MS14-019 – Important : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker’s specially crafted files and subsequently convince them to run them.

Powered by WPeMatico

MS14-020 – Important : Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Powered by WPeMatico

MS14-017 – Critical : Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Powered by WPeMatico

MS14-018 – Critical : Cumulative Security Update for Internet Explorer (2950467) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (April 8, 2014): Bulletin published.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Powered by WPeMatico

Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution – Version: 1.0

Revision Note: V1.0 (March 24, 2014): Advisory published.
Summary: Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, “Disable opening RTF content in Microsoft Word,” prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.

Powered by WPeMatico

MS14-013 – Critical : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Powered by WPeMatico

MS14-014 – Important : Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker’s website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

Powered by WPeMatico

MS14-015 – Important : Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

Powered by WPeMatico

MS14-016 – Important : Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker attempts to match passwords to a username.

Powered by WPeMatico