4 Security Bulletins were released – 0 Critical, 4 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
It’s a light month for patches. Only 4 security bulletins and none of them rated Critical. MS14-002 patches Windows XP zero-day flaw reported Nov. 27, 2013 (here: https://technet.microsoft.com/en-us/security/advisory/2914486). Although this is being exploited Microsoft doesn’t considered it very exploitable (attacker must have valid logon credentials and be logged in locally on the vulnerable system) and that is why it us only rated Important.
No out-of-band updates were released during the last month.
- Publically disclosed: None
- Being exploited: MS14-002
- Rated CRITICAL:
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
- Servers: Yes
- Workstations: Yes
New Security Bulletins
No critical updates (hurray!)
|MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)||(Word and Office Web Apps) The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software.
|MS14-002 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)||(Windows Kernel) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
|MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)||(Kernel-Mode Drivers) The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application.
|MS14-004 Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)||(Microsoft Dynamics AX) The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance.