Number: IRCNE2014112376
Date: 2014/11/17
According to “zdnet”, Microsoft released 14 security updates to address 33 vulnerabilities in Windows, Internet Explorer and Office. Two updates scheduled for release today (MS14-068 and MS14-075) were withheld and their release date is yet to be determined.
The most severe of the vulnerabilities may be MS14-066 which could allow remote, unauthenticated compromise of Windows servers.
Two of the vulnerabilities are being exploited in the wild. For one of them, Microsoft had previously released a "Fix it" to block the known attacks.
Users of Microsoft's EMET (Enhanced Mitigation Experience Toolkit), a tool for hardening applications against attack, should upgrade the tool to the new version 5.1 before applying today's Internet Explorer updates. Microsoft has said that the updates cause problems for users of version 5.0 of EMET.
Microsoft also released a new version of Flash Player integrated into Internet Explorer 10 and 11 to address vulnerabilities disclosed today by Adobe.
The new version of the Windows Malicious Software Removal Tool (KB890830) removes malware from the Win32/Tofsee and Win32/Zoxpng families, according to a blog from the Microsoft Malware Protection Center.
- 2