Microsoft Security Bulletins For October 2014

Martin Brinkmann
Oct 14, 2014
Updated • Jan 4, 2018
Companies, Microsoft, Windows Updates
|
17

Welcome to the Microsoft's October 2014 Patch Day overview. It provides an in-depth analysis and information about all security bulletins and updates that Microsoft released for its products since the September patch day.

Microsoft released eight security bulletins this month fixing a total of 24 vulnerabilities in company products such as the Microsoft Windows operating system, Internet Explorer or Microsoft Office.

Three of the bulletins have received the highest severity rating of critical and five the second highest rating of important.

You find details about those patches below including a video summary by Microsoft, distribution of updates as well as deployment and download information.

Microsoft announced today that it will add outdated versions of Silverlight to the out-of-date ActiveX control blocking feature starting November 11, 2014. All versions of Silverlight older than Silverlight 5.1.30514.0 are affected by this.

Executive Summary

  • A total of eight bulletins have been released on this patch day that fix a total of 24 vulnerabilities.
  • Affected products include Microsoft Windows, Microsoft .Net Framework, Microsoft Office and Internet Explorer.
  • Three of the nine bulletins received the highest severity rating critical.
  • Microsoft suggests to deploy the bulletins MS14-056, MS14-057 and MS14-058 first (the three critical ones).

Video Summary

Operating System Distribution

As far as client operating systems are concerned, all but Windows Vista are affected by three critical and one important bulletin. Windows Vista in addition to that is affected by another important rated bulletin.

Windows Server 2003 and Windows Server 2008 are affected by two critical, two important and 1 moderate bulletin, while all other server operating systems are affected by two critical, one important and moderate bulletin.

  • Windows Vista: 3 critical, 2 important
  • Windows 7:   3 critical, 1 important
  • Windows 8:  3 critical, 1 important
  • Windows 8.1: 3 critical, 1 important
  • Windows RT: 3 critical, 1 important
  • Windows RT 8.1:  3 critical, 1 important
  • Windows Server 2003: 2 critical, 2 important, 1 moderate
  • Windows Server 2008: 2 critical, 2 important, 1 moderate
  • Windows Server 2008 R2: 2 critical, 1 important, 1 moderate
  • Windows Server 2012: 2 critical, 1 important, 1 moderate
  • Windows Server 2012 R2: 2 critical, 1 important, 1 moderate
  • Server Core installation: 2 critical, 1 important

Other Microsoft Product Distribution

  • Microsoft Office 2007: 1 important
  • Microsoft Office 2010: 1 important
  • Microsoft Office for Mac: 1 important
  • Microsoft Office Compatibility Pack: 1 important
  • Microsoft SharePoint Server 2010: 1 important
  • Microsoft Office Web Apps 2010: 1 important
  • ASP .NET MVC: 1 important

Deployment Guide

The suggested deployment priority for the October 2014 is to deploy all three critical vulnerabilities with the highest priority, followed by vulnerabilities MS14-060 and MS14-061 that address issues in OLE and Word second.

october 2014 microsoft security bulletins

  • Tier 1: MS14-056 Internet Explorer, MS14-057 .Net Framework and MS14-058 KMD (all critical)
  • Tier 2: MS14-06 OLE, MS14-061 Microsoft Word (all important)
  • Tier 3: MS14-059 ASP.NET, MS14-062 Message Queuing, MS14-063 Fat32

Security Bulletins

MS14-056 - Cumulative Security Update for Internet Explorer (2987107) - critical - remote code execution
MS14-057 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) - critical - remote code execution
MS14-058 - Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) - critical - remote code execution
MS14-059 - Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) - important - security feature bypass
MS14-060 - Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) - important - remote code execution
MS14-061 - Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) - important - remote code execution
MS14-062 - Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) - important - elevation of privilege
MS14-063 - Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) - important - remote code execution

Security Advisories

Microsoft has released three security advisories this month.

  • Update to Improve Credentials Protection and Management (2871997) - This update improves "credential protection and domain authentication controls to reduce credential theft".
  • Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 (2949927) - This adds support for SHA-2 signing and verification functionality.
  • Update for Microsoft EAP Implementation that Enables the Use of TLS (2977292) - Enables the use of Transport Layer Security (TLS) 1.1 or 1.2 through the modification of the system registry.

Non-security related updates

  • Update for Windows 7 - Compatibility update for upgrading Windows 7 (KB2952664)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2989542)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2994023)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2995387)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2995388)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2998174)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2998812)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3000988)
  • Windows Malicious Software Removal Tool - October 2014 (KB890830)/Windows Malicious Software Removal Tool - October 2014 (KB890830) - Internet Explorer Version
  • Update for Windows 7 and Windows Server 2008 R2 - Update to support the new currency symbol for the Russian ruble in Windows (KB2970228)
  • Update for Windows 8, Windows RT, and Windows Server 2012 - August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012 (KB2975331)
  • Update for Windows 8, Windows RT, and Windows Server 2012 - September 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012 (KB2984005)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 - September 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (KB2984006)
  • Update for Microsoft .NET Framework 3.5 - Update for .NET Framework 3.5 on Windows Server 2012 R2, and Windows Server 2012, Windows 8.1, and Windows 8 (KB3005628)
  • Update for Windows 7 - September 2014 update for DVD playback in Windows 7 SP1 (KB3001554)
  • Update for Windows 8.1 - Some versions of the OneDrive desktop app for Windows do not update automatically (KB2990967)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded - A September 2014 time zone update for Russia is available (KB2998527)

How to download and install the October 2014 security updates

microsoft october 2014 updates
security updates microsoft october 2014

The October 2014 security patches are made available via Windows Update to all systems running client or server based versions of Windows.

