Virtual Administrator's April 2014 Patch Recommendations

4 Security Bulletins were released – 2 Critical, 2 Important, and 0 Moderate

This Month In Brief

We are denying KB2919355 at this time- see details below. All other patches have been approved.

MS14-017 and MS14-018 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. MS14-017 is only known to have been exploitable in the Word for Windows 2010 but all versions are technically vulnerable. MS14-018 affects Internet Explorer versions 6-11 (but not 10).

No out-of-band updates were released during the last month.

XPocalypse: Support for Windows XP and Office 2003 ended April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system. Here a good article for those affected “Cyber threats to Windows XP and guidance for Small Businesses and Individual Consumers” (http://blogs.technet.com/b/security/archive/2014/03/24/cyber-threats-to-windows-xp-and-guidance-for-small-businesses-and-individual-consumers.aspx)

Denied: KB2919355 is a cumulative set of security updates, critical updates and updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. It is listed under MS14-018 however the newly reported vulnerabilities are patched with KB2936068 which has been approved in our patch policy. If KB2936068 is installed you are protected in spite of the KB2919355 deny.
The issues with KB2919355 are listed below. We will monitor Microsoft’s progress correcting these issues over the next few weeks. We will likely be compelled to approve KB2919355 next month regardless as “All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require this update to be installed.”

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update: April 2014
http://support.microsoft.com/kb/2919355

Issue with Windows Server 2012 R2 Update KB 2919355 | view topic:
http://forums.veeam.com/microsoft-hyper-v-f25/issue-with-windows-server-2012-update-kb-2919355-t21317-15.html

Error 0x80071a91 when installing update 2919355 in Windows:
http://support.microsoft.com/kb/2939087/en-us

Internet Explorer 11 crashes when you turn on or turn off the Enterprise Mode feature
http://support.microsoft.com/kb/2956283

You are unable to uninstall IIS after you install KB2919355 in Windows 8.1 or Windows Server 2012 R2:
http://support.microsoft.com/kb/2957390/en-us

Exploitability

Requires Restart

  • Servers: No
  • Workstations: No

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) (Microsoft Office/Services/Web Apps) The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software.
Details
KB in Kaseya: KB2863907, KB2863910, KB2863919, KB2863926, KB2878219, KB2878220, KB2878221, KB2878237, KB2878303
Affected Software: Office 2003/2007/2010/2013, Web Apps, Word Viewer, Office Compatibility Pack, Office 2011 for MAC, SharePoint Server 2010/2013
Known Issues per MS: https://support.microsoft.com/kb/2949660
MS14-018 Cumulative Security Update for Internet Explorer (2950467) (Internet Explorer) These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2936068
Affected Software: Internet Explorer 6/7/8/9/11
Known Issues per MS:

IMPORTANT

MS14-019 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) (Microsoft Windows) The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location.
Details
KB in Kaseya: KB2922229
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS14-020 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145) (Microsoft Publisher) The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher.
Details
KB in Kaseya: KB2878299, KB2817565
Affected Software: Office 2003/2007
Known Issues per MS: