Virtual Administrator’s March 2014 Patch Recommendations

5 Security Bulletins were released – 2 Critical, 3 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS14-012 and MS14-013 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. The top priority this month is MS14-012. It affects all versions of Internet Explorer and was reported in February (http://technet.microsoft.com/en-us/security/advisory/2934088). MS14-015 is rated Important and patches the Windows Kernel Driver sub-system. There have been some isolated reports of MS14-015 (KB2930275) causing problems with Vista machines but these reports have not been corroborated. If you do have problems with Vista machines after patching this is most likely suspect.

Exploitability

• Publically disclosed: MS14-012, MS14-015
• Being exploited: MS14-012
• Rated CRITICAL: MS14-012, MS14-013
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers: No
• Workstations: No

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS14-012 Cumulative Security Update for Internet Explorer (2925418)	(Internet Explorer) These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB2925418 Affected Software: Internet Explorer Known Issues per MS: https://support.microsoft.com/kb/2925418
	MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)	(DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted image file. Details KB in Kaseya: KB2929961 Affected Software: XP, Vista, Windows 7/8/8.1, Server 2003, Server 2008/2008R2, Server 2012/2012R2 Known Issues per MS:

IMPORTANT

	MS14-014 Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)	(Silverlight) The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. Details KB in Kaseya: KB2932677 Affected Software: Silverlight 5 Known Issues per MS:
	MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)	(Windows Kernel) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. Details KB in Kaseya: KB2930275 Affected Software: XP, Vista, Windows 7/8/8.1, Server 2003, Server 2008/2008R2, Server 2012/2012R2, Windows RT Known Issues per MS:
	MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)	(Security Account Manager Remote) The vulnerability could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username. Details KB in Kaseya: KB2923392, KB2933528 Affected Software: XP, Vista, Server 2003, Server 2008/2008R2, Server 2012/2012R2 Known Issues per MS: