After a successful new years party it’s time to get our hands on something more complicated ;)
Like every month, Microsoft sends us a gift called “Microsoft Security Bulletin”. This month’s bulletin is called MS14-jan. It consists of 4 security bulletins listed below:
- MS14-001 – [Important/Remote Code Execution] – Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
- MS14-002 – [Important/Elevation of Privilege] – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
- MS14-003 – [Important/Elevation of Privilege] – Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
- MS14-004 – [Important/Denial of Service] – Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
Among them, there were two others:
- KB2913431 which is intended to eliminate Windows 7 or Server 2008 R2 crash, when there is a program that uses Windows Filtering Platform (such as an antivirus program) is running on the computer.
- KB2862330 which is meant to secure USB kernel mode drivers. This update is re-released on 14.01.2014.
KB2914368, KB2913602, KB2913431 and KB2862330 may lead to unpredicted hardware errors and BSOD’s as all of them have impact either on kernel or kernel mode drivers.
Like always it’s good to read about all updates, check if someone had any issues with them and TEST them before deploying on production systems.
In our environment everything went good apart from one server running Windows 2011 Essentials with Eaton UPS connected to it. We had to uninstall all of the installed updates to find out which one caused the error and to hide it from feature installing or until fix will be available.
After a bit of searching we have narrowed to the update KB2914368 that lead to BSOD during shutdown and broke UPS drivers. After removing it, reinstalling UPS software, updating drivers and reinstalling the update all went good. So if You plan to apply updates regarding kernel-mode drivers first make sure that your drivers are either compatible or update.