Patch Tuesday: Microsoft Security Bulletin Summary for October 2014

  • Post author:
  • Reading time:7 mins read
MS Patch Tuesday October 2014
MS Patch Tuesday October 2014

Microsoft Patch Tuesday October 2014 has released Eight security bulletins addressing a total of 24 vulnerabilities. The high priority fix is for Internet Explorer and Microsoft Windows. Internet Explorer alone addresses 14 out of 24 vulnerabilities.

This month Three bulletins are rated as Critical, addressing 19 vulnerabilities and five are rated as Important.

Critical security updates addresses security issues in Internet Explorer 6 to Internet Explorer 11, .NET Framework and Microsoft Windows. All of them potentially allow Remote Code Execution and even though Windows OLE and Microsoft Word/Office Web Apps are marked as Important it allows Remote Code Execution. Overall Five out of Eight bulletins allow Remote Code Execution.

The other five important security updates address issues in ASP.NET MVC, Windows OLE, Message Queuing Service, FAT32 Disk Partition Driver, Microsoft Word and Office Web Apps.

Microsoft addresses Three zero-day vulnerabilities, Two of them are (CVE-2014-4148 and CVE-2014-4113) discovered by FireEye Labs which is addressed in MS14-058 bulletin. Third one (CVE-2014-4114) discovered by iSIGHT Partners (dubbed ‘Sandworm’) addressed in MS14-060 bulletin.

Microsoft security bulletin summary for October 2014 in order of severity.

MS14-056: Cumulative Security Update for Internet Explorer (2987107)
Severity Rating: Critical
Affected Software: Internet Explorer
Impact: Remote Code Execution

MS14-057: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
Severity Rating: Critical
Affected Software: .NET Framework
Impact: Remote Code Execution, Elevation of Privilege

MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
Severity Rating: Critical
Affected Software: Microsoft Windows
Impact: Remote Code Execution

MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
Severity Rating: Important
Affected Software: ASP.NET MVC
Impact: Security Feature Bypass

MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
Severity Rating: Important
Affected Software: Windows OLE
Impact: Remote Code Execution

MS14-061: Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
Severity Rating: Important
Affected Software: Microsoft Office Suites, Microsoft Office Web Apps and Microsoft SharePoint Server
Impact: Remote Code Execution

MS14-062: Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
Severity Rating: Important
Affected Software: Message Queuing Service
Impact: Elevation of Privilege

MS14-063: Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
Severity Rating: Important
Affected Software: Microsoft Windows
Impact: Elevation of Privilege

Patch Tuesday October 2014 Bulletin Priority
Courtesy: Microsoft Corporation

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

– Veerendra GG