Virtual Administrator's January 2014 Patch Recommendations

4 Security Bulletins were released – 0 Critical, 4 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

It’s a light month for patches. Only 4 security bulletins and none of them rated Critical. MS14-002 patches Windows XP zero-day flaw reported Nov. 27, 2013 (here: https://technet.microsoft.com/en-us/security/advisory/2914486). Although this is being exploited Microsoft doesn’t considered it very exploitable (attacker must have valid logon credentials and be logged in locally on the vulnerable system) and that is why it us only rated Important.

No out-of-band updates were released during the last month.

Exploitability

• Publically disclosed: None
• Being exploited: MS14-002
• Rated CRITICAL:
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers: Yes
• Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

No critical updates (hurray!)

IMPORTANT

	MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)	(Word and Office Web Apps) The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. Details KB in Kaseya: KB2827224, KB2837577, KB2837596, KB2837617, KB2837625, KB2863834, KB2863866, KB2863879, KB2863901, KB2863902 Affected Software: Office 2003/2007/2010/2013/2013RT, Word Viewer, SharePoint Server 2010/2013, Office Web Apps 2010/2013 Known Issues per MS: https://support.microsoft.com/kb/2916605
	MS14-002 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)	(Windows Kernel) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Details KB in Kaseya: KB2914368 Affected Software: XP, Server 2003 Known Issues per MS:
	MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)	(Kernel-Mode Drivers) The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application. Details KB in Kaseya: KB2913602 Affected Software: Windows 7, Server 2008R2 Known Issues per MS:
	MS14-004 Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)	(Microsoft Dynamics AX) The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance. Details KB in Kaseya: KB2914055, KB2914057, KB2914058, KB2920510 Affected Software: Dynamics AX 4.0, 2009, 2012/2012 R2 Known Issues per MS: