Skip to content

Virtual Administrator’s March 2014 Patch Recommendations

5 Security Bulletins were released – 2 Critical, 3 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS14-012 and MS14-013 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. The top priority this month is MS14-012. It affects all versions of Internet Explorer and was reported in February (http://technet.microsoft.com/en-us/security/advisory/2934088). MS14-015 is rated Important and patches the Windows Kernel Driver sub-system. There have been some isolated reports of MS14-015 (KB2930275) causing problems with Vista machines but these reports have not been corroborated. If you do have problems with Vista machines after patching this is most likely suspect.

Exploitability

Requires Restart

  • Servers: No
  • Workstations: No

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS14-012 Cumulative Security Update for Internet Explorer (2925418) (Internet Explorer) These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2925418
Affected Software: Internet Explorer
Known Issues per MS: https://support.microsoft.com/kb/2925418
MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) (DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted image file.
Details
KB in Kaseya: KB2929961
Affected Software: XP, Vista, Windows 7/8/8.1, Server 2003, Server 2008/2008R2, Server 2012/2012R2
Known Issues per MS:

IMPORTANT

MS14-014 Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) (Silverlight) The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website.
Details
KB in Kaseya: KB2932677
Affected Software: Silverlight 5
Known Issues per MS:
MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) (Windows Kernel) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2930275
Affected Software: XP, Vista, Windows 7/8/8.1, Server 2003, Server 2008/2008R2, Server 2012/2012R2, Windows RT
Known Issues per MS:
MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) (Security Account Manager Remote) The vulnerability could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username.
Details
KB in Kaseya: KB2923392, KB2933528
Affected Software: XP, Vista, Server 2003, Server 2008/2008R2, Server 2012/2012R2
Known Issues per MS:
Scroll To Top