If automatic updates is enabled, the updates will be downloaded automatically to the system once the system picks them up.

It may still be a good idea to check for updates manually as it may take some time after the release before they get downloaded to the system automatically.

  1. Tap on the Windows-key, type Windows Update and select the result from the list displayed to you.
  2. There you need to click on check for updates to run a manual update check.

Microsoft will make the updates available on the Microsoft Download Center as well for manual download and in form of  monthly security ISO images.

Additional information

Summary
Microsoft Security Bulletins For October 2014
Article Name
Microsoft Security Bulletins For October 2014
Description
An overview of all Microsoft security updates and regular updates that the company has released in October 2014.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Ananda said on October 15, 2014 at 3:43 pm
    Reply

    About failed update kb 2952664.
    Go to Control Panel\All Control Panel Items\Programs and Features
    Click on View Installed Updates and search for KB 2952664 (it is under -Microsoft Windows-.
    Right click and Uninstall.
    Restart.
    Look again for Windows Updates. KB 2954526 will present itself again.
    Install it.
    I was successful. Case closed.

    1. Sid said on October 22, 2014 at 8:27 pm
      Reply

      Many Thanks’ Ananda… followed your recommendation (to the letter) with the exception of going directly to Uninstall (on my system Window 7) followed the restart, and whizz-bang ~ Update installed perfectly (with Anti-Virus closed for the download).
      “Wish everything was as simple as following your instructions.”
      Can definitely say that if anyone has the same problems getting this update installed (when it’s actually not!) then would certainly recommend Ananda’s procedures.

      Thanks’ again.

    2. Tom Hawack said on October 15, 2014 at 4:18 pm
      Reply

      Well, thanks a lot for the “tip”, Ananda. It worked perfectly well.
      I wouldn’t have imagined that a Windows failed Update be registered within the installed Updates. Good to know.

  2. David Hu said on October 15, 2014 at 7:41 am
    Reply

    Hi, Martin, I try to contact you by email: but the email is error, sent failed.

    How can I contact you? thanks!

    1. Martin Brinkmann said on October 15, 2014 at 8:49 am
      Reply

      Try the contact form here on the site.

      1. David Hu said on October 16, 2014 at 5:06 am
        Reply

        Hi, martin, I did it, do you copy the email?

  3. user-not-geek said on October 15, 2014 at 6:19 am
    Reply

    Does any geek know what is the KB2920189 security update from May12 2014 .Since 2 weeks ago my 360 Total Security recomends me it.
    I cannot find anything sensible about it on google ,apart from it is about UEFI and has no security bulletin .
    I am asking because I remember there were some patches worse then problems supposed to be corrected= so should I install this one ?

  4. InterestedBystander said on October 14, 2014 at 11:33 pm
    Reply

    I assume this update addresses the Vista-to-8.1 flaw mentioned in the “Sandworm Group” hacking story? http://www.reuters.com/article/2014/10/14/us-russia-hackers-idUSKCN0I308F20141014

  5. Tom Hawack said on October 14, 2014 at 9:28 pm
    Reply

    Here the Update for Windows 7 – Compatibility update for upgrading Windows 7 (KB2952664) failed to install with error code = 80242016. This error code is said to be related to a possible connection failure. Has anyone else encountered this issue? I’ve restarted Windows Update but missing KB2952664 is (still) not proposed. First time I encounter a WinUpdate failure.

    1. Angelo said on October 15, 2014 at 2:02 pm
      Reply

      I confirm the issue. I tried to fix it following the “Fix it” guide which opens clicking the link on Display Details (list installed updates) but didn’t work. Also Installing manually the patch (I found a download link searching the WEB) failed (maybe I found an old version of the patch). Probably the best is to wait MS. Also for me is the first time WU failed… :-(

    2. Jim H said on October 14, 2014 at 10:32 pm
      Reply

      Yes, I too had KB2952664 fail to install with error code 80242016.
      I also restarted Windows Update with the exact same results as you experienced.
      How do I resolve this issue?
      I”m running Win. 7 x64 SP1. All updates and patches are current.

      1. Tom Hawack said on October 14, 2014 at 10:53 pm
        Reply

        From what I’ve read of users’ experiences with failed Windows Updates, either retry as you and I have, or wait for next automatic update (if applicable). Tomorrow morning (with auto update at 03:00 AM) I should be settled.

        KB2952664 is a non-security related update, fortunately. I am truly puzzled, especially should the missed update not be handled. As I understand it, error code 80242016 includes several causes, and it may well have been a problem on MS servers’ side, you and I and others in the narrow connection issue. Maybe …

  6. Ficho said on October 14, 2014 at 8:54 pm
    Reply

    I had some problems with KB2949927.After installation it was offered again and again,so
    I manually downloaded and installed that update and now everything is OK.

    1. Anonymous said on October 15, 2014 at 9:17 am
      Reply

      I could not install this update. Someone help me, thanks!

      1. Ficho said on October 18, 2014 at 11:54 am
        Reply
      2. Ficho said on October 15, 2014 at 10:44 am
        Reply

        I downloaded KB2949927 from Microsoft site and installed it.

        http://www.microsoft.com/en-US/download/details.aspx?id=44366

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.