Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Important (3) Vulnerability in .NET Framework Could Allow Denial of Service (2990931) Published: September 9, 2014 »technet.microsoft.com/li ··· MS14-053
Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948) Published: September 9, 2014 »technet.microsoft.com/li ··· MS14-054
Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) Published: September 9, 2014 »technet.microsoft.com/li ··· MS14-055
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
Watch September 2014 security bulletin overviewDustin Childs and Jonathan Ness from Microsoft Trustworthy Computing goes through this months Microsoft security bulletins.
I just installed Cumulative Security Update for Internet Explorer (2977629), Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948) and Microsoft Security Advisory 2755801 (Flash Player for IE 10). No problems so far. I never installed KB2993651 or its predecessor.
I couldn't get the .NET 3.5 patch from last month to install. I see there is another .NET 3.5 patch this month. I have not tried to install any of .NET patches for this month.
Ok, so has anyone that removed KB2993651 and not reinstalled it updated their system with Sep 9 patches? Issues, problems, or concerns...
Alright, my experience:
Win 7 64 bit.
Previously uninstalled 2970228 and 2993651. Hid 2993651.
Today unhid 2993651 and installed it. Upon reboot, the Tues patches were offered again and included this time was 2970228 (it wasn't there until 2993651 was reinstalled).
I finally found info on this update (KB2996851). Google had no direct link to it. Do I want this? »support.microsoft.com/kb/2996851
This update enables the "Do not connect to any Windows Update Internet locations" policy to function on client computers that are running Windows Server 2012, Windows 8, or Windows RT.
Note After you enable this policy, computers will be prevented from accessing the Windows Store.
If I am reading this correctly, I would have to have this policy set for it to work. I cannot even find this in the Group Policy settings so it should be ok to install?
Just home from business trip to Europe, and there are updates waiting on my Win 8.1 machine, but after last month's fiascos, I'm concerned about installing. But there seems to be few comments in this thread compared to past threads and no replies to those asking about the infamous KB2993651 which is also unusual. Shall I go ahead and install everything, or hold off?
I've installed 'em all on my Win7 64 machine except for "the infamous KB2993651". No problems with the others. I don't think I'll install KB2993651 until I need to.
Thanks, Pentangle; great minds think alike! I will skip that update for now and go ahead with the others, fingers crossed. It would be nice, though, to have a definitive answer from MS.
Which brings up another question about which I've been wondering: if you have Windows set to notify you when there are updates, but not install them until you say so, and they alert on a bad update that is later revoked, does it still show up? It would be nice if it's removed from the notifications if it's revoked (as some were last month), but I'm not sure, and it makes me leery of saying yes to what it's offering.
Well, it's a month after my last post in this thread in which I asked if MS would keep offering a bad update, like the KB 2993651 that borked so many systems back in August and September. And sure enough, it's still being offered here in October, and that date of the notice is August, so it doesn't look like it's been updated.
So two questions: should I just keep ignoring this and refuse to install? And why would MS keep offering an update they've acknowledged caused problems; why not just fix it and issue a new update?