Welcome to the Microsoft's October 2014 Patch Day overview. It provides an in-depth analysis and information about all security bulletins and updates that Microsoft released for its products since the September patch day.
Microsoft released eight security bulletins this month fixing a total of 24 vulnerabilities in company products such as the Microsoft Windows operating system, Internet Explorer or Microsoft Office.
Three of the bulletins have received the highest severity rating of critical and five the second highest rating of important.
You find details about those patches below including a video summary by Microsoft, distribution of updates as well as deployment and download information.
Microsoft announced today that it will add outdated versions of Silverlight to the out-of-date ActiveX control blocking feature starting November 11, 2014. All versions of Silverlight older than Silverlight 5.1.30514.0 are affected by this.
Operating System Distribution
As far as client operating systems are concerned, all but Windows Vista are affected by three critical and one important bulletin. Windows Vista in addition to that is affected by another important rated bulletin.
Windows Server 2003 and Windows Server 2008 are affected by two critical, two important and 1 moderate bulletin, while all other server operating systems are affected by two critical, one important and moderate bulletin.
Other Microsoft Product Distribution
The suggested deployment priority for the October 2014 is to deploy all three critical vulnerabilities with the highest priority, followed by vulnerabilities MS14-060 and MS14-061 that address issues in OLE and Word second.
MS14-056 - Cumulative Security Update for Internet Explorer (2987107) - critical - remote code execution
MS14-057 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) - critical - remote code execution
MS14-058 - Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) - critical - remote code execution
MS14-059 - Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) - important - security feature bypass
MS14-060 - Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) - important - remote code execution
MS14-061 - Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) - important - remote code execution
MS14-062 - Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) - important - elevation of privilege
MS14-063 - Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) - important - remote code execution
Microsoft has released three security advisories this month.
Non-security related updates
How to download and install the October 2014 security updates
The October 2014 security patches are made available via Windows Update to all systems running client or server based versions of Windows.
If automatic updates is enabled, the updates will be downloaded automatically to the system once the system picks them up.
It may still be a good idea to check for updates manually as it may take some time after the release before they get downloaded to the system automatically.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.