Skip to content

Virtual Administrator’s July 2014 Patch Recommendations

6 Security Bulletins were released – 2 Critical, 3 Important, and 1 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS14-037 and MS14-038 are rated Critical. MS14-037 is yet another cumulative update for Internet Explorer 6-11 which fixes 24 vulnerabilities. After your next patch cycle completes you should follow up and make sure this is installed. MS14-038 fixes a Windows Journal (.jnt extension) vulnerability. While the number of Windows Journal users is limited all critical updates should be taken seriously.

No out-of-band updates were released during the last month.

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS14-037 Cumulative Security Update for Internet Explorer (2975687) (Internet Explorer) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2962872, KB2963952
Affected Software: Internet Explorer version 6-11
Known Issues per MS: https://support.microsoft.com/kb/2975687
MS14-038 Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) (Windows Journal) The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.
Details
KB in Kaseya: KB2971850, KB2974286
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:

IMPORTANT

MS14-039 Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker uses a vulnerability in a low integrity process to execute the On-Screen Keyboard (OSK) and upload a specially crafted program to the target system.
Details
KB in Kaseya: KB2973201, KB2973906
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS14-040 Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684) (Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs onto a system and runs a specially crafted application.
Details
KB in Kaseya: KB2961072, KB2973408
Affected Software: Vista, Windows 7/8/8.1, Server 2003/2008/2008R2/2012/2012R2, Windows RT
Known Issues per MS:
MS14-041 Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681) (DirectShow) The vulnerability could allow elevation of privilege if an attacker first exploits another vulnerability in a low integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged on user.
Details
KB in Kaseya: KB2972280, KB2973932
Affected Software: Vista, Windows 7/8/8.1, Server 2008/2008R2/2012/2012R2
Known Issues per MS:

MODERATE

MS14-042 Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) (Microsoft Server Software) The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system.
Details
KB in Kaseya: KB2972621
Affected Software: BackOffice Small Business Server, Server 2008R2/2012/2012R2
Known Issues per MS: https://support.microsoft.com/kb/2972621
Scroll To Top