Date and Time
Microsoft Server Users
Microsoft released an out-of-band patch, MS14-068, to address a Critical vulnerability in server versions of Windows. Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability.
In addition to the out-of-band patch, Microsoft revised 2 recently posted updates:
- MS14-066 - To announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012
- MS14-NOV - Document the out-of-band release of MS14-068 and revision to MS14-066
Advanced Users: For a complete description of the security enhancements and affected software refer to Microsoft Security Bulletins:
- MS14-068 (Vulnerability in Kerberos Could Allow Elevation of Privilege) at https://technet.microsoft.com/library/security/MS14-068
- MS14-066 (Vulnerability in Schannel Could Allow Remote Code Execution) at https://technet.microsoft.com/library/security/ms14-066
- Microsoft Security Bulletin Summary for November 2014 at https://technet.microsoft.com/library/security/ms14-nov
All server versions of Windows are affected, specifically:
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server Technical Preview is also affected by this vulnerability.
WHAT'S THE PROBLEM?
Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service.
HOW DO I PROTECT MY COMPUTER?
Update your software
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer, refer to Microsoft Security Bulletin Summary for November 2014 at https://technet.microsoft.com/library/security/ms14-nov on how to obtain the latest updates for your specific software.
- IT Security - http://it.ucsf.edu/security