News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
September 18, 2014, 09:41:59
Pages: [1]   Go Down
  Print  
Topic: MS Security Bulletin Summary - July 2014  (Read 405 times)
0 Members and 1 Guest are viewing this topic.
« on: July 08, 2014, 09:21:12 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8269



FYI...

- https://technet.microsoft.com/library/security/ms14-jul
July 8, 2014 - "This bulletin summary lists security bulletins released for July 2014...
(Total of -6-)
V1.1 (July 29, 2014): For MS14-037, added an Exploitability Assessment in the Exploitability Index for CVE-2014-4066. This is an informational change only.

Microsoft Security Bulletin MS14-037 - Critical
Cumulative Security Update for Internet Explorer (2975687)
- https://technet.microsoft.com/library/security/ms14-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4066

Microsoft Security Bulletin MS14-038 - Critical
Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)
- https://technet.microsoft.com/library/security/ms14-038
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-039 - Important
Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)
- https://technet.microsoft.com/library/security/ms14-039
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-040 - Important
Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)
- https://technet.microsoft.com/library/security/ms14-040
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-041 - Important
Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)
- https://technet.microsoft.com/library/security/ms14-041
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS14-042 - Moderate
Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)
- https://technet.microsoft.com/library/security/ms14-042
Moderate - Denial of Service - Does not require restart - Microsoft Server Software
___

- http://blogs.technet.com/b/msrc/archive/2014/07/08/july-2014-security-bulletin-release.aspx
8 Jul 2014

Deployment Priority, Severity, Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/2654.deployment.jpg
___

July 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/07/08/july-2014-office-update-release.aspx
8 Jul 2014 - "... There are no security updates. There are 36 non-security updates..."
___

- http://www.securitytracker.com/id/1030532 - MS14-037
- http://www.securitytracker.com/id/1030531 - MS14-038
- http://www.securitytracker.com/id/1030535 - MS14-039
- http://www.securitytracker.com/id/1030536 - MS14-040
- http://www.securitytracker.com/id/1030537 - MS14-041
- http://www.securitytracker.com/id/1030538 - MS14-042
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18359
2014-07-08

.
« Last Edit: August 04, 2014, 17:12:33 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: July 14, 2014, 10:43:59 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8269



FYI...

MS14-037 KB2962872 issues ...
- http://www.infoworld.com/t/microsoft-windows/black-tuesday-patch-kb-2962872-crashes-installshield-causes-slowdowns-246112
July 14, 2014 - "... Posters on the Microsoft Answers forum report that uninstalling KB 2962872 solves the problem.
Flexerasoft has posted a limited workaround:
   Moving the .htm files to a backup folder has been shown to reduce the impact of the issue for some InstallShield customers. Please note that by taking these steps, the InstallShield Start Page and inline help will be limited and navigating to some views may still trigger a crash. Those using this method should save their projects frequently.
    Steps to implement this limited workaround:
    Move *.htm from
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>
    To a new folder
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>\HTM-Backup\
    Move *.htm from
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\
    To a new folder
    \<ProgramFiles>\InstallShield\<version>\Program\<LanguageCode>Express\HTM-Backup\

The workaround lets InstallShield start and run normally, but reports say it crashes on exit. There are also sporadic reports of additional problems with KB 2962872, particularly slowdowns..."
- https://community.flexerasoftware.com/showthread.php?217569-InstallShield-Crashes-and-Microsoft-KB-2962872
07-11-2014
Microsoft security update KB2962872 (MS14-037) may cause the InstallShield or InstallShield for AdminStudio application to crash...
- http://www.flexerasoftware.com/landing/Microsoft-Security-Update-IS-AR-KB2962872.html
___

MS patches crash Dell Data Protection-Encryption and CMGShield
Black Tuesday patches cause blue screens of death on DDP-E encrypted machines, black recovery screens for CMGShield
- http://www.infoworld.com/t/microsoft-windows/microsoft-patches-crash-dell-data-protection-encryption-and-cmgshield-246108
July 14, 2014 - "... a group of patches in this month's Black Tuesday crop causes BSODs on PCs encrypted with Dell Data Protection-Encryption or forces CMGShield-protected PCs into a lockup, with a black recovery screen. Although Dell posted information identifying the problem late Thursday in Quick Tip 653764*, there's still no word on precisely which Black Tuesday patches trigger the anti-tampering lockout. There's a fix, but it's complex..."
* http://www.dell.com/support/troubleshooting/us/en/04/KCS/KcsArticles/ArticleView?c=&l=&s=&docid=653764
2014-07-10
___

MS14-037: Customers who use PTC Windchill 10.x solutions have
>    reported instability and crashes after the installation of this
>    security update.
- http://communities.ptc.com/message/250228#250228
Jul 22, 2014
___

July 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/p/july2-2014-security-bulletin-q-a.aspx

 Sad  Exclamation
« Last Edit: July 24, 2014, 01:52:25 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: July 25, 2014, 01:33:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8269



FYI...

Issue when launching Office apps after applying July 2014 update for Office 365 ProPlus
- http://blogs.technet.com/b/odsupport/archive/2014/07/23/issue-when-launching-office-apps-after-applying-july-2014-update-for-office-365-proplus.aspx
23 Jul 2014 - "Shortly after the release of the July Public Update, we received notification of a potential issue affecting a subset of Office 365 ProPlus users. In some cases, users running Office may not be able to launch Office products after the July 2014 updates are installed.
We have since corrected the issue and will be releasing an updated build 15.0.4631.1004 scheduled to go live by Thursday July 24th. Once the update is available, you can click on “Update Now” from the backstage to get the latest fix.
If you still have issues, then please reboot your computer and try “Update Now.” If you still have issues launching Office applications, as a last resort, please run the Fix It located at [ http://support.microsoft.com/kb/2739501 ] to uninstall and reinstall the latest bits.
Note: This issue doesn’t affect Volume License customers."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #3 on: July 26, 2014, 04:31:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8269



FYI...

MS Silverlight 5 - July 2014 update
- http://support.microsoft.com/kb/2977218
Last Review: July 23, 2014 - Rev: 1.0 - "... This update offers a new build (version 5.1.30514.0) that is an upgrade to earlier versions of Silverlight. This update is included in current Silverlight installers... fixed by this update:
A Silverlight application that uses tab-switched controls exhibits a memory leak when you switch between tabs or pages in the application..."
Applies to:
    Microsoft Silverlight 5
    Microsoft Silverlight for Macintosh
    Microsoft Silverlight for Windows
___

Glitches - July Windows/Office updates
- http://windowssecrets.com/patch-watch/a-few-glitches-with-july-windowsoffice-updates/
July 24, 2014
> MS14-037 (2962872)
> MS14-039 (2975685)

 Exclamation
« Last Edit: July 26, 2014, 13:16:14 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.218 seconds with 20 queries.