Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS14-075: Vulnerabilities in Microsoft Exchange Server could allow elevation of privilege: December 9, 2014


View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS14-075. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

How to obtain this update

Microsoft Update

Use the Windows automatic updating feature to install the update from Microsoft Update. To do this, see Get security updates automatically on the Microsoft Safety and Security Center website.

Issues that are fixed in this update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2996150 Update Rollup 15 for Exchange Server 2007 Service Pack 3
  • 3011140 December 2014 security update for Exchange Server 2013 Service Pack 1 and Cumulative Update 6
  • 2986475 Update Rollup 8 for Exchange Server 2010 Service Pack 3
    Note Update 2986475 was rereleased December 12, 2014 to addresses a known issue in the original offering. Customers who uninstalled the original update should install the updated version of 2986475 at the earliest opportunity.

↑ Back to the top


Security update deployment

Microsoft Exchange Server 2007 Service Pack 3
Reference Table

The following table contains the security update information for this software.
Inclusion in Future Service PacksThe update for this issue will be included in a future service pack or update rollup
Security update file namesFor Microsoft Exchange Server 2007 Service Pack 3:
Exchange2007-KB2996150-x64-EN.msp
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementNo, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Update log fileKB2996150.log
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2996150
Registry key verificationFor Microsoft Exchange Server 2007 Service Pack 3:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange 2007\SP2\KB2996150

Microsoft Exchange Server 2010 Service Pack 3
Reference Table

The following table contains the security update information for this software.
Inclusion in Future Service PacksThe update for this issue will be included in a future service pack or update rollup
Security update file namesFor Microsoft Exchange Server 2010 Service Pack 3:

Exchange2010-KB2986475-x64-v2-en.msp
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementNo, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Update log fileKB2986475.log
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2986475
Registry key verificationFor Microsoft Exchange Server 2010 Service Pack 3:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange 2010\SP3\KB2986475

Microsoft Exchange Server 2013
Reference Table

The following table contains the security update information for this software.
Inclusion in Future Service PacksThe update for this issue will be included in a future service pack or update rollup
Security update file nameFor Microsoft Exchange Server 2013 Service Pack 1 and Microsoft Exchange Server 2013 Cumulative Update 6:
Exchange2013-KB3011140-x64-en.msp
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementNo, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Update log fileKB3011140.log
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3011140
Registry key verificationFor supported editions of Microsoft Exchange Server 2013:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange 2013\SP1\KB3011140

