Microsoft Security Bulletins For December 2014
This article offers detailed information about all security and non-security patches that Microsoft released in December 2014.
The company changed the way the information are provided last month. While it releases information about each bulletin just like before, it stopped the release of videos that go over each month's security bulletins.
In addition, it stopped creating sheets detailing the deployment priority of bulletins. The sheets have been replaced with a simple priority listing.
The guide starts with the executive summary below which reveals the most important information. You find the operating system distribution, list of bulletins, deployment information, download guides and related information below afterwards.
Executive Summary
- Microsoft released seven bulletins this month that address a total of 24 unique vulnerabilities.
- Three of the bulletins have received a maximum severity rating of critical, the highest rating.
- Affected programs include Microsoft Windows, Microsoft Office and Microsoft Exchange.
Operating System Distribution
Below is the list of all operating systems that Microsoft supports with patches and the severity of the patches they have received on this Patch Day.
Vista and Windows 7 are affected with two critical and one important bulletin while all remaining desktop operating systems are affected by one critical and 1 important vulnerability only.
Windows Server 2003, 2008 and 2008 R2 are affected by one important and two moderate bulletins this time while Server 2012 and 2012 R2 only by one important and one moderate bulletin.
- Windows Vista: 2 critical, 1 important
- Windows 7:Â 2 critical, 1 important
- Windows 8: 1 critical, 1 important
- Windows 8.1: 1 critical, 1 important
- Windows RT: 1 critical, 1 important
- Windows RT 8.1:Â 1 critical, 1 important
- Windows Server 2003: 1 important, 2 moderate
- Windows Server 2008: 1 important, 2 moderate
- Windows Server 2008 R2: 1 important, 2 moderate
- Windows Server 2012: 1 important, 1 moderate
- Windows Server 2012 R2: 1 important, 1 moderate
- Server Core installation: 1 important
Other Microsoft Product Distribution
Security updates have been released for other Microsoft products as well. Consult the listing below to find out more about their impact.
- Microsoft Exchange Server 2007: 1 important
- Microsoft Exchange Server 2010: 1 important
- Microsoft Office 2007: 1 critical, 2 important
- Microsoft Office 2010: 1 critical, 2 important
- Microsoft Office 2013 and Office 2013 RT: 1 critical, 2 important
- Office for Mac: 1 critical
- Other Office software: 1 important
- Microsoft SharePoint Server 2010 and 2013: 1 important
- Office Web Apps 2010 and 2013: 1 important
Security Bulletins
- MS14-075 - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) - Important - Elevation of Privilege
- MS14-080 - Cumulative Security Update for Internet Explorer (3008923) - Critical - Remote Code Execution
- MS14-081 - Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301) - Critical - Remote Code Execution
- MS14-082 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349) - Important - Remote Code Execution
- MS14-083 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347) - Important - Remote Code Execution
- MS14-084 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711) - Critical - Remote Code Execution
- MS14-085 - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) - Important - Information Disclosure
Security Advisories
Other security related updates
- Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB3018943) - Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer
- MS14-068: Security Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3011780) - Vulnerability in Kerberos could allow elevation of privilege
- MS14-066: Security Update for Windows Server 2012 and Windows Server 2008 R2 (KB2992611) - Vulnerability in SChannel could allow remote code execution
Non-security related updates
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2989930)
- Update for Windows 8.1 and Windows RT 8.1 (KB2994290)
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB3004394)
- Update for Windows 7 and Windows Server 2008 R2 (KB3006121)
- Update for Windows 7 and Windows Server 2008 R2 (KB3006625)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3008242) - The system does not enter Connected Standby after you install update 2996799 in Windows 8.1
- Update for Windows 7 and Windows Server 2008 R2 (KB3009736)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3012199)
- Language Packs for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3012997)
- Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP Embedded (KB3013410)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB3013767)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3013769)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3013816)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3014140)
- Update for Windows 7, and Windows Server 2008 R2 (KB3014406)
- Update for Windows 7 (KB3015428)
- Windows Malicious Software Removal Tool - December 2014 (KB890830)/Windows Malicious Software Removal Tool - December 2014 (KB890830) - Internet Explorer Version
- Update for Windows 7 (KB3004469) - You cannot install or download Windows 7 SP1
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB3000853) - November 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012
- Update for Windows 8 (KB3008273) - An update to enable an automatic update from Windows 8 to Windows 8.1
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3000850) - November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
How to download and install the December 2014 security updates
All security updates are available via automatic updates. This is a feature of all Windows systems that downloads and installs patches automatically or manually depending on how it has been configured by the system administrator.
Windows Update picks up new updates automatically but it may not do so right after they become available. You can run a manual check however.
