Monthly Security Bulletin Briefing - Microsoft · Bulletin Briefing CSS Security Worldwide Programs August 2014 ... • Windows Server 2008 • Windows 7 • Windows Server 2008 R2

1

Monthly Security

Bulletin Briefing

CSS Security Worldwide Programs

August 2014

• Teresa GhiorzoeSecurity Program Manager- GBS LATAM

• Daniel Mauser

Senior Technical Lead - LATAM CTS

Blog de Segurança: http://blogs.technet.com/b/risco/

Twitter: LATAMSRC

Email: [email protected]

CSS Security Worldwide ProgramsSlide 2

Security Bulletin Release OverviewAugust 2014

Other content

• Product Support Lifecycle Info

Appendix

• Public Webcast Details

• Manageability Tools Reference

• Related Resources

Critical Important

2 7

New

Security

Bulletins9

Rereleased

Security

Bulletins1

Rereleased

Security

Advisories1


Security Bulletin Release OverviewAugust 2014

Bulletin Impact Component Severity PriorityExploit

Index

Publicly

Known

Publicly

Exploited

MS14-043

Remote

Code

Execution

Media Center Critical 1 2 No No

MS14-044Elevation of

PrivilegeSQL Important 3 2 No No


PrivilegeKMD Important 2 2 No No

MS14-046Security

Bypass.Net Important 2 2 No No

MS14-047Security

BypassRPC Important 2 3 No No

MS14-048

Remote

Code

Execution

OneNote Important 1 2 No No


Privilege

Windows

InstallerImportant 3 2 No No


PrivilegeSharePoint Important 3 2 No No

MS14-051

Remote

Code

Execution

IE Critical 1 0 Yes Yes

Exploitability Index: 0 – Exploit Detected | 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected


Affected Software:• Windows Vista

• Windows 7

• Windows 8, Windows 8.1

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 None None

Restart Requirement

• A restart may be

required

Uninstall Support

• Use the Add or Remove

Programs Control Panel

applet.

Detection and Deployment

WU MU MBSA WSUS ITMU SCCMOnly Windows Media Center TV Pack for Windows Vista is

affected. This was on OEM only version of Windows VIstaYes Yes Yes Yes Yes Yes

Vulnerability in Windows Media Center Could Allow Remote

Code Execution (2978742)MS14-043


Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected

DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable

Slide 5

Vulnerability in Windows Media Center Could Allow Remote

Code Execution (2978742)MS14-043

Vulnerability Details:

• A remote code execution vulnerability exists in Windows Media Center, which could be exploited by convincing a user to

open a specially crafted Microsoft Office file that invokes a COM object (CSyncBasePlayer).

CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory

CVE-2014-4060 Critical Remote Code Execution 2 2 * No No None

Attack Vectors

• Email: an attacker could exploit the

vulnerability by sending a specially

crafted Office file to the user and by

convincing the user to open the file.

• Attacker places specially crafted Office

file on a remote share and convinces

user to open the file from that location.

Mitigations

Microsoft has not identified any

mitigating factors for this vulnerability.

Workarounds


workarounds for this vulnerability.




Vulnerabilities in SQL Server Could Allow Elevation of

Privilege (2984340)MS14-044

Affected Software• SQL Server 2008

• SQL Server 2008 R2

• SQL Server 2012

• SQL Server 2014 x64

Severity | Important

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 MS12-070 or

None

Minor versioning

issues see

KB2977326

Restart Requirement

• A server restart may be

required. SQL instance

will need to be restarted.

Uninstall Support

• Use Add or Remove

Programs in Control PanelDetection and Deployment

WU MU MBSA WSUS ITMU SCCMMaster Data Services (MDS) is the SQL Server solution for

master data management. Master data management

(MDM) describes the efforts made by an organization to

discover and define non-transactional lists of data, with

the goal of compiling maintainable master lists. No Yes Yes Yes Yes Yes


Vulnerabilities in SQL Server Could Allow Elevation of

Privilege (2984340)MS14-044

Vulnerability Details

• An XSS vulnerability exists in SQL Master Data Services (MDS) that could allow an attacker to inject a client-side script into the

user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take

on the site on behalf of the targeted user.

