Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Will Release MS14-068 Later Today SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Will Release MS14-068 Later Today

Today, Microsoft will release MS14-068. This is one of the bulletins that was skipped in November's patch Tuesday update. 

The bulletin fixes a privilege escalation vulnerability and Microsoft rated it Critical.

It does however appear that Microsoft still has process issues with releasing updates. For example, the "Monthly Bulletin Summary" for November now only lists this one bulletin [1]. The bulletin page itself is still blank, but will likely be released around 1:30pm ET.

We will update/replace this diary once the full bulletin is released.

[1] https://technet.microsoft.com/en-us/library/security/ms14-nov.aspx

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3696 Posts
ISC Handler
Dr. J:

Quote:It does however appear that Microsoft still has process issues with releasing updates
I will try my attempt at some humor. On my desk is a Round coaster, inside the circle of that coaster printed in caps TO IT! Figure it out? Answer below. :o

I, like others have found unless intense pressure is applied to MS, ie Gov pressuring EFFECTIVE IMMEDIATELY ...... MS fixes security problems when they (MS) gets "Round To It" One would deduce with the huge market share loss to their browser.. ie FF and others they would smell the "Seattle's Best"



Well, so much for logic!
ICI2Eye

52 Posts
> lists only one update

Revisions

•V1.0 (November 11, 2014): Bulletin Summary published.

•V2.0 (November 18, 2014): Bulletin Summary revised to document the out-of-band release of MS14-068 and, for MS14-066, to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012.

Page generated 2014-11-18 6:52Z-08:00.
------------------

So, they have fixed their bulletin (and their operating system).
Why is it always "good programmers, but bad technical writers" ?
Anonymous

Sign Up for Free or Log In to start participating in the conversation!