Microsoft Security Bulletins for may 13, 2014

Microsoft Security Bulletins for may 13, 2014

Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://technet.microsoft.com/library/security/ms14-may

Critical (3)

MS14-021
(Released out-of-band on May 1, 2014)
Security Update for Internet Explorer (2965111)
This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
http://go.microsoft.com/fwlink/?LinkId=397669
Security Update for Internet Explorer (2962482)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-029
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-022

Important (6)
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-023
Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-025
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-026
Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (296248 )
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-027
Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-028
Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
Published: May 13, 2014
https://technet.microsoft.com/library/security/ms14-024

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

 

Microsoft Security Advisory 2871997
-
Update to Improve Credentials Protection and Management
Published: May 13, 2014
Version: 1.0
General Information
Executive Summary
Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
https://technet.microsoft.com/library/security/2871997

 

Vulnerability in Windows Could Allow Remote Code Execution (2893294)
Published: December 10, 2013 | Updated: May 21, 2014
Version: 1.4
Revisions

• V1.0 (December 10, 2013): Bulletin published.
• V1.1 (December 18, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
• V1.2 (December 20, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None". Also, added additional information to the What does the update do? vulnerability FAQ for CVE-2013-3900. These are informational changes only.
• V1.3 (February 28, 2014): Bulletin revised to announce a detection change in the 2893294 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
• V1.4 (May 21, 2014): Bulletin revised to reflect new August 12, 2014 cut-off date for when non-compliant binaries will no longer be recognized as signed.

https://technet.microsoft.com/en-us/library/security/ms13-098.aspx

 

Microsoft Security Bulletin MS13-098 - Critical
This topic has not yet been rated - Rate this topic
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
Published: December 10, 2013 | Updated: June 4, 2014
Version: 1.5
Revisions

• V1.0 (December 10, 2013): Bulletin published.
• V1.1 (December 18, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
• V1.2 (December 20, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None". Also, added additional information to the What does the update do? vulnerability FAQ for CVE-2013-3900. These are informational changes only.
• V1.3 (February 28, 2014): Bulletin revised to announce a detection change in the 2893294 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
• V1.4 (May 21, 2014): Bulletin revised to reflect new August 12, 2014 cut-off date for when non-compliant binaries will no longer be recognized as signed.
• V1.5 (June 4, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".

https://technet.microsoft.com/library/security/ms13-098