Jump to content

Microsoft Security Bulletins For May 2014 overview


Matsuda

Recommended Posts

1_patchtuesday.jpg

Welcome to this month's overview of security bulletins and updates for Microsoft Windows, Office, and other Microsoft products.


Executive Summary

  • A total of eight security bulletins are released that address 13 vulnerabilities across all products.
  • Affected products include the Windows operating system, Office and server software.
  • Two bulletins have received the highest severity rating of critical.
  • The top deployment priorities are MS14-024, MS14-025 and MS14-029.

Video Summary

Not yet released.

Operating System Distribution

All desktop-based Windows operating systems are affected by the same vulnerabilities. All are affected by one critical and three important bulletins.

The exception here is Windows RT which is only affected by one critical and two important bulletins.

On the server side of things, we see a similar picture. All server-based operating systems with the exception of Windows Server 2003 are affected by five bulletins of which four are rated important. Windows Server 2003 is only affected by three bulletins of which two have received the important rating.

Add one additional critical bulletin to all desktop operating systems and one additional moderate bulletin to all server operating systems for the out of band MS14-021 release.

  • Windows Vista: 1 critical, 3 important
  • Windows 7: 1 critical, 3 important
  • Windows 8: 1 critical, 3 important
  • Windows 8.1: 1 critical, 3 important
  • Windows RT: 1 critical, 2 important
  • Windows RT 8.1: 1 critical, 2 important
  • Windows Server 2003: 2 important, 1 moderate
  • Windows Server 2008: 4 important, 1 moderate
  • Windows Server 2008 R2: 4 important, 1 moderate
  • Windows Server 2012: 4 important, 1 moderate
  • Windows Server 2012 R2: 4 important, 1 moderate
  • Server Core installation: 3 important

Other Microsoft Product Distribution

Two bulletins affect all Office products, and all are affected by two bulletins rated important. The same is true for all affected SharePoint Server and Office Web Apps products, only that they are affected by one critical bulletin each.

  • Microsoft Office 2007: 2 important
  • Microsoft Office 2010: 2 important
  • Microsoft Office 2013: 2 important
  • Microsoft Office 2013 RT: 2 important
  • Microsoft SharePoint Server 2007: 1 critical
  • Microsoft SharePoint Server 2010: 1 critical
  • Microsoft SharePoint Server 2013: 1 critical
  • Microsoft Office Web Apps 2010: 1 critical
  • Microsoft Office Web Apps 2013: 1 critical
  • SharePoint Server 2013 Client Components SDK: 1 critical
  • Microsoft SharePoint Designer 2007 - 2013: 1 critical

Deployment Guide

Microsoft publishes an official deployment guide each month that suggests a deployment priority for all bulletins it released in that month.

It is by no means mandatory to follow the guide, but since bulletin severity levels, known exploits and attacks, are taken into account, it is usually the way to go as the most severe issues will get patched as soon as possible.

Not yet released. Microsoft recommends to concentrate on MS14-024, MS14-025 and MS14-029 first.

Security Bulletins

The following bulletins have been released in May 2014. Use the links to open the bulletins on Microsoft's website.

  • MS14-021 - (Released out-of-band on May 1, 2014) - Security Update for Internet Explorer (2965111) - Critical - Remote Code Execution
  • MS14-029 - Security Update for Internet Explorer (2962482) - Critical - Remote Code Execution
  • MS14-022 -Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166) - Critical- Remote Code Execution
  • MS14-023 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037) - Important - Remote Code Execution
  • MS14-025 - Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486) - Important - Elevation of Privileges
  • MS14-026 -Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732) - - Important - Elevation of Privileges
  • MS14-027 -Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488) - - Important - Elevation of Privileges
  • MS14-028 -Vulnerability in iSCSI Could Allow Denial of Service (2962485) - Important - Denial of Service
  • MS14-024 -Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033) - Important - Security Feature Bypass

Security related updates

Microsoft has released security updates to existing bulletins or products as well. You find those listed in this section.

  • Security Update for Windows 8.1 and Windows RT 8.1 (KB2962140)
  • Security Update for Windows 8.1 and Windows RT 8.1 (KB2964757) without KB2919355
  • MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)
  • MS14-021: Security Update for Internet Explorer (KB2964358)
  • MS14-021: Security Update for Internet Explorer (KB2964444)
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB2961887)
    MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)

Security Advisories

Microsoft has released the following security advisories.

