MS14-012 – Critical : Cumulative Security Update for Internet Explorer (2925418) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (March 11, 2014): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Powered by WPeMatico

MS14-009 – Important : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (February 28, 2014): Bulletin revised to announce a detection change in the 2901128 update for Microsoft .NET Framework 4.5.1 on Windows 8.1 for 32-bit Systems, Microsoft .NET Framework 4.5.1 on Windows 8.1 for x64-based Systems, Microsoft .NET Framework 4.5.1 on Windows Server 2012 R2, and Microsoft .NET Framework 4.5.1 on Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker’s website.

Powered by WPeMatico

MS14-005 – Important : Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (February 28, 2014): Bulletin revised to announce a detection change in the 2916036 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services included in Microsoft Windows. The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker’s website, or by getting them to open an attachment sent through email.

Powered by WPeMatico

MS14-007 – Critical : Vulnerability in Direct2D Could Allow Remote Code Execution (2912390) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (February 28, 2014): Bulletin revised to announce a detection change in the 2912390 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker’s website, or by getting them to open an attachment sent through email.

Powered by WPeMatico

Microsoft Security Advisory (2862152): Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass – Version: 1.1

Revision Note: V1.1 (February 28, 2014): Advisory revised to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels.

Powered by WPeMatico

MS13-098 – Critical : Vulnerability in Windows Could Allow Remote Code Execution (2893294) – Version: 1.3

Severity Rating: Critical
Revision Note: V1.3 (February 28, 2014): Bulletin revised to announce a detection change in the 2893294 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Powered by WPeMatico

Microsoft Security Advisory (2871690): Update to Revoke Non-compliant UEFI Modules – Version: 2.0

Revision Note: V2.0 (February 27, 2014): Revised advisory to rerelease update 2871690. The rereleased update addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update. Customers who have already successfully installed the original update do not need to take any action. See the Advisory FAQ for more information.
Summary: Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly.

Powered by WPeMatico

Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer – Version: 20.0

Revision Note: V20.0 (February 20, 2014): Added the 2934802 update to the Current Update section.
Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

Powered by WPeMatico

Microsoft Security Advisory (2934088): Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 1.0

Revision Note: V1.0 (February 19, 2014): Advisory published.
Summary: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10. Only Internet Explorer 9 and Internet Explorer 10 are affected by this vulnerability. Other supported versions of Internet Explorer are not affected. Applying the Microsoft Fix it solution, “MSHTML Shim Workaround,” prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information.

Powered by WPeMatico