To open Windows Update and check for new updates, do the following:
- Tap on the Windows-key to bring up the start menu or start screen.
- Type Windows Update and select the result of the same name from the list.
- Click on check for updates to run the check.
Patches can be downloaded from Microsoft's Download Center or as security iso images that the company releases on a monthly basis.
Additional information
- Microsoft Security Response Center blog on the 2014 Bulletin Release
- Microsoft Security Bulletin Summary for December 2014
- List of software updates for Microsoft products 2014
- Our in-depth update guide for Windows
Martin, how hasn’t MS hired you yet? Blogging for them at least ;)
Thanks for the updates.
Guess my site is too small for Microsoft to take any note of it.
Hi…Not sure if this gets to correct person…Did updates last night that were available….After wards I can not start windows defender.. I do not run MSE but tried installing that from the non essential updates and it failed… Computer had no issues (WIN 7) until after updates. I tried restoring and that also failed…
Anyone else with this issue? And if so how to fix it?
Thank You..
Gary
Gary,
I’m having the same issue. It was after the update as well. Been searching for a “fix” but nothing as of yet has worked. My guess is it’s an issue that will be fixed in a follow up “update”.
I uninstalled update KB3009736 and it fixed the problem.
Confirmed. I was able to run Defender after uninstalling KB3009736.
Broken Link – “Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB3000850) – November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2”
Thanks fixed that one ;)
Lately, it has seemed like Microsoft does not publish some KB articles until much later after they have been offered. I’ve tried from multiple connections to rule out the possibility that there is a connection issue. Do you find this to be the case? (One example is http://support.microsoft.com/kb/3004394. As of the time this is written, it still displayed the generic “Oops. The page you are looking for may have a new location, or is no longer available.”
Yes Mike I have experienced the same.
After Today’s updates,Windows Defender in Windows 7 won’t turn on.
Error 0x800706F7 – the stub received bad data.
I’ve had that same problem all day on 64 bit PC since same Win 7 updates today; re-registering Defender’s dlls, copying good dlls into reg, restarting, copying modules back into Defender program files…that and/or restarting as apropos, none of it allows Defender to start. Ditto resetting post-update IE 11 for Windows 7 back to defaults all zones; maybe interference from the update re “time zones” (clock issues can also impact Defender, but I can’t remember/locate online which update today relates to time zones so can’t remove to test to see if culprit).
Well i did a trial and error , it’s one of these two updates…. KB3004394 OR KB3006121 .
Not sure which one it could be , if anyone can do something.
Uninstall Update KB3009736 and it will fix your Windows Defender issue. I had the same problem on Windows 7 Professional 64Bit.
If for some reason that didn’t work, also uninstall this update, KB3004394
@Gundament Thank you very much! Uninstalling update KB3004394 solved my problem. My Windows Defender was not working and I couldn’t run it. Now it works. Perfect! Have a nice day :)
Thank you so much!
I’ve been seeing the same thing. At first I thought it was a virus and did a ton of AV scans only to come here and find out that it’s the update. Hopefully someone finds a resolution.
Martin, where do you get the lists of “Other security related updates” and “Non-security related updates”?
Because once again my Win8.1 doesn’t show some of the updates (meant for 8.1) you’ve listed under those headers.
EDIT: okey, I found some lists here: http://support.microsoft.com/kb/894199 .. did you get them from there? Because there are (under “December 09, 2014”) several updates that you don’t list here (e.g. KB2952664 – Update for Windows 7).. why are you only listing some of them and not all? And why isn’t all of the relevant (in my case for 8.1) updates offered through windows update? Holy c*** what a mess. I feel insecure because your page and MS lists some updates that are not offered at all. Last month same thing. :(
Microsoft happens to release additional updates after I finish the article which is a bit unfortunate but cannot be changed.
Some updates listed may not apply to your system. The only way to make sure is to read what it fixes and what it depends on to verify that.
KB3004394 breaks the diagnostic tool (and thus the troubleshooter) uninstalling it lets them work again. I think KB3004394 may need a bit more testing.
Thank you, “min”! I removed KB3004394 after reading your comment, restarted, and Windows Defender et al back to normal.
Thanks.Windows Defender is working now.
This morning, after the update, ?Excel 2013 will not open.
Can someone please tell a non-techie how to find and delete KB3004394? I, too, cannot open my Performance Troubleshooter, and am experiencing some real sluggishness in Windows 7. Thanks!
Press the Windows-key, type remove a program and select the result from the list. This opens a control panel window that you use to uninstall programs that you have installed.
select View installed updates on the left and wait for the results to be populated. Sort by installed on date and locate the update.
Right-click on it and select uninstall.
Concerning KB3004394 – it seems that this patch destroys Windows Root Certificate store on some Windows 7 and Windows Server 2008 R2 systems. I wrote an article about this issue:
http://borncity.com/win/2014/12/10/update-kb3004394-breaks-root-certificate-in-windows-7-windows-server-2008-r2/
Thanks Günther!
I’ve been waiting for my Windows update to install. It’s been 2 hours now on a Vista machine. It’s hung up on step 4 of the update. Is there some way to get out of this or should I wait longer? If there is a solution, I am a non-computer person so I need detailed help. Thanks.
Since updating, my 64 bit computer (Vista), is insanely bogged down. Suddenly Chrome is crashing over and over. Any folder takes 1-2 minutes to open, and opening any file or running any basic program takes 20-30 minutes. Is anyone else experiencing this? Running C-Cleaner has so far taken 1 1/2 hours and it’s only 30% done – and it usually only takes about 15 seconds!
I noticed the speed problem when I first accepted that 11 updates needed to be installed – just preparing to download took 30-40 minutes. Any insight would be appreciated…. I can use my laptop, but my PC is business critical and I need to come up with a plan!
Same here but not as bad as you. After updating (W7 x64) my pc has gotten slower.
Any help would be appreciated.
Hi! So I found this after fighting with the new updates and a lack of Windows Defender being able to work and uninstalled the update. Everything works fine now, just like normal. But when I look at the options to shutdown or restart my computer, there’s that yellow shield with a ! warning me about an update, and Windows Update still wants me to install it. How do I prevent this?
Open Windows Updates, right-click on that update and select hide update.
I first lost browser connectivity, then received the KB3004394 error message while trying to troubleshoot my network connection. Whatever the problem, the troubleshooter won’t even run, much less attempt a diagnosis. I just installed the recommended updates this AM, and all was well for a few hours, then: kaput! …no browser. The Network Center reports a good connection, and all other network devices are connected and working. I uninstalled and hid the 4394 update, but still can’t connect to a webpage.
Windows Update reported 4 new updates this evening, so I allowed them, hoping for a patch. They seem to have downloaded ok, but still no browser connectivity in any browser.
Any suggestions would be appreciated
I have the same issue. I have IPV4 connection, but there’s no IPV6 according to the troubleshooting. I have uninstalled all updates, done a system restore, disabled all antivirus and firewalls, renewed IP, flushed DNS cache but still nothing. However, unlike Dan, I can’t connect to the internet from my machine AT ALL. From any program, not only the browser.
WOW! WOW ! WOW! ………..I had the problem of Window Defender stop working “stub error” read one of your post ….for some reason trusted it AND MAN IT WORKED it really worked!!!!!
For Windows Defender stop working stub error remove KB3004394.
I will save this site, I know I will be back :)
Thank you for posting this. Scouring google yesterday I could not find a fix for the issue. Today, the same search showed this page at the top of the results! :D Now I have things working again!
I get a very annoying mouse cursor at startup on my Toshiba encore tablet ever since update KB3012199 that only disappears after touching the screen and I don’t know how to fix this as this update cannot be uninstalled. Please advise.
after an update yesterday my maching runs slowly (win7 32bit sp1), my wifi connection takes a bit too long to connect, usually it takes only about a second now it takes about 30seconds to connect.. my windows defender also wont start.. uninstalling KB3004394 fixed everythingn now my windows defender is working back to normal. i hope microsoft will fix this issue asap…
Well, after the security updates, in excel 2007 on Win7, macros in xlms files won’t work anymore. Is this possible? I wonder…
If there is someone with the same Problem: This helps
http://www.borncity.com/blog/2014/12/11/dezember-update-blockiert-excel-makros/
Bye
Red
It is a German text. Basically, update http://support.microsoft.com/KB/2553154 is responsible and you can fix the issue by uninstalling it.
After updating 2 laptops this week, they wouldnt get into windows anymore. windows recovery also doesn’t work!! please be carefull with latest updates from microsoft, seems they are bad.
My Windows 8.1 PC failed to start after installing all December 2014 updates and I had to use an earlier restore point to recover start up. I eventually isolated the update to KB3013816 after 4 hours of frustrating work. I will always now make an up to date restore point before installing any future Microsoft updates to Windows 8.1
Maybe a dumb question, but how can i figure out which update destroyed my system?
Sometimes you may be able to tell from what you are experiencing and what updates were installed. Often, it comes down to tests. Uninstall updates one by one, observe if the issue is fixed and if it has been, you found the culprit.
It is often easier to read the comments on my site ;)
Ok, thanks, for now i just did a complete factory reinstall.