Non-security related updates

This list highlights non-security related updates for various Microsoft products.

Update for Windows Server 2008 R2 x64 Edition (KB2852386)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2920540)
Update for Windows 8.1 (KB2932074)
Update for Windows 8.1 and Windows 7 (KB2932354)
Update for Windows Server 2008 R2 (KB2934950)
Update for Windows Server 2008 R2 (KB2934953)
Update for Windows Server 2012 Essentials (KB2934957)
Update for Windows 8 and Windows RT (KB2938459)
Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB2939153)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2950153)
Update for .NET Native on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2954879)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955163)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2955164)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2956037)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2956575)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958262)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958263)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958265)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2965065)
Windows Malicious Software Removal Tool - May 2014 (KB890830)/Windows Malicious Software Removal Tool - May 2014 (KB890830) - Internet Explorer Version
System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [May 2014]
Update for Windows 8 (KB2802618)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2934016)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows 7 (KB2952664)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2959977)
Update for Windows 7 (KB2952664)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows Server 2012 R2 (KB2919394)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2928680)




search_button.gifSource

Link to comment
Share on other sites


  • Replies 5
  • Views 2.5k
  • Created
  • Last Reply

Top Posters In This Topic

  • Matsuda

    2

  • dcs18

    1

  • Airstream_Bill

    1

  • SPECTRUM

    1

Top Posters In This Topic

Airstream_Bill

1_patchtuesday.jpg

Welcome to this month's overview of security bulletins and updates for Microsoft Windows, Office, and other Microsoft products.

Executive Summary

  • A total of eight security bulletins are released that address 13 vulnerabilities across all products.
  • Affected products include the Windows operating system, Office and server software.
  • Two bulletins have received the highest severity rating of critical.
  • The top deployment priorities are MS14-024, MS14-025 and MS14-029.

Video Summary

Not yet released.

Operating System Distribution

All desktop-based Windows operating systems are affected by the same vulnerabilities. All are affected by one critical and three important bulletins.

The exception here is Windows RT which is only affected by one critical and two important bulletins.

On the server side of things, we see a similar picture. All server-based operating systems with the exception of Windows Server 2003 are affected by five bulletins of which four are rated important. Windows Server 2003 is only affected by three bulletins of which two have received the important rating.

Add one additional critical bulletin to all desktop operating systems and one additional moderate bulletin to all server operating systems for the out of band MS14-021 release.

  • Windows Vista: 1 critical, 3 important
  • Windows 7: 1 critical, 3 important
  • Windows 8: 1 critical, 3 important
  • Windows 8.1: 1 critical, 3 important
  • Windows RT: 1 critical, 2 important
  • Windows RT 8.1: 1 critical, 2 important
  • Windows Server 2003: 2 important, 1 moderate
  • Windows Server 2008: 4 important, 1 moderate
  • Windows Server 2008 R2: 4 important, 1 moderate
  • Windows Server 2012: 4 important, 1 moderate
  • Windows Server 2012 R2: 4 important, 1 moderate
  • Server Core installation: 3 important

Other Microsoft Product Distribution

Two bulletins affect all Office products, and all are affected by two bulletins rated important. The same is true for all affected SharePoint Server and Office Web Apps products, only that they are affected by one critical bulletin each.

  • Microsoft Office 2007: 2 important
  • Microsoft Office 2010: 2 important
  • Microsoft Office 2013: 2 important
  • Microsoft Office 2013 RT: 2 important
  • Microsoft SharePoint Server 2007: 1 critical
  • Microsoft SharePoint Server 2010: 1 critical
  • Microsoft SharePoint Server 2013: 1 critical
  • Microsoft Office Web Apps 2010: 1 critical
  • Microsoft Office Web Apps 2013: 1 critical
  • SharePoint Server 2013 Client Components SDK: 1 critical
  • Microsoft SharePoint Designer 2007 - 2013: 1 critical

Deployment Guide

Microsoft publishes an official deployment guide each month that suggests a deployment priority for all bulletins it released in that month.

It is by no means mandatory to follow the guide, but since bulletin severity levels, known exploits and attacks, are taken into account, it is usually the way to go as the most severe issues will get patched as soon as possible.

Not yet released. Microsoft recommends to concentrate on MS14-024, MS14-025 and MS14-029 first.

