Microsoft Releases Replacement Patch With Two Known Bugs

snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."

Seems perfectly clear to me :)

[lippydude]

"Click on the update and you should see a 'More Information' link on the right. Click it and your browser should open to a MS knowledge base page that explains what the patch does".

"To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-0318 [mitre.org]." ref [microsoft.com]

'win32k.sys .. does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability ."'