• A denial of service vulnerability exists in SQL Server. An attacker who successfully exploited this vulnerability could cause the server

to stop responding until a manual reboot is initiated


CVE-2014-1820 Important Elevation of Privilege 2 NA * No No None

CVE-2014-4061 Important Denial of Service 3 3 P No No None

Attack Vector

• CVE-2014-1820: Attacker hosts a

malicious website utilizing the

vulnerability, then convinces users to

visit the site.

• Attacker takes advantage of

compromised websites and/or sites

hosting ads from other providers.

• CVE-2014-4061: Attacker sends

specially crafted T-SQL statement to

SQL server

Mitigations

• CVE-2014-1820: Attacker would have to

convince users to take action, typically by

getting them to click a link in an email

message or in an Instant Messenger

message that takes users to the attacker's

website, or by getting them to open an

attachment sent through email. No way

for attacker to force user to view malicious

content.

• CVE-2014-1820: XSS filter prevents attack

from sites in Internet Zone

• CVE-2014-4061: no mitigations

Workarounds

• CVE-2014-1820: Enable XSS filter in

Intranet zone as well (default is

Internet zone only)

• CVE-2014-4061 no workarounds



Affected Software

• Windows Server 2003

• Windows Vista


• Windows 7

• Windows Server 2008 R2

• Windows 8 and 8.1

• Windows Server 2012 and 2012 R2

• Windows RT and RT 8.1


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2MS14-015

MS13-081

MS14-039

MS13-046

MS14-036

Yes – see below

and appendix

Restart Requirement

• Restart required

Uninstall Support

• Use Add or Remove Programs

in Control Panel


WU MU MBSA WSUS ITMU SCCM Fonts installed to a location other than default directory

cannot be modified when they ae loaded into any active

session. See KBKB2982791 for details.Yes Yes Yes Yes Yes Yes


Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation

of Privilege (2984615)MS14-045

Note: Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation

of Privilege (2984615)



• An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles window handle thread-

owned objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could

then install programs; view, change, or delete data; or create new accounts with full administrative rights.

• An elevation of privilege vulnerability exists in the way that the affected component handles objects from specially crafted font

files. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

• An information disclosure vulnerability exists in the way Windows kernel memory is managed. An attacker who successfully

exploited this vulnerability could use it to disclose memory addresses or other sensitive kernel information.


CVE-2014-0318 Important Elevation of Privilege 3 3 P No No None

CVE-2014-1819 Important Elevation of Privilege 2 2 P No No None

CVE-2014-4064 Important Information Disclosure 3 3 * No No None

Attack VectorsAn attacker would first have to log on to

the system. An attacker could then run a

specially crafted application that could

exploit the vulnerability and take complete

control over the affected system.

Mitigations

An attacker must have valid logon

credentials and be able to log on locally to

exploit this vulnerability.

Workarounds


workarounds for these vulnerabilities.



Slide 9

MS14-045

Affected Software

• Microsoft .NET Framework 2.0 SP2

• Microsoft .NET Framework 3.0 SP2

• Microsoft .NET Framework 3.5

• Microsoft .NET Framework 3.5.1

On all supported editions of:

• Windows Vista


• Windows 7





Deployment

PriorityUpdate Replacement

More Information

and / or

Known Issues

2 See BulletinNone

Restart Requirement

• A restart may be required

Uninstall Support

• Use Add or Remove Programs in

Control Panel

.NET Framework 1.1 is also vulnerable but it is infeasible to build a fix

since Windows Server 2003 does not support ASLR architecture needed

to address the issue.

WU MU MBSA WSUS ITMU SCCM

Yes Yes Yes Yes Yes Yes


Vulnerability in .NET Framework Could Allow Security Feature

Bypass (2984625) MS14-046

Vulnerability in Microsoft XML Core Services Could Allow

Information Disclo



• A security feature bypass vulnerability exists in the Microsoft .NET Framework that could allow an attacker to bypass the Address

Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities.


CVE-2014-4062 Important Security Feature Bypass NA 2 * No No No

Attack Vectors• Attacker hosts a malicious website

utilizing the vulnerability, then convinces

users to visit the site.




Mitigations

EMET 4.1 and 5.0 are effective against

these attacks

Workarounds

Install the Force ASLR feature hotfix and

enable the IFEO registry entry. See

KB2639308.



