3823_7103_securitybulletin_thumb_32407BF9_thumb_12CC8186

Hi folks and welcome to another round of security updates.  This months updates mainly focus on Windows so make sure you apply them where appropriate in your environment's.

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS14-012 Cumulative Security Update for Internet Explorer (2925418)

This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical 
Remote Code Execution
Requires restart Microsoft Windows, Internet Explorer
MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical 
Remote Code Execution
May require restart Microsoft Windows
MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)

This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Important 
Elevation of Privilege
Requires restart Microsoft Windows
MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username.
Important 
Security Feature Bypass
Requires restart Microsoft Windows
MS14-014 Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)

This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Important 
Security Feature Bypass
Does not require restart Microsoft Silverlight

Jeffa

Technorati Tags: ,,

Blogged from: 

Map picture