Microsoft Security Bulletins For December 2014

[Petrovic]

Content source

http://www.ghacks.net/2014/12/09/microsoft-security-bulletins-for-december-2014/

This article offers detailed information about all security and non-security patches that Microsoft released in December 2014.

The company changed the way the information are provided last month. While it releases information about each bulletin just like before, it stopped the release of videos that go over each month's security bulletins.

In addition, it stopped creating sheets detailing the deployment priority of bulletins. The sheets have been replaced with a simple priority listing.

The guide starts with the executive summary below which reveals the most important information. You find the operating system distribution, list of bulletins, deployment information, download guides and related information below afterwards.

Executive Summary

1. Microsoft released seven bulletins this month that address a total of 24 unique vulnerabilities.
2. Three of the bulletins have received a maximum severity rating of critical, the highest rating.
3. Affected programs include Microsoft Windows, Microsoft Office and Microsoft Exchange.

Operating System Distribution

Below is the list of all operating systems that Microsoft supports with patches and the severity of the patches they have received on this Patch Day.

Vista and Windows 7 are affected with two critical and one important bulletin while all remaining desktop operating systems are affected by one critical and 1 important vulnerability only.

Windows Server 2003, 2008 and 2008 R2 are affected by one important and two moderate bulletins this time while Server 2012 and 2012 R2 only by one important and one moderate bulletin.

• Windows Vista: 2 critical, 1 important
• Windows 7: 2 critical, 1 important
• Windows 8: 1 critical, 1 important
• Windows 8.1: 1 critical, 1 important
• Windows RT: 1 critical, 1 important
• Windows RT 8.1: 1 critical, 1 important
• Windows Server 2003: 1 important, 2 moderate
• Windows Server 2008: 1 important, 2 moderate
• Windows Server 2008 R2: 1 important, 2 moderate
• Windows Server 2012: 1 important, 1 moderate
• Windows Server 2012 R2: 1 important, 1 moderate
• Server Core installation: 1 important

Other Microsoft Product Distribution

Security updates have been released for other Microsoft products as well. Consult the listing below to find out more about their impact.

• Microsoft Exchange Server 2007: 1 important
• Microsoft Exchange Server 2010: 1 important
• Microsoft Office 2007: 1 critical, 2 important
• Microsoft Office 2010: 1 critical, 2 important
• Microsoft Office 2013 and Office 2013 RT: 1 critical, 2 important
• Office for Mac: 1 critical
• Other Office software: 1 important
• Microsoft SharePoint Server 2010 and 2013: 1 important
• Office Web Apps 2010 and 2013: 1 important

Deployment Guide

Not released yet.

Security Bulletins

• MS14-075 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) - Important - Elevation of Privilege
• MS14-080 - Cumulative Security Update for Internet Explorer (3008923) - Critical - Remote Code Execution
• MS14-081 - Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301) -Critical - Remote Code Execution
• MS14-082 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349) - Important - Remote Code Execution
• MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347) - Important - Remote Code Execution
• MS14-084 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711) - Critical - Remote Code Execution
• MS14-085 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Important - Information Disclosure

Security Advisories

• Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)

Other security related updates

• Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3018943) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer
• MS14-068: Security Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3011780) - Vulnerability in Kerberos could allow elevation of privilege
• MS14-066: Security Update for Windows Server 2012 and Windows Server 2008 R2 (KB2992611) - Vulnerability in SChannel could allow remote code execution

Non-security related updates

• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2989930)
• Update for Windows 8.1 and Windows RT 8.1 (KB2994290)
• Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3004394)
• Update for Windows 7 and Windows Server 2008 R2 (KB3006121)
• Update for Windows 7 and Windows Server 2008 R2 (KB3006625)
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3008242) - The system does not enter Connected Standby after you install update 2996799 in Windows 8.1
• Update for Windows 7 and Windows Server 2008 R2 (KB3009736)
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3012199)
• Language Packs for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3012997)
• Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3013410)
• Update for Windows 8, Windows RT, and Windows Server 2012 (KB3013767)
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3013769)
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3013816)
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3014140)
• Update for Windows 7, and Windows Server 2008 R2 (KB3014406)
• Update for Windows 7 (KB3015428)
• Windows Malicious Software Removal Tool - December 2014 (KB890830)/Windows Malicious Software Removal Tool - December 2014 (KB890830) - Internet Explorer Version
• Update for Windows 7 (KB3004469) - You cannot install or download Windows 7 SP1
• Update for Windows 8, Windows RT, and Windows Server 2012 (KB3000853) - November 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012
• Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
• Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3000850) - November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

 

[Deleted member 21043]

Microsoft own the Windows Operating System. If they wanted too, they could very easily make a Anti virus and Anti spyware product which had a better Behaviour Blocker and HIPS than the others. But they choose not too.

In fact, if necessary, they could even make new functions into the Windows kernel which were left undocumented and unavailable to be used by others which allowed them to do a lot more than what other products do...

Spoiler

They could also make the best self defence, too.

 

[Secondmineboy]

I can totally agree with that. But there will be a function to only allow files from trusted sources signed by Microsoft and apps from the
Windows Store. A bit like Gatekeeper on the Mac OS X system, but sadly its disabled by default on a Mac and noone turns so they get Malware on their Macs.