Slide 11

MS14-046 Vulnerability in .NET Framework Could Allow Security Feature

Bypass (2984625)

Affected Software

• Windows 7






Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS13-062 None

Restart Requirement

• A restart is required

Uninstall Support


in Control Panel


WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced

with Windows Update, Microsoft Update, and the

Windows StoreYes Yes Yes Yes Yes Yes


Vulnerability in LRPC Could Allow Security Feature Bypass

(2978668) MS14-047



• A security feature bypass vulnerability exists in Microsoft Remote Procedure Call (LRPC). The problem is that an LRPC server may

leak the message it receives from the client if the message is of a specific type and has a data view attached (which is not expected

for messages of the type). RPC considers this an error and returns, but does not free the message. This allows the client to fill up

the address space of the server with such messages.


CVE-2014-0316 Important Security Feature Bypass 3 3 P No No No

Attack VectorsAn attacker could tie this security feature

bypass vulnerability to an additional

vulnerability, usually a remote code

execution vulnerability.

Mitigations

Microsoft has not identified any mitigating

factors for this vulnerability.

Workarounds





Slide 13

MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass

(2978668)

Affected Software• Microsoft OneNote 2007


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 MS08-055 None

Restart Requirement


Uninstall Support


in Control Panel


WU MU MBSA WSUS ITMU SCCM

OneNote 2010 and 2013 are not affected

No Yes Yes Yes Yes Yes


Vulnerability in OneNote Could Allow Remote Code

Execution (2977201)MS14-048



• A remote code execution vulnerability exists in the way that Microsoft OneNote parses specially crafted files. An attacker who

successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on

with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install

programs; view, change, or delete data; or create new accounts with full user rights.


CVE-2014-2815 Important Remote Code Execution NA 2 * No No No

Attack Vectors• Email: an attacker could exploit the

vulnerability by sending a specially

crafted file to the user and by

convincing the user to open the file in

an affected version of Microsoft

OneNote.

• Web: Attacker hosts a malicious

website utilizing the vulnerability, then

convinces users to visit the site.




Mitigations• Attacker would have to convince users

to take action, typically by getting them

to click a link in an email message or in

an Instant Messenger message that

takes users to the attacker's website, or

by getting them to open an attachment

sent through email. No way for attacker

to force user to view malicious content.

• The vulnerability cannot be exploited

automatically through email

• Exploitation only gains the same user

rights as the logged-on account.

Workarounds

• Do not open OneNote files that you

receive from untrusted sources or that

you receive unexpectedly from trusted

sources.



Slide 15

MS14-048 Vulnerability in OneNote Could Allow Remote Code

Execution (2977201)

Affected Software• Windows Server 2003

• Windows Vista


• Windows 7






Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 MS10-100 None

Restart Requirement


Uninstall Support


in Control Panel


WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced

with Windows Update, Microsoft Update, and the

Windows StoreYes Yes Yes Yes Yes Yes


Vulnerability in Windows Installer Service Could Allow

Elevation of Privilege (2962490)MS14-049



• An elevation of privilege vulnerability exists when the Windows Installer service improperly handles the repair of a previously

installed application. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker

could then install programs; view, change, or delete data; or create new accounts with full administrative rights.


CVE-2014-1814 Important Elevation of Privilege 2 2 * No No No

Attack VectorsAttacker runs a specially crafted

application that could exploit the

vulnerability and take complete control

over the affected system.

Mitigations

An attacker must have valid logon

credentials and be able to log on locally to

exploit this vulnerability.

Workarounds





Slide 17

MS14-049 Vulnerability in Windows Installer Service Could Allow

Elevation of Privilege (2962490)


Affected Software• Microsoft SharePoint Server 2013

• Microsoft SharePoint Foundation 2013


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 MS14-022Yes – see below

and appendix

Uninstall SupportThis security update cannot

be uninstalled.

Restart Requirement• A restart may be required


WU MU MBSA WSUS ITMU SCCM Some Apps for SharePoint may need to be

modified. See KB2880994 for details. Developers

of affected apps have been notified.No Yes Yes Yes Yes Yes

Vulnerability in Microsoft SharePoint Server Could Allow

Elevation of Privilege (2977202) MS14-050




Slide 19


• An elevation of privilege vulnerability exists in SharePoint Server. An attacker could convince an authenticated user to install an

App for SharePoint that leverages the vulnerability. When the App for SharePoint is run arbitrary code in the security context of the

logged-on user could be executed.


CVE-2014-2816 Important Elevation of Privilege 2 NA * No No None

Attack VectorsAn attacker could create a specially crafted

app designed to exploit this vulnerability, and

then convince users to install the specially

crafted app.

MitigationsMicrosoft has not identified any mitigating

factors for this vulnerability..

WorkaroundsEvaluate apps and remove apps that

originated from untrusted sources.

Vulnerability in Microsoft SharePoint Server Could Allow

Elevation of Privilege (2977202) MS14-050


Affected Software• Internet Explorer 6 on Windows Server 2003

• Internet Explorer 7 on Windows Server 2003, Windows

Vista, and Windows Server 2008.

• Internet Explorer 8 on Windows Server 2003, Windows

Vista, Windows Server 2008, Windows 7, and Windows

Server 2008 R2.

• Internet Explorer 9 on Windows Vista, Windows Server

2008, Windows 7, and Windows Server 2008 R2.

• Internet Explorer 10 on Windows 7, Windows Server 2008

R2, Windows 8, Windows Server 2012, and Windows RT.

• Internet Explorer 11 on Windows 7, Windows Server 2008

R2, Windows 8.1, Windows Server 2012 R2, and Windows

RT 8.1.

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 MS14-037Yes – see below

and appendix

Uninstall Support• Use the Add or Remove

Programs Control Panel

applet

Restart Requirement• A restart is required


WU MU MBSA WSUS ITMU SCCMNew feature: out-of-date ActiveX control blocking

See KB2991000 and IE blog post for details

http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-

explorer-begins-blocking-out-of-date-activex-

controls.aspx

Yes Yes Yes Yes Yes Yes

Cumulative Security Update for Internet Explorer (2976627)MS14-051

Note: Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.

http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx



• Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities

could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

• Multiple elevation of privilege vulnerabilities exist in Internet Explorer. An attacker who successfully exploited these vulnerabilities

could elevate privileges in affected versions of Internet Explorer


Multiple Critical Remote Code Execution 1 1 * No No No

CVE-2014-2817 Important Elevation of Privilege 0 0 * No Yes No

CVE-2014-2819 Important Elevation of Privilege 1 1 * Yes No No

Attack Vectors• Attacker hosts a malicious website

utilizing the vulnerability, then

convinces users to visit the site.




Mitigations• Attacker would have to convince users to take

action, typically by getting them to click a link in

an email message or in an Instant Messenger

message that takes users to the attacker's website,

or by getting them to open an attachment sent

through email. No way for attacker to force user to

view malicious content.

• Exploitation only gains the same user rights as the

logged-on account.

• By default, all Microsoft email clients open HTML

email messages in the Restricted Sites zone.

• By default, Internet Explorer runs in Enhanced

Security Configuration mode for all Windows

Servers.

Workarounds

• Set Internet and Local intranet security zone

settings to "High" to block ActiveX Controls and

Active Scripting in these zones.

• Configure Internet Explorer to prompt before

running Active Scripting or to disable Active

Scripting in the Internet and Local intranet

security zone.

• Add sites that you trust to the Internet Explorer

Trusted sites zone.

• CVE-2014-2817 and 2819 - Microsoft has not

identified any workarounds for these

vulnerabilities.

Slide 21

MS14-051 Cumulative Security Update for Internet Explorer (2976627)

Exploitability Index (XI): 0 – Exploit Detected | 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected



MS14-036 Vulnerabilities in Microsoft Graphics Component

Could Allow Remote Code Execution (2967487)

Rereleased

Security Bulletin

What Has Changed?

Microsoft rereleased this bulletin to announce the offering of update 2881071 on Microsoft

Office 2010 Service Pack 1 and Microsoft Office 2010 Service Pack 2. Update 2881071 replaces

update 2767915, and addresses an issue in update 2767915 that caused the update to fail or

only partially install on some specific editions of Microsoft Office 2010. Customers who already

installed the original update will be offered the 2881071 update and are encouraged to apply

it at the earliest opportunity.

Executive Summary

This security update resolves two privately reported vulnerabilities in Microsoft Windows,

Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a

user opens a specially crafted file or webpage. Users whose accounts are configured to have

fewer user rights on the system could be less impacted than users who operate with

administrative user rights.

Recommendations

Customers who already installed the original update will be offered the 2881071 update and

are encouraged to apply it at the earliest opportunity. Most customers have automatic

updating enabled and will not need to take any action because this security update will be

downloaded and installed automatically. Customers who have not enabled automatic

updating need to check for updates and install this update manually. For information about

specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

More Information https://technet.microsoft.com/en-us/library/security/ms14-036.aspx

https://support.microsoft.com/kb/294871


(2755801) Update for Vulnerabilities in Adobe Flash Player in

Internet Explorer

Rereleased

Security

Advisory

What Has Changed?

Microsoft updated this advisory to announce the availability of a new update for Adobe Flash

Player. On August 12, 2014, Microsoft released an update (2982794) for Internet Explorer 10

on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on

Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the

vulnerabilities described in Adobe Security bulletin APSB14-18. For more information about

this update, including download links, see Microsoft Knowledge Base Article 2982794.

Executive Summary

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet

Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT,

Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the

vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained

within Internet Explorer 10 and Internet Explorer 11.

Recommendations

Microsoft recommends that customers apply the current update immediately using update

management software, or by checking for updates using the Microsoft Update service. Since

the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.

More Information http://technet.microsoft.com/library/2755801

http://helpx.adobe.com/security/products/flash-player/apsb14-18.html

https://support.microsoft.com/kb/2982794

http://go.microsoft.com/fwlink/?LinkID=40747


Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update

August 2014

Update for

Windows 8.1

Executive Summary

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update is a cumulative update that

includes all previous released security updates and nonsecurity updates. In addition to previous

updates, it includes improvements such as improved Internet Explorer 11 compatibility for enterprise

applications, usability improvements, extended mobile device management and improved hardware

support. Additionally, this update enable Windows Server 2012 to support clustering configurations for

hosts.

Important All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and

Windows Server 2012 R2 require this update to be installed. We recommend that you install this

update on your Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2-based computer in order

to receive continued future updates.

Recommendations

This update is provided as an important update. If you select the Install updates automatically

(recommended) Windows Update setting, this update is installed automatically. If you select other

Windows Update settings, we highly recommend that you install this update through Windows Update

immediately.

Important Starting this month – August, any update applicable to Windows 8.1/Server 2012 R2 will

require 2919355.

More Information

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update May 2014

http://support.microsoft.com/kb/2919355

Information for IT Professionals

http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-

pro-perspective.aspx

http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-

wsus-availability-and-adjusted-timeline.aspx


http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-pro-perspective.aspx

http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-wsus-availability-and-adjusted-timeline.aspx


Product Families and Service Packs Reaching End of SupportSupport

Lifecycle

Product Families Nothing scheduled to enter Extended Support in August

Service PacksNo Service Packs expiring in August

October: Office 2010 SP1, Project 2010 SP1, SharePoint Server 2010 SP1, Visio 2010 SP1

More InformationMicrosoft Support Lifecycle information

http://support.microsoft.com/lifecycle/

http://support.microsoft.com/lifecycle/


Security Bulletin SummaryAugust 2014

Bulletin Bulletin title Severity Priority

MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution Critical 1

MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege Important 3

MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege Important 2

MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass Important 2

MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass Important 2

MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution Important 1

MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege Important 3

MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege Important 3

MS14-051 Cumulative Security Update for Internet Explorer Critical 1

Appendix



MSRT Changes, Tools, and Public Security Bulletin WebcastRelated

Resources

Malicious Software

Removal Tool (MSRT)

Win32/Lecpetex – a family of Trojans designed to collect your personal information and install other

malware. Can also install malware that uses your PC for bitcoin mining.

Additional Malware

Removal Tools

Microsoft Safety Scanner

• Same basic engine as the MSRT, but with a full set of A/V signatures.

Windows Defender Offline

• An offline bootable A/V tool with a full set of signatures.

• Designed to remove rootkits and other advanced malware that can't always be detected by

antimalware programs.

• Requires you to download an ISO file and burn a CD, DVD, or USB flash drive.

Public Webcast

Information About Microsoft's Security Bulletins

Wednesday, August 13, 2014, 11:00 A.M. Pacific Time (US & Canada)

Register at: http://technet.microsoft.com/security/dn756352

Microsoft Security

Blogs

Microsoft Security Response Center Blog: http://blogs.technet.com/msrc

Microsoft Security Research Defense Blog: http://blogs.technet.com/srd

Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc

Microsoft Security Development Lifecycle Blog: http://blogs.technet.com/sdl

http://technet.microsoft.com/security/dn756352

http://blogs.technet.com/msrc

http://blogs.technet.com/srd

http://blogs.technet.com/mmpc

http://blogs.technet.com/sdl


Detection & Deployment (Manageability Tools) ReferenceAugust

2014

BulletinWindows

Update 1Microsoft

Update 1 MBSA 2 WSUS SMS ITMU SCCM

MS14-043 Yes Yes Yes Yes Yes Yes

MS14-044 No Yes Yes Yes Yes Yes








1. Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.

