Making December's Patch Tuesday Releases Meaningful

The very last Patch Tuesday of the year. Will 2014 go out as a lion or a lamb? If the past year is any indication, it could be a dragon.

Rod Trent

December 9, 2014

2 Min Read
Making December's Patch Tuesday Releases Meaningful

It is the very last Patch Tuesday of 2014 and what a year it has been. Microsoft has had 11 tries and has yet to have a completely flawless patching month. Could this be the month Microsoft finally gets it right? Could December's Patch Tuesday produce a Christmas miracle, or just a Festivus for the rest of us when we can air our patching grievances? Time will tell, and I'll be keeping my ear to the ground to let you know of any reported problems, but at least you need to know what's included in today's stack of updates.

Here's what you can expect.

Exchange Server

MS14-075 – This is the bulletin set to release last month, but shelved due to an installation problem. It is a fix for Microsoft Exchange server that can allow attackers to send email that appears from other users. Rating: Important

Internet Explorer

MS14-080 – Internet Explorer is no stranger to Patch Tuesday. This month's edition resolves over 14 privately reported vulnerabilities including Remote Code Execution and an ASLR bypass. Rating: Critical

Microsoft Office

MS14-081 – Microsoft Word and Office Web Apps are vulnerable to Remote Code Execution in the context of the currently logged on user. Of course removing Administrator rights from normal users will fix it, but Microsoft is providing a patch anyway. Rating: Critical

MS14-082 – This is another update for Microsoft Word and also covers remote code execution. Rating: Important

MS14-083 – Excel gets a highlight this time, and it too is vulnerable to remote code execution if run by a normal user that has been given administrative credentials. Rating: Important

VBScript

MS14-084 – Here, Microsoft is seeking to fix a remote code execution flaw in the VBScript Engine. Most IT folks are using PowerShell these days for new scripting projects, but there's a fair amount of VBScript code still out there. This is a client-application vulnerability, so once again, taking away administrative rights would solve the problem. Rating: Critical

Windows JPEG Images

MS14-085 – JPEG images as attack vectors? Apparently so. This vulnerability attacks through Windows JPEG processing and can steal data. Raiting: Important

Re-releases

MS14-065 Cumulative Security Update for Internet Explorer

MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution

Revisions

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)

Miscellaneous

December 2014 update for Windows Root Certificate Program in Windows

Discover problems with any of this month's security updates? Let me know and I'll spread the word.

 

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like