3823_7103_securitybulletin_thumb_32407BF9_thumb_12CC8186

Welcome to another patch Tuesday or Wednesday as it is here in Australia.  There are quite a list of updates this month so make sure you have a look at the details and apply them where appropriate in your environments.

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS14-010 Cumulative Security Update for Internet Explorer (2909921)

This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical 
Remote Code Execution
Requires restart Microsoft Windows,
Internet Explorer
MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Critical 
Remote Code Execution
May require restart Microsoft Windows
MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker's website, or by getting them to open an attachment sent through email.
Critical 
Remote Code Execution
May require restart Microsoft Windows
MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

This security update resolves a privately reported vulnerability in Microsoft Forefront. The vulnerability could allow remote code execution if a specially crafted email message is scanned.
Critical 
Remote Code Execution
May require restart Microsoft Security Software
MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)

This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the compromised website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website.
Important 
Elevation of Privilege
May require restart Microsoft Windows,
Microsoft .NET Framework
MS14-005 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)

This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services included in Microsoft Windows. The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker's website, or by getting them to open an attachment sent through email.
Important 
Information Disclosure
May require restart Microsoft Windows
MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a large number of specially crafted IPv6 packets to an affected system. To exploit the vulnerability, an attacker's system must belong to the same subnet as the target system.
Important 
Denial of Service
Requires restart Microsoft Windows

Today’s updates also includes firmware updates for Surface Pro, Surface Pro 2 and Surface 2.  So if you have one of those devices make sure you check those out as well.

Jeffa