Patch Tuesday December 2014

Patch Tuesday December 2014


 

Last Microsoft Patch Tuesday of this year brings Seven security bulletins covering a total of 24 vulnerabilities. Now the total count for this year reached to 85. The high priority fix is for Internet Explorer, Microsoft Word and Microsoft Office Web Apps, VBScript Scripting Engine. Internet Explorer alone addresses 14 out of 24 vulnerabilities.

This month Three bulletins are rated as Critical addressing 17 vulnerabilities and four are rated as Important.

Critical security updates addresses security issues in Internet Explorer 6 to Internet Explorer 11, Microsoft Word and Microsoft Office Web Apps and VBScript Scripting Engine. All of them potentially allow Remote Code Execution and even though Microsoft Office, Microsoft Excel are marked as Important it allows Remote Code Execution. Overall Five out of 7 bulletins allow Remote Code Execution.

Four important security updates address issues in Microsoft Exchange Server, Microsoft Office, Microsoft Excel and Microsoft Graphics Component

The Microsoft Exchange Sever patch was supposed to be released last month, but was held back due to some breaking issue in the Installer package. Microsoft also re-released two bulletins today MS14-065 (Internet Explorer) and MS14-066 (Schannel).

 

Microsoft security bulletin summary for December 2014 in order of severity.

MS14-075: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)
Severity Rating: Important
Affected Software: Microsoft Exchange Server
Impact: Elevation of Privilege

MS14-080: Cumulative Security Update for Internet Explorer (3008923)
Severity Rating: Critical
Affected Software: Internet Explorer
Impact: Remote Code Execution

MS14-081: Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
Severity Rating: Critical
Affected Software: Microsoft Word and Microsoft Office Web Apps
Impact: Remote Code Execution

MS14-082: Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)
Severity Rating: Important
Affected Software: Microsoft Office
Impact: Remote Code Execution

MS14-083: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)
Severity Rating: Important
Affected Software: Microsoft Excel
Impact: Remote Code Execution

MS14-084: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
Severity Rating: Critical
Affected Software: VBScript Scripting Engine
Impact: Remote Code Execution

MS14-085: Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
Severity Rating: Important
Affected Software: Microsoft Graphics Component
Impact: Information Disclosure

 

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

– Veerendra GG

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>