Update 2/18: There was an error with the original posting that caused some of the data to get confused. This has been corrected.
7 Security Bulletins were released – 4 Critical, 3 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
MS14-010 should be your priority. It addresses 24 vulnerabilities in Internet Explorer (IE6-IE11). MS14-007 is a Direct2D vulnerability that can trigger remote code execution by opening a malicious website in Internet Explorer or opening an email attachment. MS14-011 patches a vulnerability in the VBScript scripting engine.
No out-of-band updates were released during the last month.
- Publically disclosed: MS14-005, MS14-006, MS14-009, MS14-010
- Being exploited: MS14-005, MS14-009
- Rated CRITICAL: MS14-007, MS14-008, MS14-010, MS14-011
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
- Servers: No
- Workstations: No
New Security Bulletins
|MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)||(Direct2D) The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)||(Microsoft Forefront Protection 2010 for Exchange) The vulnerability could allow remote code execution if a specially crafted email message is scanned.
|MS14-010 Cumulative Security Update for Internet Explorer (2909921)||(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)||(VBScript Scripting Engine) The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website.
|MS14-005 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)||(Microsoft Windows) The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer.
|MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)||(Microsoft Windows) The vulnerability could allow denial of service if an attacker sends a large number of specially crafted IPv6 packets to an affected system.
|MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)||(.Net Framework) The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content.