Welcome to the Microsoft's October 2014 Patch Day overview. It provides an in-depth analysis and information about all security bulletins and updates that Microsoft released for its products since the September patch day.
Microsoft released eight security bulletins this month fixing a total of 24 vulnerabilities in company products such as the Microsoft Windows operating system, Internet Explorer or Microsoft Office.
Three of the bulletins have received the highest severity rating of critical and five the second highest rating of important.
You find details about those patches below including a video summary by Microsoft, distribution of updates as well as deployment and download information.
Microsoft announced today that it will add outdated versions of Silverlight to the out-of-date ActiveX control blocking feature starting November 11, 2014. All versions of Silverlight older than Silverlight 5.1.30514.0 are affected by this.
Executive Summary
Video Summary
Operating System Distribution
As far as client operating systems are concerned, all but Windows Vista are affected by three critical and one important bulletin. Windows Vista in addition to that is affected by another important rated bulletin.
Windows Server 2003 and Windows Server 2008 are affected by two critical, two important and 1 moderate bulletin, while all other server operating systems are affected by two critical, one important and moderate bulletin.
Other Microsoft Product Distribution
Deployment Guide
The suggested deployment priority for the October 2014 is to deploy all three critical vulnerabilities with the highest priority, followed by vulnerabilities MS14-060 and MS14-061 that address issues in OLE and Word second.
Security Bulletins
MS14-056 - Cumulative Security Update for Internet Explorer (2987107) - critical - remote code execution
MS14-057 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) - critical - remote code execution
MS14-058 - Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) - critical - remote code execution
MS14-059 - Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) - important - security feature bypass
MS14-060 - Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) - important - remote code execution
MS14-061 - Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) - important - remote code execution
MS14-062 - Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) - important - elevation of privilege
MS14-063 - Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) - important - remote code execution
Security Advisories
Microsoft has released three security advisories this month.
Non-security related updates
How to download and install the October 2014 security updates
The October 2014 security patches are made available via Windows Update to all systems running client or server based versions of Windows.
If automatic updates is enabled, the updates will be downloaded automatically to the system once the system picks them up.
It may still be a good idea to check for updates manually as it may take some time after the release before they get downloaded to the system automatically.
Microsoft will make the updates available on the Microsoft Download Center as well for manual download and in form of monthly security ISO images.
Additional information
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
I had some problems with KB2949927.After installation it was offered again and again,so
I manually downloaded and installed that update and now everything is OK.
I could not install this update. Someone help me, thanks!
I downloaded KB2949927 from Microsoft site and installed it.
http://www.microsoft.com/en-US/download/details.aspx?id=44366
See here :
KB2949927 fails to install…
https://social.technet.microsoft.com/Forums/en-US/bc191121-94ab-483f-ae9f-d5056ca3aae5/kb2949927-fails-to-install-if-bitlocker-fvevol-service-is-disabled?forum=w7itproinstall
Microsoft Removes KB2949927 Botched Windows 7 Update
http://news.softpedia.com/news/Microsoft-Removes-KB2949927-Botched-Windows-7-Update-462493.shtml
Here the Update for Windows 7 – Compatibility update for upgrading Windows 7 (KB2952664) failed to install with error code = 80242016. This error code is said to be related to a possible connection failure. Has anyone else encountered this issue? I’ve restarted Windows Update but missing KB2952664 is (still) not proposed. First time I encounter a WinUpdate failure.
Yes, I too had KB2952664 fail to install with error code 80242016.
I also restarted Windows Update with the exact same results as you experienced.
How do I resolve this issue?
I”m running Win. 7 x64 SP1. All updates and patches are current.
From what I’ve read of users’ experiences with failed Windows Updates, either retry as you and I have, or wait for next automatic update (if applicable). Tomorrow morning (with auto update at 03:00 AM) I should be settled.
KB2952664 is a non-security related update, fortunately. I am truly puzzled, especially should the missed update not be handled. As I understand it, error code 80242016 includes several causes, and it may well have been a problem on MS servers’ side, you and I and others in the narrow connection issue. Maybe …
I confirm the issue. I tried to fix it following the “Fix it” guide which opens clicking the link on Display Details (list installed updates) but didn’t work. Also Installing manually the patch (I found a download link searching the WEB) failed (maybe I found an old version of the patch). Probably the best is to wait MS. Also for me is the first time WU failed… :-(
I assume this update addresses the Vista-to-8.1 flaw mentioned in the “Sandworm Group” hacking story? http://www.reuters.com/article/2014/10/14/us-russia-hackers-idUSKCN0I308F20141014
Does any geek know what is the KB2920189 security update from May12 2014 .Since 2 weeks ago my 360 Total Security recomends me it.
I cannot find anything sensible about it on google ,apart from it is about UEFI and has no security bulletin .
I am asking because I remember there were some patches worse then problems supposed to be corrected= so should I install this one ?
Hi, Martin, I try to contact you by email: but the email is error, sent failed.
How can I contact you? thanks!
Try the contact form here on the site.
Hi, martin, I did it, do you copy the email?
About failed update kb 2952664.
Go to Control Panel\All Control Panel Items\Programs and Features
Click on View Installed Updates and search for KB 2952664 (it is under -Microsoft Windows-.
Right click and Uninstall.
Restart.
Look again for Windows Updates. KB 2954526 will present itself again.
Install it.
I was successful. Case closed.
Well, thanks a lot for the “tip”, Ananda. It worked perfectly well.
I wouldn’t have imagined that a Windows failed Update be registered within the installed Updates. Good to know.
Many Thanks’ Ananda… followed your recommendation (to the letter) with the exception of going directly to Uninstall (on my system Window 7) followed the restart, and whizz-bang ~ Update installed perfectly (with Anti-Virus closed for the download).
“Wish everything was as simple as following your instructions.”
Can definitely say that if anyone has the same problems getting this update installed (when it’s actually not!) then would certainly recommend Ananda’s procedures.
Thanks’ again.