Microsoft usually makes its updates for Windows available on what is known as “Patch Tuesday” – the second Tuesday of every month. While there were updates last week, Microsoft announced Security Bulletin MS14-068 which includes ‘Critical’ updates that weren’t released last week, but are available now.
The main thing this update patch addresses is a security vulnerability Microsoft Server 2003, 2008 (R2), etc. While client systems – Windows 7, Vista, Windows 8 are listed, according to the bulletin, severity ratings don’t apply to desktop version of Windows.
Severity ratings do not apply for this operating system because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability.
Defense-in-depth is essentially an approach to use multiple layers of defense to help prevent attackers compromise a network or system. So even though the found vulnerabilities don’t affect Windows desktops directly, it’s recommended that you download this out-of-band patch for good measure.
Install Microsoft Security update
To update for Windows 8.x go to PC Settings > Update and Recovery > Windows Update and check for updates.
There you should find the update shown below (KB3011780)
After installing the update, a Restart is required.
On Windows 7 systems, just go to Windows Update via the Start Menu and manually check for updates.
This patch is also available for Windows 10 Technical Preview users. For more on this, check out the Microsoft Security Response Center posting or go directly to the Security Bulletin MS14-068 Summary.
This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.
5 Comments
Leave a Reply
Leave a Reply
David Bennett
November 18, 2014 at 5:17 pm
Installed this update on my win 7 rig and restarted to the BSD.Had to do a system restore to fix things.
Mike
November 19, 2014 at 8:18 am
Updated (KB3011780) and (KBon 3011780) – Security Updates on Windows Server 2008 R2 x64 Edition and after the update suddenly our mobile app login authentication stops working (login happens on MS SQLexpress database). definitely some issues with these updates. Microsoft needs fix this or provide update ASAP.
Colin
November 20, 2014 at 2:01 am
Installing KB3011780 on my laptop running Vista cuts the ability to get wireless access so rendering the laptop useless. Uninstalling immediately fixes the problem!
Sam
November 21, 2014 at 2:55 am
Installed KB3011780 on my surface pro 2 and VMPlayer will not load any OS’s anymore. Says there is not enough memory (there’s 4 gigs just for the vm, 4 for host). After I uninstall, VMPlayer loads fine again.
Microsoft, get your sh*t together please.
Ziggy
November 21, 2014 at 4:25 pm
I’d love to know the science behind Microsoft’s Patch Tuesday offerings. Some computers get terribly screwed up whilst others have no problems. I’ve never been a big fan of automatic updates. I usually get them offered to me and only install them when there is little to no chatter about failed updates. As for this latest patch I installed it on two win 7 computers and no trouble thus far. Fingers crossed…Feet crossed…Arms crossed…you name it, I’ve got it crossed!