2. Microsoft Baseline Security Analyzer (MBSA) v2.3 now supports Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.


MS14-051 Internet ExplorerKnown Issues

MS14-051 : KB2976627

1. If you have an explorer bar installed, Internet Explorer may crash after the update is installed. This issue occurs

when the explorer bar is a HTML explorer bar. The following Internet Explorer versions are affected by this issue:

• Internet Explorer 11 that is running on Windows 8.1

• Internet Explorer 10 that is running on Windows 8

• Internet Explorer 9 that is running on Windows 7

To work around this issue, uninstall this update, uninstall the HTML explorer bar and then reinstall this update.

2. After you install this security update, the Internet Explorer window may become very slow to update and respond

when you open consecutive modal dialogs. This issue affects Internet Explorer versions 6 through 11.

New Features

KB2991001 Improvements to WebGL renderer in Internet Explorer 11

KB2990946 Improvements to F12 developer tools for Internet Explorer 11

KB2988414 Update that helps you manage your Internet Explorer 11 search provider

KB2991000 Blocking out-of-date ActiveX controls in Internet Explorer (enforced 9/9)


MS14-045 KMD | MS14-050 SharePointKnown Issues

MS14-045 : KB2982791 After you install this security update, fonts that are installed to a location other than the default fonts directory

(%windir%\fonts\) cannot be modified when they are loaded into any active session. Attempts to change, replace, or

delete these fonts will be blocked, and a "File in use" message will be presented.

For more information, visit the following Microsoft webpages:

Font Installation and Deletion

AddFontResource function

AddFontResourceEx function

RemoveFontResource function

RemoveFontResourceEx function

MS14-050 : KB2880994 Some Apps for SharePoint may not function correctly after applying this update.

• Developers have been proactively notified

• MSDN documentation will be updated

http://msdn.microsoft.com/en-us/library/dd144833(v=vs.85).aspx





Links

Públicos

dos

Boletin de

Segurança

Português

LATAM

Links do Boletins em Português

• Microsoft Security Bulletin Summary for Aug 2014-

Resumo

http://technet.microsoft.com/pt-

br/security/bulletin/ms14-aug

• Security Bulletin Search/Boletins de Segurança Busca

http://technet.microsoft.com/pt-br/security/bulletin

• Security Advisories/Comunicados de Segurança

http://technet.microsoft.com/pt-br/security/advisory

• Microsoft Technical Security Notifications - Notificações

http://technet.microsoft.com/pt-

br/security/dd252948.aspx

Blogs

Negócios de Risco

• http://blogs.technet.com/b/risco/

• MSRC Blog


• SRD Team Blog


• MMPC Team Blog


• MSRC Ecosystem Team Blog

http://blogs.technet.com/ecostrat

Supplemental Security Reference Articles

• Detailed Bulletin Information Spreadsheet


• Security Tools for IT Pros- Ferramentas de Segurança

http://technet.microsoft.com/pt-br/security/cc297183

• KB894199 Description of Software Update Services and Windows Server Update Services changes in content


• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious

software


• Mybulletins

• http://mybulletins.technet.microsoft.com/

http://technet.microsoft.com/pt-br/security/bulletin/ms14-Jul

http://technet.microsoft.com/pt-br/security/bulletin

http://technet.microsoft.com/pt-br/security/advisory

http://technet.microsoft.com/pt-br/security/dd252948.aspx




http://blogs.technet.com/ecostrat


http://technet.microsoft.com/pt-br/security/cc297183



http://mybulletins.technet.microsoft.com/

Webcast

Português

Setembro

GBS Security Worldwide Programs34

Webcast Português (Externo)

WEBCAST – CLIENTES

https://msevents.microsoft.com/CUI/Ev

entDetail.aspx?EventID=1032575589

11/Setembro/2014

15:30 Hrs Brasília

Para receber convite para a conferência escrever para [email protected]

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032575589&Culture=pt-BR&community=1

Documents

Monthly Security Bulletin Briefing - Microsoft · Bulletin Briefing CSS Security Worldwide Programs August 2014 ... • Windows Server 2008 • Windows 7 • Windows Server 2008 R2