 

[Deleted member 21043]

I can totally agree with that. But there will be a function to only allow files from trusted sources signed by Microsoft and apps from the
Windows Store. A bit like Gatekeeper on the Mac OS X system, but sadly its disabled by default on a Mac and noone turns so they get Malware on their Macs.

I know they are somewhat partnered with the other Security vendors, or so I have seen on they're website somewhere... But why? Sure, it could make them money, but would you not rather know your users are always secure considering they are earning enough money anyway (let's just brainstorm how much money they make on a daily basis) than collect money than other AV vendors? I would, especially considering they already have plenty of money from Windows altogether... or even a standalone product of theirs. Microsoft Office must generate millions, billions, even.

For example, they could make the best encryption and have Windows deny access no matter what whilst the system processes are running (CRITICAL processes, if they are killed then the system results in a instant BSOD anyway. You can try it by entering debug mode in a process and as critical and then killing it from memory. BSOD error will return as CRITICAL_PROCESS_DIED). Then, in the encryption they could access secret functions in the kernel and so on they have set up for they're security, which allowed them to do somewhat of the following things:

Spoiler

• Stealthily and invisibly monitor what applications do. They could set up functions to allow them to directly check when it is installing a driver, creating a service, re-rewriting the bytes, adding to start up, trying to patch other files, hooking into software like Microsoft Office or Chrome/web browser attacks, invisibly installing programs, setting hooks to hide from Task Manager/hidden processes (root kits), monitor the clipboard, directly access the monitor etc...
• Make the best Firewall - they could literally have a monitor for every single connection no matter what which was almost impossible (in the sense it is) to connect without the connection being detected.
• Stop Task Manager from being killed by another process and give Task Manager more control at forcing processes to end. For example, "Access Denied" process running under SYSTEM... Or, look at Emsisoft EAM self protection. They could improve Task Manager so much and make it so other processes can't close the protection, but Task Manager always can.
• Automatically block any programs with a faked "Microsoft" company signature, or with a fake company name from the list of verified and trusted publishers (they could have BILLIONS).
• Watch when a process is attempting to modify the Master Boot Record and block the action.
• Watch when a process is trying to hijack the system (disable things like Task Manager and other tools, suspend processes on the system (the threads, you cannot "suspend" a process, but the threads ), tamper with the system drivers, disable User Account Control, ... List can go on forever.

Or another list could be even as simple as:

• Removing System Restore Points
• "encrypting" files (Ransomware)
• Screen locking (Ransomware)
• Binded pictures (for example, you open a picture and it actually loads a MZ file in the background (.exe)
• Tamper with even things as small as System sound, power options
• Inject themselves into processes (let's say DLL and code injection, of course code injection would be harder to detect but still)

To prevent detecting safe files they could safelist all AV vendors which are detected as legit by VirusTotal and Metascan. They could also improve the Digital Signature stuff with some kind of "code analysis" detection on-execution.

Spoiler: Better spoiler waiting for you ;)

To make it even better they could hire @MrXidus for somewhat billion dollars and then they would make the best protection and have the best UI any other vendor has. That way both people who like a nice UI and good protection are happy.

 

[Secondmineboy]

They could always make it the most lightweight.

And also according to OPSWAT 22 Percent of people rely on Windows Defender/MSE, followed by Avast, Avira, AVG and then paid AVs.

Also many people have issues with blocked system functions, softwares not working correctly, etc, etc, pp.......

You could get around this with Windows build in stuff as Microsoft knows best what is OK and what dangerous

Official OPSWAT Report: https://www.opswat.com/about/media/reports/antivirus-january-2014

 

[Deleted member 21043]

@Secondmineboy Yes, I agree with you. They should just do it. It may be a lot of work, it might not. They know how everything in Windows works because they made it.

They could make the lightest AV and it doesn't necessarily mean it will need a "signatures" database. They could easily make a Behaviour Blocker far more powerful than beyond the power of any other Antivirus.

Honestly, they need to step everything up with the Security because no other company knows better than themselves with how they're own Operating System works.

 

[Raul90]

Anyone having any issues with the new updates...? I am reluctant to apply just yet....might bork my system again so am waiting and observing first

 

[jamescv7]

Anyone having any issues with the new updates...? I am reluctant to apply just yet....might bork my system again so am waiting and observing first

No issues overall but not as smoothly to be updated cause yesterday morning, I've experience errors on download and install.

No any BSOD after the updates.

 

[Ali80]

For now there are no problems. Everything looks fine. Update has passed successfully

 

[frogboy]

Everything seems to be running OK on both my PC's so far as i know.

 

[Ali80]

Microsoft own the Windows Operating System. If they wanted too, they could very easily make a Anti virus and Anti spyware product which had a better Behaviour Blocker and HIPS than the others. But they choose not too.

In fact, if necessary, they could even make new functions into the Windows kernel which were left undocumented and unavailable to be used by others which allowed them to do a lot more than what other products do...

That's why i love Microsoft Operating System. Just imagine that you have only one AV on the market - built in from Microsoft. It would be so boring and this forum might not have existed. I just kidding. You've come to a very good conclusion @kram7750

 

[marg]

It looks like all the updates are for things I never use. I have Win7 & not windows server. I am not going to update to win8 either.