Security Bulletins

The following bulletins have been released in May 2014. Use the links to open the bulletins on Microsoft's website.

  • MS14-021 - (Released out-of-band on May 1, 2014) - Security Update for Internet Explorer (2965111) - Critical - Remote Code Execution
  • MS14-029 - Security Update for Internet Explorer (2962482) - Critical - Remote Code Execution
  • MS14-022 -Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166) - Critical- Remote Code Execution
  • MS14-023 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037) - Important - Remote Code Execution
  • MS14-025 - Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486) - Important - Elevation of Privileges
  • MS14-026 -Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732) - - Important - Elevation of Privileges
  • MS14-027 -Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488) - - Important - Elevation of Privileges
  • MS14-028 -Vulnerability in iSCSI Could Allow Denial of Service (2962485) - Important - Denial of Service
  • MS14-024 -Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033) - Important - Security Feature Bypass

Security related updates

Microsoft has released security updates to existing bulletins or products as well. You find those listed in this section.

  • Security Update for Windows 8.1 and Windows RT 8.1 (KB2962140)
  • Security Update for Windows 8.1 and Windows RT 8.1 (KB2964757) without KB2919355
  • MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)
  • MS14-021: Security Update for Internet Explorer (KB2964358)
  • MS14-021: Security Update for Internet Explorer (KB2964444)
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB2961887)

    MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)

Security Advisories

Microsoft has released the following security advisories.

Non-security related updates

This list highlights non-security related updates for various Microsoft products.

Update for Windows Server 2008 R2 x64 Edition (KB2852386)

Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2920540)

Update for Windows 8.1 (KB2932074)

Update for Windows 8.1 and Windows 7 (KB2932354)

Update for Windows Server 2008 R2 (KB2934950)

Update for Windows Server 2008 R2 (KB2934953)

Update for Windows Server 2012 Essentials (KB2934957)

Update for Windows 8 and Windows RT (KB2938459)

Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB2939153)

Update for Windows 8.1 and Windows Server 2012 R2 (KB2950153)

Update for .NET Native on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2954879)

Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955163)

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2955164)

Update for Windows 8, Windows RT, and Windows Server 2012 (KB2956037)

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2956575)

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958262)

Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958263)

Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958265)

Update for Windows 8.1 and Windows Server 2012 R2 (KB2965065)

Windows Malicious Software Removal Tool - May 2014 (KB890830)/Windows Malicious Software Removal Tool - May 2014 (KB890830) - Internet Explorer Version

System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [May 2014]

Update for Windows 8 (KB2802618)

Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)

Update for Windows 8, Windows RT, and Windows Server 2012 (KB2934016)

Update for Windows 8 and Windows RT (KB2957026)

Update for Windows 7 (KB2952664)

Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2959977)

Update for Windows 7 (KB2952664)

Update for Windows 8 and Windows RT (KB2957026)

Update for Windows Server 2012 R2 (KB2919394)

Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2928680)

search_button.gifSource

One had better be WARY of this. I had 13 updates for my particular 8.1 Windows. I let it install the updates. My machine after todays updates would not BOOT except to Logon Screen and then Crash. It said ( PageFault In Non Pagged Area, AVC3.sys) My Friend in town had same experience with same message. My System was Fresh as of yesterday will all available updates and running fine until I let it install todays updates. Had to use a System Restore Point I created last night just for this reason. GOOD LUCK!

Link to comment
Share on other sites


Just got a total of 32 Windows Update (1105 MB+) for Windows 8.1 Update, Pro and Office 2013 Professional - installed without any issue.

Link to comment
Share on other sites


One had better be WARY of this. I had 13 updates for my particular 8.1 Windows. I let it install the updates. My machine after todays updates would not BOOT except to Logon Screen and then Crash. It said ( PageFault In Non Pagged Area, AVC3.sys) My Friend in town had same experience with same message. My System was Fresh as of yesterday will all available updates and running fine until I let it install todays updates. Had to use a System Restore Point I created last night just for this reason. GOOD LUCK!

AVC3.sys = Bitdefender fault.

Link to comment
Share on other sites


Same update size as the one mentioned by dcs18 above.

Running Windows 8.1 Pro VL x86 Update1 + Office Pro 2013 VL x86 SP1.

Everything was smoothly updated with no issues whatsoever.

Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...