Patch Tuesday: September, 2014: Quite Month for Microsoft

This September Patch Tuesday Bulletin delivers only four patches.  The usual Internet Explorer cumulative update should be tackled first this month.  Thirty seven vulnerabilities are fixed with this patch including an arbitrary code execution vulnerability.  This vulnerability is being attacked in the wild so it is important that this patch is put on an accelerated timeline.  The three patches rated Important should be applied at the earliest convenience but the order will depend on the organizations specific needs.  Organizations that rely on IIS should look at applying MS14-053 since this patch remediates a denial of service vulnerability with .NET websites.  Organizations that rely heavily on Lync should look at MS14-055 to fix a denial of service vulnerability with Lync servers.   MS14-054 really applies to every organization since it fixes an elevation of privilege vulnerability for authenticated attackers on a system.

Unwanted and unknown applications can introduce malware, decrease PC performance, consume disk space, reduce network bandwidth and ultimately reduce IT and user productivity. With the free Application Scanner Tool from Lumension you can:

  • Discover all applications and executables in your endpoint environment
  • Validate the integrity of applications and files against known vendor provenance; and
  • Identify and report on systems at risk with the most unknown executables and the most prevalent applications and unknown executables in your organization

Click here to download it now »

Visit the Lumension Patch Tuesday Center


BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS14-052

2977629
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/YesYesCritical Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Requires restartUpdate immediately
MS14-054

2988948
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesImportant Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
Requires restartUpdate after testing
MS14-055

2990928
Denial of service

/ Lync
Servers
No/NoNoImportant Lync 2010
Lync 2013
Does not require restartUpdate after testing
MS14-053

2990931
Denial of service

/ .NET Framework
IIS Servers
No/NoYesImportant .NET Framework 1.1 SP1
.NET Framework 2.0 SP2
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 4
.NET Framework 4.5
.NET Framework 4.5.1
.NET Framework 3.0 SP2
.NET Framework 4.5.2
May require restartUpdate after testing
Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.