File hash information
Microsoft Exchange Server 2007 Service Pack 3 -2996150
File nameSHA1 hashSHA256 hash
Exchange2007-KB2996150-x64-DE.mspF99FA6444F592EE45958090EE0BBA092C202B56A6723B94B487CDB8033471192A02DAB4E0CF2C347C370B8DCC1BDF1078FE9AEA1
Exchange2007-KB2996150-x64-EN.msp2AC90A3DA495B46E203043B8D8FCD96A6C3F22D0561F725E13B31AF5EBF290527CC67352B95CEBFC33DE6BDC4D2BB2D9F3684B33
Exchange2007-KB2996150-x64-ES.mspB0C4E76AC9E93186207AF35426FE2DC3031C5493D82446A966220E2687668F54B09FDA3D47BAC7322D486AE261AB77D12522AC58
Exchange2007-KB2996150-x64-FR.mspD655CBE666F7B5AF6739B01D123738142CC49091BE46F81951B4E997FE161C972B8892A9538976D08ECEA88770624073D91B796E
Exchange2007-KB2996150-x64-IT.msp650EDA8D3F427249711510B7813F62B4B178156EDB6372F35801A3E98B3ABDE6C676FDD021D12E38E3699C940A8211B10C6BEE82
Exchange2007-KB2996150-x64-JA.msp934DE27F3BBDDF642044D8F8DB7C1FD4616BAF4E8F2AEFAE2C3276916303C856AF7B2053F80A4D7BDE1050AC0AC1F526E9731CEC
Exchange2007-KB2996150-x64-KO.mspEDB662BDDF35987447D1A7DD7B4C922E794DF7B4F2D46541BF641CFBC800DDAC83E7F5DDFFB7C4A8D916E9BD1E22D8177E962E54
Exchange2007-KB2996150-x64-PT.msp527331872A6022B1181221FA98B016C34014DB2D9E077BB0A8502F7E80D23B186A0E818BC2C5075D8559DB8431426A7C11A006AC
Exchange2007-KB2996150-x64-RU.mspF26CF497BC0148839F2F8FAAEE60AA62979E043B0CC3F62561717C3A3688445D2AA9772A1305F6F154686D9D90B36F1D90CAA2DE
Exchange2007-KB2996150-x64-ZH-CHS.msp531286484CD622DF056D1A721E11E19FCA244C1EC7037FE2BEDED55908C7EE8824CD5E701E8B5229F2B7B24F3CE52FDEAF0842CA
Exchange2007-KB2996150-x64-ZH-CHT.msp11104C426892407CF6306AF536BFA98512A7A1BC05672C06BACFDC760C47A338B7EDBAEFD9F55D43EDA3244AB33FEF30B26CB217
Exchange2007-KB2996150-x86-DE.mspC65C947D53475A43226C4DB29BAF02282A07897B90BB18760C29E84E249BDB23DC9B8F2B36643EFAB27F8F3DB1076F58BBA8F4E0
Exchange2007-KB2996150-x86-EN.mspD6D744A41BDBC2875F54ABC4B5E59663DB8B6E2B4224CF4CC8D8582956D0708476D0F455B6CB88EF7A2863E7644DD2DE08C3775E
Exchange2007-KB2996150-x86-ES.mspE099B0181F5EF1EFEE19E83C6C63BCBE4A046DDD23C934AB94EDD58C464E16CE0809AED9043A106B195333403B894B27D50E6CD8
Exchange2007-KB2996150-x86-FR.mspB744053708F5D6308D80020BF02214ECE34E11A0217607E6C94BCDD8841370CB8396ED458E17CF801E63388B62DE1D7AD34535FC
Exchange2007-KB2996150-x86-IT.mspB8591A7024EE3872AC99B895FAA6B98A3E7844CB53CB0A7574F5A848CD1BF4F53FF35E031B4F9D5768F85989C427472AF7524819
Exchange2007-KB2996150-x86-JA.msp9B3BE07D6AB7E0B5478DC792EC1A9A6EF963A90FC76F649D2B87D817F4B7499BCDF384E8CDBFE47B46900D444821ECA4EC96899E
Exchange2007-KB2996150-x86-KO.msp6AD01C5A60CCC3F9F7DC378A102F09F38CA7488576360BE66C0AB408F5782905ACFBC536F7A608534313283FBE08F602C0A5BBA8
Exchange2007-KB2996150-x86-PT.mspD7A366883EC347E2A01B97B45B3E8CF07188F18F453E8F8A5AF6769AA7395859DCA2C23C166A77CAC0DCFDCC57EBEF58D0A77175
Exchange2007-KB2996150-x86-RU.msp42C02C920AEA7F6CC3FCDD206A8C30BF2A42A151F5A46454A73DB75B5F4EBC0288129EDCCA44FCF3DF6DC4E30ED73FDE9ACD7431