My PC kept going into “Automatic Repair” mode and then presented me with three options to get started. One of them was to use a previous restore point. Once this had run it allowed my PC to start and I then went to the Windows Update where I could list all the current updates, by unticking all of them and then just installing two at a time, if all was well it allowed my PC to restart. On installing the update KB3013816 my PC then went into “Automatic Repair” and I could then use my latest restore point to get it running again. Having then looked at Microsoft’s Knowledge base it informed me that update KB2919355 issued on the 5th April 2014 needed to be installed prior to installing the update KB3013816. Checking my updates installed I had installed this update on 9th April 2014.
So it points to the update KB3013816 having some form of gliche – I just wish MS would get it’s act together.
KB3014406 made startup considerably slower on the Win7 systems I installed it on. Which is funny, considering what it’s supposed to do.
Welp… That’s it! If it was indeed the update that caused my computer to slow to a crawl, it has officially killed my computer. I ran Defender in Safe Mode just to be sure I hadn’t picked up anything sinister, and when I restarted the computer started going into all kinds of verifications I have never seen and ended up with a message “back up hard drive now – failure is imminent.” I will now take it in to a pro to see if I can get back to a restore point before the update. But if not, I am buying a new computer. It’s about time anyway… But not super thrilled about PCs right now.
Thanks everyone for all the gen on these files to remove to restore Windows Defender, especially Martin Brinkmann.
I first removed KB3009736 without success, then KB3004394 and Windows Defender began to work after a PC restart. All’s well.
However, if the Microsoft software writers produced these ‘updates’ in order to combat newly produced viruses, and we have now removed the offending updates, does this mean we are now vulnerable to the viruses which MS software writers were attempting to combat?
It worries me that we have removed/uninstalled a file or two so as to get Windows Defender working again, but there’s nothing coming out from MS in the way of a freshly written hotfix or patch (which won’t mess up our computers) to prevent new ‘evil’ viruses from going damage.
What do the Microsoft software writers propose to do now?
I’m sorry but I don’t understand your remark “Your comment is awaiting moderation”.
Does anything I’ve said overstep the line?
No it is just a security precaution for first-time commenters.
Uninstalled the two updates kb3004394 and kb3009736 Defender is now running
gary
Well done; You’ve joined the “let’s fix the MS fixes club”! All we need now is a reliable software writer to produce correctly written software in the first place. Which goes back to my original question in that what are Microsoft doing about these unreliable patches and fixes?
After this latest update my laptop i have a karte number of bsod i cant even boot in safe mode or command promt, anyone with the same problem and how to fix it.
Yes. Grrrrrrrr >:( Have not figured out a fix, yet, but good to know it’s not just me.
I deleted the “KB3004394” update and windows defender started working after a reboot. tyvm
I’ve got an employee who is no longer able to connect to 75% of wireless networks because of this update–he gets this same error (0x800706F7). Hopefully it’s not widespread!
after installing december 10th windows update caused excel not to open with out a error so i would close it then tryed again at which point it would open, problem occurs only in sheets with data …not on a empty sheet, problem was corrected system restore then only downloading updates not pertaining to office of any kind
Argh! My laptop hasn’t been able to sleep since this damn update! When I try to sleep my laptop, the screen turns off, but the power light remains on (fan on, HD light going…) and it’ll stay like that forever. I have to force a reboot for it to work again!
Any ideas on which specific update I should uninstall?
The faulty fix or patch is KB3004394 and has been admitted by Microsoft that it was a ‘bad’ patch.
MS has now produced a new patch to remove the faulty one however, I uninstalled KB3004394 and all was well.
The problem has arisen (news from another website forum) that Microsoft laid-off a number of their top software writers and are managing with fewer, new, junior staff to cope with having to write code for the necessary fixes ad patches required.
Apparently MS used to ‘test-run’ their new software before releasing it worldwide but now they may not perhaps have the resources to do this.
I’m only passing on what I have read at other forums, but it seems to make sense to me.
Good luck.
Great, so we’re beta testers now?
I’ve uninstalled all the updates and I’ll delay installing them for another week, just to be sure that something else isn’t broken.
Thanks for the reply.
Something is still broken :(
The system will sleep maybe 25% of the time.
thank you for this information.
I had to install the new MS fix for the old MS fix:Install KB3024777 to fix an issue with KB3004394 on Windows 7.
http://support.microsoft.com/kb/3024777
I have Windows 7 Enterprise SP1. After the 12/10/14 update, I could not open certain sites, including Google and some banking sites. Seemed to affect Firefox on more sites than IE. Installation of KB3024777 seemed to do the trick.
My internet explorer and chrome are crashing left and right. It started crashing badly about a week ago. Internet Explorer error says: Internet Explorer has stopped working. Chrome does not crash as much as Internet Explorer. Foxfire rarely crashes. I have Vista 64 bit. Is anyone else having this problem?