Microsoft Security Bulletins for April 8, 2014

Microsoft Security Bulletins for April 8, 2014
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

Critical (2)
Microsoft Security Bulletin MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
http://technet.microsoft.com/en-us/security/bulletin/ms14-017
Microsoft Security Bulletin MS14-018 Cumulative Security Update for Internet Explorer (2950467)
http://technet.microsoft.com/en-us/security/bulletin/ms14-018

Important (2)
Microsoft Security Bulletin MS14-019 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
http://technet.microsoft.com/en-us/security/bulletin/ms14-019
Microsoft Security Bulletin MS14-020 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
http://technet.microsoft.com/en-us/security/bulletin/ms14-020

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Webcast: Information about the April 2014 Security Bulletin Release
Starts: Wednesday, April 09, 2014 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)
Event ID: 1032572978
Language(s):English.
Product(s): computer security and information security.
Audience(s): IT Decision Maker and IT Manager.
Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.
Presented by:
Dustin Childs, Group Manager, Response Communications, Microsoft Corporation
and
TBD
Register now for the April Security Bulletin webcast

 

Microsoft releases Security Advisory 2963983

Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: April 26, 2014
Version: 1.0

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

https://technet.microsoft.com/en-US/library/security/2963983

 

Microsoft Security Bulletin Summary for May 1, 2014
Bulletin ID

Bulletin Title and Executive Summary
Maximum Severity Rating and Vulnerability Impact
Restart Requirement
Affected Software
MS14-021
Security Update for Internet Explorer (2965111)
This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

https://technet.microsoft.com/library/security/ms14-may.aspx