IT Blogwatch Microsoft

33 bugs fixed in GIANT Patch Tuesday catch (one is from 1995)

Microsoft's trustworthy computing team has been working overtime this month: 14 patches, four are 'critical', one is 'ancient'

IT Blogwatch Microsoft

Show More

Microsoft has fixed a record number of bugs this month. Redmond recommends you patch without delay.

Among the critical flaws is MS14-066, which affects every single supported version of Windows (and several older ones). In IT Blogwatch, bloggers melt their WSUS boxen.

Your humble blogwatcher curated these bloggy bits for your entertainment.


Martyn Williams pearls the superlatives:

Microsoft released [14] patches...a monthly record for 2013 and 2014...including four it deemed critical.

The company had originally planned to deliver 16 updates Tuesday, but two are...yet to appear. They include one [with] a critical rating.  MORE


And Ms. Smith gets fanatical:

Expect to reboot as you deploy the fixes for 33 unique Common Vulnerabilities and Exposures (CVEs). ... MS14-064 and MS14-078...are currently being exploited in the wild.

MS14-064 addresses two privately reported vulnerabilities in Microsoft Windows...OLE; all supported versions of Windows are affected...“An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.”

MS14-078...lists the vulnerability in Microsoft Input Method Editor...“the vulnerability could allow sandbox escape...on a system where an affected version of the Microsoft IME (Japanese) is installed.”  MORE


So Blair Hanley Frank doesn't mince words:

It’s another doozy of a Patch Tuesday. [One] can allow an attacker to execute code...if they send specially-formed packets. ... Patches for the [MS14-066] flaw run all the way back to Windows Server 2003.

Now that it has been disclosed, people should move quickly to...Windows Update.  MORE


Thorin Klosowski has more on the '066 bug:

[It] affects every modern version of Windows, including Windows Server 2003/2008/2012, Vista, 7, 8, 8.1, and Windows RT.

The patch...shores up a hole that would have allowed an attacker to remotely trigger code on your machine using specially crafted packets. ... Get the patch installed...the sheer number of machines affected means it's good to make sure your system is up to date.  MORE


But bacavoit insists on delaying:

I'll never update the first day ever again, back in august Microsoft released 2-3 updates that messed up the kernel and there was no way to boot but format, it took them like 3 days to remove it... Never again Microsoft, never again!  MORE


Meanwhile, thegrommit offers this important advice:

For those of you running EMET 5.0, make sure to upgrade to EMET 5.1 otherwise you might find IE11 fails to start while triggering an EMET EAF+ error.  MORE

 

You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Related:

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon