Microsoft Security Bulletins for may 13, 2014

Discussion in 'other security issues & news' started by NICK ADSL UK, May 13, 2014.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletins for may 13, 2014

    Note: There may be latency issues due to replication, if the page does not display keep refreshing
    Today Microsoft released the following Security Bulletin(s).
    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:
    https://technet.microsoft.com/library/security/ms14-may

    Critical (3)

    MS14-021
    (Released out-of-band on May 1, 2014)
    Security Update for Internet Explorer (2965111)
    This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    http://go.microsoft.com/fwlink/?LinkId=397669
    Security Update for Internet Explorer (2962482)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-029
    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-022

    Important (6)
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-023
    Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-025
    Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-026
    Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (296248 )
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-027
    Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-028
    Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)
    Published: May 13, 2014
    https://technet.microsoft.com/library/security/ms14-024

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Advisory 2871997
    -
    Update to Improve Credentials Protection and Management
    Published: May 13, 2014
    Version: 1.0
    General Information
    Executive Summary
    Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
    https://technet.microsoft.com/library/security/2871997
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Vulnerability in Windows Could Allow Remote Code Execution (2893294)
    Published: December 10, 2013 | Updated: May 21, 2014
    Version: 1.4
    Revisions
    • V1.0 (December 10, 2013): Bulletin published.
    • V1.1 (December 18, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
    • V1.2 (December 20, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None". Also, added additional information to the What does the update do? vulnerability FAQ for CVE-2013-3900. These are informational changes only.
    • V1.3 (February 28, 2014): Bulletin revised to announce a detection change in the 2893294 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
    • V1.4 (May 21, 2014): Bulletin revised to reflect new August 12, 2014 cut-off date for when non-compliant binaries will no longer be recognized as signed.
    https://technet.microsoft.com/en-us/library/security/ms13-098.aspx
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin MS13-098 - Critical
    This topic has not yet been rated - Rate this topic
    Vulnerability in Windows Could Allow Remote Code Execution (2893294)
    Published: December 10, 2013 | Updated: June 4, 2014
    Version: 1.5
    Revisions
    • V1.0 (December 10, 2013): Bulletin published.
    • V1.1 (December 18, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
    • V1.2 (December 20, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "Yes" to "None". Also, added additional information to the What does the update do? vulnerability FAQ for CVE-2013-3900. These are informational changes only.
    • V1.3 (February 28, 2014): Bulletin revised to announce a detection change in the 2893294 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
    • V1.4 (May 21, 2014): Bulletin revised to reflect new August 12, 2014 cut-off date for when non-compliant binaries will no longer be recognized as signed.
    • V1.5 (June 4, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
    https://technet.microsoft.com/library/security/ms13-098
     
Loading...
Thread Status:
Not open for further replies.