6 Security Bulletins were released – 2 Critical, 3 Important, and 1 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
MS14-037 and MS14-038 are rated Critical. MS14-037 is yet another cumulative update for Internet Explorer 6-11 which fixes 24 vulnerabilities. After your next patch cycle completes you should follow up and make sure this is installed. MS14-038 fixes a Windows Journal (.jnt extension) vulnerability. While the number of Windows Journal users is limited all critical updates should be taken seriously.
No out-of-band updates were released during the last month.
- Publically disclosed: None
- Being exploited: None
- Rated CRITICAL: MS14-037, MS14-038
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
- Servers: Yes
- Workstations: Yes
New Security Bulletins
|MS14-037 Cumulative Security Update for Internet Explorer (2975687)||(Internet Explorer) The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS14-038 Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)||(Windows Journal) The vulnerability could allow remote code execution if a user opens a specially crafted Journal file.
|MS14-039 Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)||(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker uses a vulnerability in a low integrity process to execute the On-Screen Keyboard (OSK) and upload a specially crafted program to the target system.
|MS14-040 Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)||(Microsoft Windows) The vulnerability could allow elevation of privilege if an attacker logs onto a system and runs a specially crafted application.
|MS14-041 Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)||(DirectShow) The vulnerability could allow elevation of privilege if an attacker first exploits another vulnerability in a low integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged on user.
|MS14-042 Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)||(Microsoft Server Software) The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system.