Patch Tuesday: August, 2014: Big Month with 9 Patches

This August Patch Tuesday Bulletin is a pretty big one with nine patches, two of which are critical.  Do not be tempted to skip the patches rated important this month since they fix elevation of privilege or security feature bypass vulnerabilities.  Advanced attackers have been known to make use of these vulnerabilities to bypass security features and unlock previously unusable exploits.  Elevation of privilege vulnerabilities can be just as nasty allowing attackers to gain additional rights.  Try to apply MS14-051 and MS14-043 first thing this month.  These are both remote code execution patches that are applicable to most organizations.  Organizations should then analyze the remaining Important level patches to see what makes the most since to them.  MS14-048, MS14-045, MS14-049, MS14-046, and MS14-047 affect most end users who would also be viable targets.  MS14-044 and MS14-050 require user intervention and attack typical internal server resources.

Unwanted and unknown applications can introduce malware, decrease PC performance, consume disk space, reduce network bandwidth and ultimately reduce IT and user productivity. With the free Application Scanner Tool from Lumension you can:

  • Discover all applications and executables in your endpoint environment
  • Validate the integrity of applications and files against known vendor provenance; and
  • Identify and report on systems at risk with the most unknown executables and the most prevalent applications and unknown executables in your organization

Click here to download it now »

Visit the Lumension Patch Tuesday Center


BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS14-049

2962490
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
May require restartUpdate at the earliest convenience
MS14-051

2976627
Arbitrary code
Privilege elevation

/ Internet Explorer
Workstations
Terminal Servers
No/YesNoCritical Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Restart required; Multiple vulnerabilitiesUpdate immediately
MS14-048

2977201
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
No/NoYesImportant OneNote 2007
May require restartUpdate at the earliest convenience
MS14-050

2977202
Privilege elevation

/ Sharepoint Server
Sharepoint Servers
No/NoYesImportant SharePoint Server 2013
May require restartUpdate at the earliest convenience
MS14-047

2978668
Security feature bypass

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Requires restartUpdate at the earliest convenience
MS14-043

2978742
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
No/NoYesCritical Windows 7
Windows 8
Windows 8.1
May require restartUpdate immediately
MS14-044

2984340
Privilege elevation
Denial of service

/ Microsoft SQL Server
SQL Servers
No/NoYesImportant SQL Server 2008
SQL Server 2008 R2
SQL Server 2012
SQL Server 2014
May require restart; Multiple vulnerabilitiesUpdate at the earliest convenience
MS14-045

2984615
Privilege elevation
Information disclosure

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Restart required; Multiple vulnerabilitiesUpdate at the earliest convenience
MS14-046

2984625
Security feature bypass

/ .NET Framework
Workstations
Terminal Servers
No/NoYesImportant .NET Framework 2.0 SP2
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 3.0 SP2
May require restartUpdate at the earliest convenience
Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.