/library/security/MS14-076

Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)
https://technet.microsoft.com/library/security/MS14-077

*** Moderate ***
Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (3005210)
https://technet.microsoft.com/library/security/MS14-078

Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885)
https://technet.microsoft.com/library/security/MS14-079

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: