Patch Tuesday has passed, but the ramifications have not. All over sysadmins are deciding what patches to apply and when.
Here is the report of what is happening:
https://support.microsoft.com/kb/2992611 MS14-066 Schannel vulnerability is a bad remote code execution bug (must be patched)
Internet Storm Center recommends this is a patch now kind of patch – (like the shellshock a few weeks back).
|
(If you read below, the MS14-067 also is of a similar nature patch.
MS14-064: https://technet.microsoft.com/library/security/ms14-064 critical (also remote execution Windows OLE ) lot of servers affected as well as desktops
MS14-065 : http://technet.microsoft.com/en-us/security/bulletin/ms14-065 Critical – but this one is for IE11, so has a different priority level.
MS13-067: http://technet.microsoft.com/en-us/security/bulletin/ms14-067 Critical highly exploitable XML core services, and also affects many windows servers, as well as desktops.
There are unfortunately a lot more this month:
MS14-069 MS office critical patch http://technet.microsoft.com/en-us/security/bulletin/ms14-069
MS14- ( 070, 071, 072, 073, 076, 077, 078, 079)
All of the patch groups are “important” but not critical
All in all there is a staggering
24 Critical CVEs covered, as well as 9 Important CVEs.
16 actual patches on the systems
Toms Guide says only September 2013 came close in size to this Microsoft event at 13 patches.
Not to be outdone, Adobe Flash requires 18 CVEs fixed in their patch at http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
“Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223”
Also Qualys Blog recommends the MS14-64 patch to be addressed immediately, as it was a Zero-day vulnerability
In case you are not convinced to patch now.