5 Security Bulletins were released – 2 Critical, 3 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
MS14-012 and MS14-013 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. The top priority this month is MS14-012. It affects all versions of Internet Explorer and was reported in February (http://technet.microsoft.com/en-us/security/advisory/2934088). MS14-015 is rated Important and patches the Windows Kernel Driver sub-system. There have been some isolated reports of MS14-015 (KB2930275) causing problems with Vista machines but these reports have not been corroborated. If you do have problems with Vista machines after patching this is most likely suspect.
- Publically disclosed: MS14-012, MS14-015
- Being exploited: MS14-012
- Rated CRITICAL: MS14-012, MS14-013
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
- Servers: No
- Workstations: No
New Security Bulletins
|MS14-012 Cumulative Security Update for Internet Explorer (2925418)||(Internet Explorer) These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)||(DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted image file.
|MS14-014 Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)||(Silverlight) The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website.
|MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)||(Windows Kernel) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
|MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)||(Security Account Manager Remote) The vulnerability could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username.