Microsoft Security Bulletins for April 8, 2014

Discussion in 'other security issues & news' started by NICK ADSL UK, Apr 8, 2014.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletins for April 8, 2014
    Note: There may be latency issues due to replication, if the page does not display keep refreshing
    Today Microsoft released the following Security Bulletin(s).
    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

    Critical (2)
    Microsoft Security Bulletin MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

    http://technet.microsoft.com/en-us/security/bulletin/ms14-017
    Microsoft Security Bulletin MS14-018 Cumulative Security Update for Internet Explorer (2950467)
    http://technet.microsoft.com/en-us/security/bulletin/ms14-018

    Important (2)
    Microsoft Security Bulletin MS14-019 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)

    http://technet.microsoft.com/en-us/security/bulletin/ms14-019
    Microsoft Security Bulletin MS14-020 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
    http://technet.microsoft.com/en-us/security/bulletin/ms14-020

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Webcast: Information about the April 2014 Security Bulletin Release
    Starts: Wednesday, April 09, 2014 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration: 1 hour(s)

    Event ID: 1032572978
    Language(s):English.
    Product(s): computer security and information security.
    Audience(s): IT Decision Maker and IT Manager.
    Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.
    Presented by:
    Dustin Childs
    , Group Manager, Response Communications, Microsoft Corporation
    and
    TBD
    Register now for the April Security Bulletin webcast
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft releases Security Advisory 2963983

    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    Published: April 26, 2014
    Version: 1.0

    Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
    The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
    On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
    We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

    https://technet.microsoft.com/en-US/library/security/2963983
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Summary for May 1, 2014
    Bulletin ID

    Bulletin Title and Executive Summary
    Maximum Severity Rating and Vulnerability Impact
    Restart Requirement
    Affected Software
    MS14-021
    Security Update for Internet Explorer (2965111)
    This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    https://technet.microsoft.com/library/security/ms14-may.aspx
     
Loading...
Thread Status:
Not open for further replies.