Skip to content

Virtual Administrator's January 2014 Patch Recommendations

4 Security Bulletins were released – 0 Critical, 4 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

It’s a light month for patches. Only 4 security bulletins and none of them rated Critical. MS14-002 patches Windows XP zero-day flaw reported Nov. 27, 2013 (here: https://technet.microsoft.com/en-us/security/advisory/2914486). Although this is being exploited Microsoft doesn’t considered it very exploitable (attacker must have valid logon credentials and be logged in locally on the vulnerable system) and that is why it us only rated Important.

No out-of-band updates were released during the last month.

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

No critical updates (hurray!)

IMPORTANT

MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605) (Word and Office Web Apps) The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software.
Details
KB in Kaseya: KB2827224, KB2837577, KB2837596, KB2837617, KB2837625, KB2863834, KB2863866, KB2863879, KB2863901, KB2863902
Affected Software: Office 2003/2007/2010/2013/2013RT, Word Viewer, SharePoint Server 2010/2013, Office Web Apps 2010/2013
Known Issues per MS: https://support.microsoft.com/kb/2916605
MS14-002 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368) (Windows Kernel) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Details
KB in Kaseya: KB2914368
Affected Software: XP, Server 2003
Known Issues per MS:
MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602) (Kernel-Mode Drivers) The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application.
Details
KB in Kaseya: KB2913602
Affected Software: Windows 7, Server 2008R2
Known Issues per MS:
MS14-004 Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826) (Microsoft Dynamics AX) The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance.
Details
KB in Kaseya: KB2914055, KB2914057, KB2914058, KB2920510
Affected Software: Dynamics AX 4.0, 2009, 2012/2012 R2
Known Issues per MS:
Scroll To Top