Microsoft usually makes its updates for Windows available on what is known as “Patch Tuesday” – the second Tuesday of every month. While there were updates last week, Microsoft announced Security Bulletin MS14-068 which includes ‘Critical’ updates that weren’t released last week, but are available now.
The main thing this update patch addresses is a security vulnerability Microsoft Server 2003, 2008 (R2), etc. While client systems – Windows 7, Vista, Windows 8 are listed, according to the bulletin, severity ratings don’t apply to desktop version of Windows.
Severity ratings do not apply for this operating system because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability.
Defense-in-depth is essentially an approach to use multiple layers of defense to help prevent attackers compromise a network or system. So even though the found vulnerabilities don’t affect Windows desktops directly, it’s recommended that you download this out-of-band patch for good measure.
Install Microsoft Security update
To update for Windows 8.x go to PC Settings > Update and Recovery > Windows Update and check for updates.
There you should find the update shown below (KB3011780)
After installing the update, a Restart is required.
On Windows 7 systems, just go to Windows Update via the Start Menu and manually check for updates.
This patch is also available for Windows 10 Technical Preview users. For more on this, check out the Microsoft Security Response Center posting or go directly to the Security Bulletin MS14-068 Summary.
This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.