Skip navigation
Menu
Making December's Patch Tuesday Releases Meaningful
Security

Making December's Patch Tuesday Releases Meaningful

It is the very last Patch Tuesday of 2014 and what a year it has been. Microsoft has had 11 tries and has yet to have a completely flawless patching month. Could this be the month Microsoft finally gets it right? Could December's Patch Tuesday produce a Christmas miracle, or just a Festivus for the rest of us when we can air our patching grievances? Time will tell, and I'll be keeping my ear to the ground to let you know of any reported problems, but at least you need to know what's included in today's stack of updates.

Here's what you can expect.

Exchange Server

MS14-075 – This is the bulletin set to release last month, but shelved due to an installation problem. It is a fix for Microsoft Exchange server that can allow attackers to send email that appears from other users. Rating: Important

Internet Explorer

MS14-080 – Internet Explorer is no stranger to Patch Tuesday. This month's edition resolves over 14 privately reported vulnerabilities including Remote Code Execution and an ASLR bypass. Rating: Critical

Microsoft Office

MS14-081 – Microsoft Word and Office Web Apps are vulnerable to Remote Code Execution in the context of the currently logged on user. Of course removing Administrator rights from normal users will fix it, but Microsoft is providing a patch anyway. Rating: Critical

MS14-082 – This is another update for Microsoft Word and also covers remote code execution. Rating: Important

MS14-083 – Excel gets a highlight this time, and it too is vulnerable to remote code execution if run by a normal user that has been given administrative credentials. Rating: Important

VBScript

MS14-084 – Here, Microsoft is seeking to fix a remote code execution flaw in the VBScript Engine. Most IT folks are using PowerShell these days for new scripting projects, but there's a fair amount of VBScript code still out there. This is a client-application vulnerability, so once again, taking away administrative rights would solve the problem. Rating: Critical

Windows JPEG Images

MS14-085 – JPEG images as attack vectors? Apparently so. This vulnerability attacks through Windows JPEG processing and can steal data. Raiting: Important

Re-releases

MS14-065 Cumulative Security Update for Internet Explorer

MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution

Revisions

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)

Miscellaneous

December 2014 update for Windows Root Certificate Program in Windows

Discover problems with any of this month's security updates? Let me know and I'll spread the word.

 

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024