Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Issues with Microsoft Updates SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Issues with Microsoft Updates

Microsoft has updated some bulletins because there are three known issues that can affect your computer.

  • when KB2982791 is installed, fonts that are installed in a location other than the default fonts directory (%windir%\fonts\) cannot be changed when they are loaded into any active session
  • Fonts do not render correctly after any of the following updates are installed:
    • 2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
    • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
    • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
    • 2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012
  • Microsoft is investigating behavior in which systems may crash with a 0x50 Stop error message (bugcheck) after any of the following updates are installed:
    • 2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
    • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
    • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
    • 2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012

If you have not installed yet those updates, please don't install it until Microsoft pubish a fix. If you already installed it, please check each article for mitigation measures.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

186 Posts
ISC Handler
Can't I just uninstall the updates?
BigTotoro

4 Posts
KB2982791 may have been fixed. My WSUS server downloaded updated versions of this yesterday
Alan

57 Posts
Hello,

Has the issue been fixed by MS or still required to uninstall?

Thx
Jason Colotario

1 Posts
Upon further review, MS just pushed down an expiration of KB2982791, not a new version.
Alan

57 Posts
From what I can tell, MS expired all four patches as I had approved them last week but all four are no longer approved.
chrisl1977

6 Posts
in addition to the 4 patches listed above, Microsoft released today rev. 2.0 of Support Article 2991509 to inform and offer a Hotfix for systems with cumulative Internet Explorer Updates applied that may become slow and unresponsive over time.
In case you or one of your users face these issues, the updated support article has the download links for corrective action.

For more information, see Microsoft Security Bulletin MS14-051. Security update 2976627 resolves one publicly disclosed and 25 privately reported vulnerabilities in Internet Explorer.
The most severe of these vulnerabilities could allow remote code execution if you view a specially crafted webpage by using Internet Explorer.
Additionally, this security update includes several non-security fixes and improvements for Internet Explorer.
Note Internet Explorer may crash after you install this security update. See the "Known issues and more information" section for more information.

After you apply the MS14-037 (KB2962872) or MS14-051 (KB2976627) cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time.
This issue occurs in Internet Explorer versions 7 through 11. To resolve this issue, Microsoft has released updates for Internet Explorer versions 7 through 11 not yet available on WSUS or usual Microsoft or Windows Update sites.
Before you install one of the updates, you must have MS14-051 Cumulative security update for Internet Explorer (KB2976627) installed to apply the Hotfix and must restart the computer after you apply it.
ELBE

13 Posts
and see: http://support.microsoft.com/kb/2881011

Another issue has been discovered in the August 12, 2014, update for Microsoft Outlook 2013 that prevents some users from opening archived folders. Microsoft has removed this update from availability, and has corrected this issue in update KB2889859
(http://support.microsoft.com/kb/2889859/ ).
ELBE

13 Posts
MS14-045 was re-released, with KB 2982791 replaced by 2993651.
And still, that latter patch has "known issues"!
http://technet.microsoft.com/library/security/ms14-045
http://support.microsoft.com/kb/2982791
http://support.microsoft.com/kb/2993651
Paul Szabo

13 Posts
Please be advised of the following published by Microsoft on the 27th of August (itens in brakets are my edits to the links attached):

"Posted on: Wednesday, August 27, 2014 1:27 PM
Author: MSRC Team
Subject: Security Bulletin MS14-045 rereleased

Every month for many years, we’ve released a number of updates focused on the continuous improvement of customers’ experiences with our technology. Historically, these updates happened at different times during the month, with the security-specific ones occurring on the second Tuesday of each month. Recently [ http://blogs.windows.com/bloggingwindows/2014/08/05/august-updates-for-windows-8-1-and-windows-server-2012-r2/ ], to further streamline, we decided to include more of our non-security updates together with our security updates and begin the global release to customers on the second Tuesday of each month.

This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.

Today, we rereleased Security Bulletin MS14-045 [ https://technet.microsoft.com/en-us/library/security/ms14-045.aspx ] to address kernel-mode driver issues, which you can learn more about through a review of the information contained here [ https://technet.microsoft.com/en-us/library/security/ms14-045.aspx ].

We encourage customers to install the security update as soon as possible. Customers with automatic updates enabled do not need to take any action. If you don’t have Windows Update enabled, we encourage you to do so now. If you’re not sure whether you’ve enabled Windows Update, you can check here [ http://support.microsoft.com/kb/306525 ]. For organizations, your IT Group, the team or person administering the network, would be the best place to check.

Tracey Pretorius, Director
Microsoft Trustworthy Computing"
Haralambos

1 Posts

Sign Up for Free or Log In to start participating in the conversation!