Exchange2007-KB2996150-x86-ZH-CHS.msp44E69E96233B58099E3F90011B5DE5AB11F37A5C72C633A225F499BF85D4BE938AEB3A99FF8C73BE17EDD46B3BD435BB1FEA8DAE
Exchange2007-KB2996150-x86-ZH-CHT.msp9EF005E725F79D82CA05EF6623C172EDA031CC9FFF1385227590EDA20C6A1F6FE3B924E5B2D9EA23A23B9F9C46A1F7DCAAB9DC65
Microsoft Exchange Server 2010 Service Pack 3 -2986475
File nameSHA1 hashSHA256 hash
Exchange2010-KB2986475-v2-x64-ar.msp3BB507B2AE7BE0ADFABFB20915DAE27457A0E391AFD44AB4D8A07A146E6E6C0F19DC445A2905B5A3B528BBC8796E78D96D4E2656
Exchange2010-KB2986475-v2-x64-de.msp041F35408B76AFD4BF64AEF93AC130B6075CA4314782DEC420E4225412506CC5A266E9CF8CCD20B383C3B3454DE9A2CA06FA747C
Exchange2010-KB2986475-v2-x64-en.mspC5AE27E1F790EAFF736F45E43025FF794EB60521C4D9F827421273C5EF3423FBC395229C8F140562096CDB38D47F59EA90ED6F06
Exchange2010-KB2986475-v2-x64-es.mspECD58F0932D0475FE1802F54F70443F3CBD9C3769AFDCD3243438D79E787253FFF82844067BCBAB78EDF4C82600FC46CE94AF277
Exchange2010-KB2986475-v2-x64-fr.msp28E6419591230BABBA21F0E44CC77636AA96AB400B42FB6689BF31AC0B882D0A6512704DAB7298CBAE09C94D91B5257DAE0D8055
Exchange2010-KB2986475-v2-x64-he.mspE9A667FE5C50DA0C3D3644FFA0C6EC6C5EA85DFE707E77BAD85387733A795CCFFC0D5DD984ADEEEF28940173527046DEF6470081
Exchange2010-KB2986475-v2-x64-it.msp958E3BD2C4639C9CCEABE1DE3FBF2D4B5F3C550CF697CB18B084489BFE4C48DDB286CADD5D453F7DA7666E2E2BD2FD67AEB6ED8D
Exchange2010-KB2986475-v2-x64-ja.msp80F50FC724EEA6BC65CB20EDEDD3FF7B3695A2DBAD3E6D51F348E4C9082AF2761678F7237D217EEDD5DD2CEDB2951AB0F57FA974
Exchange2010-KB2986475-v2-x64-ko.mspA0D63A8F955BEB61D1F9FFFC47A48691CFC71370AF5E570F82F0322942965B9C5655908676325D687284C3273C7A1F2B84A8801A
Exchange2010-KB2986475-v2-x64-pt.mspF54DFEBF6DC213828FCA10F6FE883FF986C56D251381677CB93D040037DFCF1CCD01E5A79853115D05FAFB782A7BB97B2CED077E
Exchange2010-KB2986475-v2-x64-ru.msp61EBC81F27ED698418ACDE6A042790A579C7540F207FEC7DC31627BDEFC7A2BCDCB8D0F955483AB64BA81940A95A53FBF841A3E6
Exchange2010-KB2986475-v2-x64-zh-hans.msp7FDF3C75EBEC5F9FC1EDF85B49E2DC38F86970B567D57DD00A682F935195483D58F6C8D530A6B5BED1EEA93DAD55038814674280
Exchange2010-KB2986475-v2-x64-zh-hant.mspBB4BB743AC112E3417D34F0D09F3C676504D1B4E5278E170D4B7EC113DAFAEC4DA6624F9571B82110DA72EEE319BB64BE96E34F0
Microsoft Exchange Server 2013 Service Pack 1-3011140
File nameSHA1 hashSHA256 hash
Exchange2013-KB3011140-x64-de.mspF9AFD312CBFD9CBE2BB8CE67B0C81E3DCEED692EA931A264C7BF8C0DA4679CFC4D5ECE9CE0A8E2532EBF653A0ABC341062E095D7
Exchange2013-KB3011140-x64-en.msp26F3F14AB52557EDDDA4155810E49A85A1BF9664B4DFC8182169C894A7FDF8E75164E334E2F39BAD2EA2F35762BA8C214920782E
Exchange2013-KB3011140-x64-es.mspF576EA53A10F3B9F3FF82EA39BCCE8F61D2DEEC691BF2623C63A783787E2FDB768B395BEDF3C56EFB2565FA5B66A1BB22AC44E71
Exchange2013-KB3011140-x64-fr.mspB6A3EB61479CDF30C9F30C4CA5D0E2F333448467550CA06BE59143FBFDA077FC07A99507F8A19274328AF737F0EDC540C170BB8F
Exchange2013-KB3011140-x64-it.msp8D5B8F23DC79763541A8990E88D6C8A55E42836BDB8B93C1856F3BEE1A9A7ACFEE122044EE5D4D6D918E663612A63CE25EE6F2DF
Exchange2013-KB3011140-x64-ja.mspD7853124022867FD1CF09FD6CC9CC2645202771310BE77D63F0B7C9CDE5E5314E3AC5467C13EEF47932E58F3649E568A940665EE
Exchange2013-KB3011140-x64-ko.msp0CA4F463FFD26CA29A5908C41975AF5402C68ECF5857C316BBACEE2B54F7B6A89CAECE60BF44991D2C5D1B9ED2EF0F0E870C96D1
Exchange2013-KB3011140-x64-pt.mspD0F3905076F082276E5E8A3ED22060BBB1773F5D9E50D024FCD1FBEE034F46141D013560D44E02C527B4A8DA9F29EE250E592F78
Exchange2013-KB3011140-x64-ru.msp2BE1AFBDD2F9291AF8FE2FE2074D537E94CAE2B4A6F720D3888CEFCC7176C44DF896974D83D7544510E55587AD90E3B56A8E39F3
Exchange2013-KB3011140-x64-zh-hans.msp6B679E3AC9B652AB861F5933384D62C3B37B36EA918D249EA0BF8669DFFCD6EBAC0965593863117AEFB452588EE6506B8D6624A5
Exchange2013-KB3011140-x64-zh-hant.msp6D10DC3DC6E870C34D50CD3B8F111222DF32394A27CF6C886472629CAB1910E101159EBBBB0E7F5D11C34A8507800480909D8DBA
Microsoft Exchange Server 2013 Cumulative Update 6 -3011140
File nameSHA1 hashSHA256 hash
Exchange2013-KB3011140-x64-de.msp5DDB9F7CEA5FE810A0EC937B6A5D946F7E694A084C1F3DD8C295818E47388A188926AED07B4BB7B11545CF796D8A2C7D90E31714
Exchange2013-KB3011140-x64-en.msp493444C3295BC0735EBED62ECA0F57D82CAEA00E2611D9569DA9D1D623E816AC86B8CA730B002AE0BCA16CD10A5C99921BE3C474
Exchange2013-KB3011140-x64-es.mspF8EFE49F44DBC7F7AF2510FB22E7CD32ED9AB836F4C8BADCB4D17DA11D97FEC07B37FA7443EE829F5E9F2A2E3473677F493546A3
Exchange2013-KB3011140-x64-fr.mspDD1C1993D0050D2A1299A57720E99C12647AFC67F3F735BD3D73335564F6CF4E25EE041EE74CA667B86A003D26AF5E8CAE6B99A4
Exchange2013-KB3011140-x64-it.mspE81CBD5F3F0A52263BC8D1631CE59543D1FA0735F004AF69C4C98F4BC4A7000182C6E58E70FAF8DA79F6325F05747F87299D813E
Exchange2013-KB3011140-x64-ja.mspB70536BDEEEB84F9D86A81BEE13292862A9D1D11E33EA61581EB4D97CF84200FC212EABF51D7B2C0C8A89DBC1BA334920335C8D3
Exchange2013-KB3011140-x64-ko.msp728AE70A16382A0F8114F4A9F836582FF4C0CBA92C447379FC678A7E1DE8F0113E63F784164D012F7D213069B0D46CDA0E1485C2
Exchange2013-KB3011140-x64-pt.msp3895C3B8335CB508A892E3A9C180024D5F7A90D42AB861D45E03474B85597980BDE50EDF561D79D0991AB67F7FF72C8A2EB9451E
Exchange2013-KB3011140-x64-ru.mspCBC67710E637D6F309F3977E3B2B36ABCFC08F50826FD39B9FA2AD61B91AFDD88DE4C02FFD56D0E066844FA4DF3303407C5C14A4
Exchange2013-KB3011140-x64-zh-hans.mspC59A9BDA3EA450BD50B798DC2B4220418BD1D39576F33CB9D4D5259B8C79FEBB7DED91DF26420878D25379ED192C2C5C37D459B6
Exchange2013-KB3011140-x64-zh-hant.msp38E67833066C3F49DA212CC05152BCCA61D6EAFA88B3289F217E66C36A060CFB7F7F05AF25E97EBE37B81BFA819DDFC46B47E8BF

↑ Back to the top


Keywords: kbsurveynew, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbbug, kblangall, kbfix, kbexpertiseinter, kb, atdownload, kbmustloc

↑ Back to the top

Article Info
Article ID : 3009712
Revision : 1
Created on : 1/7/2017
Published on : 12/12/2014
Exists online : False
Views : 400