Patch Analysis for September 2014
This September Patch Tuesday Bulletin delivers only four patches. The usual Internet Explorer cumulative update should be tackled first this month. Thirty seven vulnerabilities are fixed with this patch including an arbitrary code execution vulnerability. This vulnerability is being attacked in the wild so it is important that this patch is put on an accelerated timeline. The three patches rated Important should be applied at the earliest convenience but the order will depend on the organizations specific needs. Organizations that rely on IIS should look at applying MS14-053 since this patch remediates a denial of service vulnerability with .NET websites. Organizations that rely heavily on Lync should look at MS14-055 to fix a denial of service vulnerability with Lync servers. MS14-054 really applies to every organization since it fixes an elevation of privilege vulnerability for authenticated attackers on a system.
Unwanted and unknown applications can introduce malware, decrease PC performance, consume disk space, reduce network bandwidth and ultimately reduce IT and user productivity. With the free Application Scanner Tool from Lumension you can:
- Discover all applications and executables in your endpoint environment
- Validate the integrity of applications and files against known vendor provenance; and
- Identify and report on systems at risk with the most unknown executables and the most prevalent applications and unknown executables in your organization
Click here to download it now »
|System Types Affected||Exploit|
/ Being exploited?
|MS severity rating||Products Affected||Notes||Randy's recommendation|
|Arbitrary code |
/ Internet Explorer
|No/Yes||Yes||Critical ||Internet Explorer 6 |
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
|Requires restart||Update immediately|
|Privilege elevation |
/ Microsoft Windows
|No/No||Yes||Important ||Windows 8 |
Server 2012 R2
Windows RT 8.1
|Requires restart||Update after testing|
|Denial of service |
|Servers ||No/No||No||Important ||Lync 2010 |
|Does not require restart||Update after testing|
|Denial of service |
/ .NET Framework
|IIS Servers ||No/No||Yes||Important ||.NET Framework 1.1 SP1 |
.NET Framework 2.0 SP2
.NET Framework 3.5
.NET Framework 3.5.1
.NET Framework 4
.NET Framework 4.5
.NET Framework 4.5.1
.NET Framework 3.0 SP2
.NET Framework 4.5.2
|May require restart||Update after testing|
Receive Randy's same-day, independent analysis each Patch Tuesday
We will not share your address. Unsubscribe anytime.
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.