Skip to content

Virtual Administrator’s February 2014 Patch Recommendations

Update 2/18: There was an error with the original posting that caused some of the data to get confused. This has been corrected.

7 Security Bulletins were released – 4 Critical, 3 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS14-010 should be your priority. It addresses 24 vulnerabilities in Internet Explorer (IE6-IE11). MS14-007 is a Direct2D vulnerability that can trigger remote code execution by opening a malicious website in Internet Explorer or opening an email attachment. MS14-011 patches a vulnerability in the VBScript scripting engine.

No out-of-band updates were released during the last month.

Exploitability

Requires Restart

  • Servers: No
  • Workstations: No

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390) (Direct2D) The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2912390
Affected Software: Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT/RT8.1
Known Issues per MS:
MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022) (Microsoft Forefront Protection 2010 for Exchange) The vulnerability could allow remote code execution if a specially crafted email message is scanned.
Details
KB in Kaseya: KB2927022
Affected Software: Forefront Protection 2010
Known Issues per MS: https://support.microsoft.com/kb/2927022
MS14-010 Cumulative Security Update for Internet Explorer (2909921) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2909921
Affected Software: Internet Explorer
Known Issues per MS:
MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390) (VBScript Scripting Engine) The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website.
Details
KB in Kaseya: KB2909210, KB2909212, KB2909213
Affected Software: VBScript 5.6/5.7/5.8
Known Issues per MS:

IMPORTANT

MS14-005 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036) (Microsoft Windows) The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2916036
Affected Software: XML Core Services
Known Issues per MS:
MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659) (Microsoft Windows) The vulnerability could allow denial of service if an attacker sends a large number of specially crafted IPv6 packets to an affected system.
Details
KB in Kaseya: KB2904659
Affected Software: Windows 8,Server 2012, Windows RT
Known Issues per MS:
MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607) (.Net Framework) The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content.
Details
KB in Kaseya: KB2898855, KB2898856, KB2898857, KB2898858, KB2898860, KB2898864, KB2898857, KB2898865, KB2898866, KB2898869, KB2898870, KB2898871, KB2901110, KB2901111, KB2901112, KB2901113, KB2901115, KB2901118, KB2901119, KB2901120, KB2901126, KB2901127, KB2901128, KB2904878, KB2911501, KB2911502
Affected Software: NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1
Known Issues per MS:
Scroll To Top