Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Out-of-band release for Security Bulletin MS14-068 (11/18/14)


  • Please log in to reply
12 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 PM

Posted 18 November 2014 - 10:17 AM

Out-of-band release for Security Bulletin MS14-068

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

More information about this bulletin can be found at Microsofts Advance Notification Service page.


Microsoft Security Bulletin Advance Notification for November 2014
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 dvk01

dvk01

  • Malware Response Team
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 18 November 2014 - 10:50 AM

We will wait with baited breath to see what it does. This is one of the updates that was postponed from Last Tuesday’s ( 11November2014) big patch Tuesday because it wasn’t up to the required standard

Lets hope that it does fix what ever vulnerability it is supposed to fix and doesn’t break anything.

After reading the advanced notice more deeply, I find it does not affect Vista, Windows 7 or Windows 8/8.1 which are the main desktop and consumer versions of windows in common use


Notes for MS14-068

Windows Technical Preview and Windows Server Technical Preview are affected. Customers running these operating systems are encouraged to apply the update, which will be available via Windows Update.

[1]Severity ratings do not apply for this operating system because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability.


My considered opinion is to hold off installing this on Vista, Windows 7 or Windows 8/8.1 for a day or 2, until we see what adverse affects are discovered.

#3 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 PM

Posted 18 November 2014 - 11:16 AM

The Aggregate Severity Rating only shows Critical for Windows Server 2003, Server 2008/2008 R2, Server 2012/2012 R2, Server Core installation option.

Windows Technical Preview and Windows Server Technical Preview are also affected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:10 AM

Posted 18 November 2014 - 12:45 PM

This doesn't seem to do anything for windows 8 (or for 8.1 according to their bulletin) i just checked for updates now()17:30 uk time) and nothing new and there are no new ones available to me.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 PM

Posted 18 November 2014 - 02:00 PM

I just received notice of security update (KB3011780) was available for downloading. Clicking the more information link directs to MS14-068: Vulnerability in Kerberos could allow elevation of privilege: November 18, 2014

Applies to:

Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2012 Datacenter
Windows Server 2012 Standard
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows 8 Enterprise
Windows 8 Pro
Windows 8
Windows RT
Windows Server 2008 R2 Service Pack 1, when used with:
Windows Server 2008 R2 Datacenter
Windows Server 2008 R2 Enterprise
Windows Server 2008 R2 Standard
Windows Web Server 2008 R2
Windows Server 2008 R2 Foundation

Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter

Windows Server 2008 Service Pack 2, when used with:

Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Web Server 2008
Windows Server 2008 Foundation
Windows Server 2008 for Itanium-Based Systems

Windows Vista Service Pack 2, when used with:
Windows Vista Ultimate
Windows Vista Enterprise
Windows Vista Business
Windows Vista Home Premium
Windows Vista Home Basic
Windows Vista Starter

Microsoft Windows Server 2003 Service Pack 2, when used with:
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:10 AM

Posted 18 November 2014 - 02:23 PM

Oh yes. it'a appeared now. I'm downloading it, well in an hour or two once i've had long enough to hear if it's cuased many crashes. It's 6.3 megebytes or so, KB3011780. It's something to do with "kerberos" whatever that is, the update is available for windows 8 but hasn't been given a severity rating on this OS.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 PM

Posted 18 November 2014 - 02:28 PM

Kerberos (protocol)
Kerberos Explained
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:10 AM

Posted 18 November 2014 - 04:58 PM

I just installed this one, it seemed to work but gave me a type of crash during reboot afterwards. The crash wasn't severe, but it was a crash nonetheless. I ran the update, let it restart and it got to the logon screen fine, then i input my password and saw that blasted little circling thing for 5 minutes when the metro and desktop should have loaded within 30 seconds, i "hard restarted" it by holding down the power button, restarted a few times and it all worked fine. update seemed to be installed after this bother was over. windows 8, 64 bit, avg antivirus, chrome and firefox as main browsers, toshiba laptop.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 PM

Posted 18 November 2014 - 07:38 PM

I have not heard of any similar reports since you posted your experience.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 gbilios

gbilios

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 19 November 2014 - 12:20 AM

There is no severity ratings for desktop versions of windows



#11 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:10 AM

Posted 19 November 2014 - 12:33 AM

@ quietman7

 

Does this also affect Windows XP?  I think yes. 

I do not see it in the list of affected operating systems you so kindly provide, and why should I?,  as it is no longer supported,  And because  XP is no longer supported,  NO PATCH.


Edited by NickAu1, 19 November 2014 - 12:34 AM.


#12 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 PM

Posted 19 November 2014 - 05:28 AM

Correct...since XP is no longer supported it is not on the list so there is no patch.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 mikeshawn

mikeshawn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 19 November 2014 - 11:36 AM

Updated both on webserver

Security Update for Windows Server 2008 R2 x64 Edition (KB2992611)
Security Update for Windows Server 2008 R2 x64 Edition (KB3011780)
Installation date: ‎11/‎19/‎2014 10:54 AM
And now mobile app login authentication (occurs on MS SQLExpress database) stops
working. Absolutely working working fine before this update.
 
ANy help. Microsoft needs to fix ASAP or provide update for above OS. Any idea. Please help.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users