JPCERT-AT-2014-0045
JPCERT/CC
2014-11-12
<<< JPCERT/CC Alert 2014-11-12 >>>
Microsoft Security Bulletin for November 2014
(including 4 critical patches)
https://www.jpcert.or.jp/english/at/2014/at140045.html
I. Overview
Microsoft has released its security bulletin for November, 2014.
This bulletin contains four (4) updates that are rated as "critical".
Remote attackers leveraging these vulnerabilities may be able to
execute arbitrary code.
Details on the vulnerabilities can be found at the following URL:
Microsoft Security Bulletin Summary for November 2014
https://technet.microsoft.com/en-us/library/security/ms14-nov
[Security updates rated as "critical"]
MS14-064
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
https://technet.microsoft.com/en-us/library/security/ms14-064
MS14-065
Cumulative Security Update for Internet Explorer (3003057)
https://technet.microsoft.com/en-us/library/security/ms14-065
MS14-066
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
https://technet.microsoft.com/en-us/library/security/ms14-066
MS14-067
Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)
https://technet.microsoft.com/en-us/library/security/ms14-067
According to Microsoft, attacks leveraging MS14-064 have been
observed in the wild.
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update
http://www.update.microsoft.com/
Windows Update
http://windowsupdate.microsoft.com/
* With the April 2014 update, Microsoft has ended the support for
Windows XP and Office 2003. Concerns on security risk will rise
henceforth, and therefore please consider updating to a newer OS
and software.
III. References
Microsoft
Microsoft Security Bulletin Summary for November 2014
https://technet.microsoft.com/en-us/library/security/ms14-nov
Microsoft
Microsoft Security Information for November 2014 (Monthly) - MS14-064 - MS14-079 (Japanese)
http://blogs.technet.com/b/jpsecurity/archive/2014/11/12/201411-security-bulletin.aspx
Microsoft
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
https://technet.microsoft.com/en-us/library/security/2755801
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top