Patch Tuesday woes November 2014

November 23rd, 2014 by Stephen Jones Leave a reply »

Last week’s patches.

Some serious problems with MS14-066 (KB2992611), (the SChannel patch). This patch is reported to cause severe performance problems on SQL Server, problems with the Chrome browser communicating with IIS web servers, and disconnections of TLS 1.2 sessions during the key exchange process. There are also compatibility problems with IBM’s B2B Integrator and File Gateway.

Also problems with MS14-065 (KB3003057), which is this month’s cumulative security update for Internet Explorer. Problems include crashes of IE 11, inability to connect to the Internet after installing the patch, and incompatibilities with specific software including Epim and the IWebBrowser interface.

MS14-070 (KB2989935) is reported to cause unexpected behavior with Websphere Application Server. In most of these cases, uninstalling the patches fixes the problems.

Meanwhile, a new “out of band” patch was released. Patch releases outside of the regular Patch Tuesday schedule are relatively rare, and generally reserved for very severe zero day type vulnerabilities are that already being exploited or have been publicly disclosed and thus the risk of imminent exploit is high. This one is a little different, though. Last week’s release was unusual in that the Advance Notification the week before announced the impending release of 16 patches but on Patch Tuesday, only 14 updates appeared. Two numbers, MS14-068 and MS14-075, were deferred with the label “Release date to be determined.”

MS14-068 (KB3011780) was released today, November 18. The vulnerability that it addresses is rated critical and affects all currently supported versions of Windows Server – 2003, 2008/2008 R2, 2012/2012 R2 – but it was reported privately and the attacker has to have valid domain logon credentials to be able to exploit it.

MS14-068 addresses a checksum vulnerability in Kerberos Key Distribution Center (KDC) that, due to failure to properly validate signatures, can allow certain types of Kerberos service tickets to be forged. An attacker can use this to elevate privileges remotely, gaining domain administrator privileges with an unprivileged domain user account. The attacker would be able to impersonate any domain user and join any domain group. Obviously this would give the attacker full control over the domain.

Windows Server domain controllers that are set up to function as Kerberos KDCs should be patched as soon as possible. This includes server core installations. In addition to fixing the Kerberos vulnerability, the update also includes some additional defense-in-depth system hardening. For that reason, it should also be applied to Windows client systems – Vista, Windows 7 and Windows 8/8.1 – even though they are not at risk from the Kerberos vulnerability.

Advertisement

42 comments

  1. After looking over a number of the blog posts on your web page, I truly appreciate your way of writing a
    blog. I bookmarked it to my bookmark site list and will be checking back soon. Please visit my website too and let me know what
    you think.

  2. Woah! I’m really loving the template/theme of this site. It’s simple, yet effective.
    A lot of times it’s very hard to get that “perfect balance” between user
    friendliness and visual appeal. I must say that you’ve done a awesome job with this.
    Also, the blog loads very fast for me on Safari. Exceptional Blog!

  3. Good day! I know this is kinda off topic but
    I was wondering if you knew where I could locate
    a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding
    one? Thanks a lot!

  4. First off I would like to say superb blog! I had a quick
    question in which I’d like to ask if you don’t mind. I was curious to know how you
    center yourself and clear your head before writing.

    I’ve had a tough time clearing my thoughts in getting
    my ideas out. I truly do take pleasure in writing but it just seems like the first 10 to 15 minutes
    are usually wasted just trying to figure out how
    to begin. Any suggestions or tips? Thank you!

  5. Pretty! This has been an extremely wonderful post. Many thanks
    for supplying this information.

  6. Marvelous, what a website it is! This webpage provides useful data to us, keep it
    up.

  7. I really like your blog.. very nice colors & theme.
    Did you design this website yourself or did you hire someone
    to do it for you? Plz reply as I’m looking to
    construct my own blog and would like to know
    where u got this from. many thanks

  8. Inspiring quest there. What occurred after? Thanks!

  9. First of all I would like to say wonderful blog!
    I had a quick question in which I’d like to ask if you do not mind.

    I was curious to know how you center yourself and clear your head before writing.
    I have had a difficult time clearing my mind in getting my thoughts out.
    I truly do enjoy writing however it just seems like
    the first 10 to 15 minutes are usually lost just trying
    to figure out how to begin. Any recommendations or tips?
    Appreciate it!

  10. I’m now not sure where you’re getting your information, but good topic.
    I needs to spend some time learning much more or working out more.

    Thanks for magnificent info I was in search of this information for my
    mission.

  11. I was able to find good information from your articles.

  12. If you are going for best contents like myself, simply go to see
    this web page all the time as it offers feature contents, thanks

  13. Awesome blog! Do you have any hints for aspiring writers?

    I’m hoping to start my own website soon but I’m a little lost on everything.

    Would you advise starting with a free platform like WordPress or go for a paid
    option? There are so many choices out there that I’m completely confused ..
    Any recommendations? Kudos!

  14. Hi there to every body, it’s my first pay a visit of this blog; this weblog carries amazing and really good stuff in favor
    of readers.

  15. betwinner pt says:

    I am in fact delighted to glance at this blog posts which includes
    lots of useful data, thanks for providing such information.

  16. betwinner says:

    I absolutely love your blog and find almost all of your post’s to be exactly what I’m
    looking for. Does one offer guest writers to write
    content available for you? I wouldn’t mind composing
    a post or elaborating on some of the subjects you write with
    regards to here. Again, awesome weblog!

  17. Genuinely when someone doesn’t be aware of after that its up to other
    viewers that they will help, so here it happens.

  18. When I initially commented I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on every time a comment is added I receive 4 emails with the exact same comment.
    Is there an easy method you are able to remove
    me from that service? Appreciate it!

  19. I know this website provides quality dependent posts and extra stuff, is there any other website which offers these kinds of things in quality?

  20. It’s a shame you don’t have a donate button! I’d definitely donate to this
    outstanding blog! I guess for now i’ll settle for bookmarking and adding your RSS
    feed to my Google account. I look forward to fresh updates and will talk about this website with my Facebook group.
    Chat soon!

  21. betwinner pt says:

    I have read so many articles about the blogger
    lovers except this paragraph is in fact a fastidious piece of writing, keep it up.

  22. Great beat ! I wish to apprentice even as you amend your site,
    how could i subscribe for a blog website? The account
    helped me a acceptable deal. I have been tiny bit familiar of this your broadcast
    provided brilliant clear idea

  23. Whoa! This blog looks exactly like my old one! It’s on a completely different
    topic but it has pretty much the same page layout and design. Superb
    choice of colors!

  24. Thanks a lot for sharing this with all of us you really know
    what you are talking approximately! Bookmarked. Kindly additionally consult with my web
    site =). We will have a hyperlink change agreement between us

  25. It is actually a nice and helpful piece of info.

    I am happy that you simply shared this useful info with us.
    Please keep us up to date like this. Thanks for sharing.

  26. Spot on with this write-up, I really feel this web site needs a lot
    more attention. I’ll probably be returning to read more, thanks
    for the info!

  27. Fine way of explaining, and good paragraph to take data about
    my presentation topic, which i am going to deliver in college.

  28. Thank you for another great post. Where else may anybody get that type of info
    in such a perfect way of writing? I’ve a presentation next week, and
    I’m at the search for such info.

  29. Hello, yup this paragraph is actually good and I have learned lot of things from
    it on the topic of blogging. thanks.

  30. I blog frequently and I truly appreciate your
    information. Your article has really peaked my interest.
    I am going to bookmark your blog and keep checking for new
    details about once a week. I subscribed to your Feed as well.

  31. I like what you guys are up too. This type of clever work and exposure!
    Keep up the wonderful works guys I’ve incorporated you guys to my own blogroll.

  32. Hi are using WordPress for your site platform? I’m new to the blog world but
    I’m trying to get started and create my own. Do you need
    any coding knowledge to make your own blog? Any
    help would be greatly appreciated!

  33. I’m not that much of a online reader to be honest but your sites
    really nice, keep it up! I’ll go ahead and bookmark your site to come back down the road.
    All the best

  34. Wonderful goods from you, man. I have take into accout your stuff prior to and you are just too
    fantastic. I actually like what you have got here,
    certainly like what you’re saying and the way during which you say it.
    You’re making it entertaining and you continue to take care of to stay it sensible.
    I can’t wait to read much more from you. This is really a terrific web site.

  35. Hello, after reading this awesome paragraph i am too happy
    to share my knowledge here with friends.

  36. I was recommended this website by my cousin. I’m not sure whether this post is
    written by him as no one else know such detailed about my
    problem. You are wonderful! Thanks!

  37. Hmm it looks like your website ate my first comment (it was extremely long) so I guess
    I’ll just sum it up what I submitted and say, I’m thoroughly enjoying
    your blog. I too am an aspiring blog writer but I’m still new to everything.
    Do you have any recommendations for rookie blog writers?
    I’d certainly appreciate it.

  38. Great blog you have here but I was wondering if you knew of
    any community forums that cover the same topics discussed in this article?
    I’d really love to be a part of online community where I can get
    responses from other experienced individuals that share the same interest.
    If you have any recommendations, please let me know.
    Thanks!

  39. I simply couldn’t go away your website prior to suggesting that I extremely enjoyed the usual information a person supply on your guests?
    Is going to be back continuously in order to investigate cross-check new posts

  40. Greetings I am so excited I found your blog, I
    really found you by mistake, while I was searching on Yahoo for something else,
    Regardless I am here now and would just like to say cheers
    for a remarkable post and a all round entertaining blog (I also love the theme/design),
    I don’t have time to browse it all at the minute but I have book-marked it and
    also added your RSS feeds, so when I have time I will
    be back to read much more, Please do keep up the excellent
    work.

  41. Every weekend i used to pay a quick visit this site, as i want enjoyment, since this this web site conations in fact good funny material
    too.

Leave a Reply