The Internet Storm Center posted earlier today that Microsoft plans to release MS14-068 today which apparently addresses a critical vulnerability in several versions of Windows that can allow an attacker to escalate access on a vulnerable computer. The text of the ISC article is below and I suspect Microsoft will be making downloads available shortly. I have not seen any indication (yet) that this is remotely exploitable, so it may be worth waiting to see if anyone else has problems with it. Additionally, I still haven’t heard much about MS14-075 and there are no additional details on the Microsoft site (yet). We expect to this update available to MyIT customers so that will be installed during normal reboots.
Today, Microsoft will release MS14-068. This is one of the bulletins that was skipped in November’s patch Tuesday update.
The bulletin fixes a privilege escalation vulnerability and Microsoft rated it Critical.
It does however appear that Microsoft still has process issues with releasing updates. For example, the “Monthly Bulletin Summary” for November now only lists this one bulletin . The bulletin page itself is still blank, but will likely be released around 1:30pm ET.
We will update/replace this diary once the full bulletin is released.
Microsoft Site : https://technet.microsoft.com/en-us/library/security/ms14-nov.aspx