June 2014 Security Bulletin Webcast Q&A
Hosts: Andrew Gross, Sr. Security Program Manager Dustin Childs, Group Manager, Response Communications
Website: TechNet/Security Chat Topic: June 2014 Security Bulletin Release Date: Wednesday, June 11, 2014
Q1: For the TCP bulletin, there are multiple updates listed for Windows 8.1 and Windows Server 2012 R2. Do I need to install all the updates? A1: If your system is configured to receive updates from Windows Server Update Services (WSUS) (or other deployment tools such as Systems Management Server (SMS) and System Center Configuration Manager, which use WSUS), then you should install update KB2961858 through normal channels. For all other systems that do not receive WSUS managed updates, you should install update KB2957189.
Q2: In the IE bulletins, does this update include the fix originally release in MS14-021, released out of band on May 1, 2014? A2: Yes, this security bulletin does include the update originally released in MS14-021 on May 1, 2014.
Q3: Both the Lync update and the update for GDI+ (MS14-036) address vulnerabilities in Microsoft Lync. Are the security updates in the two bulletins related? A3: These security updates are not related and may be installed in any order.
Q4: Yesterday, on 32-bit Windows 7 Enterprise SP1 machines, some updates did not install until after a reboot. Is there a reason for this? A4: With a number of separate updates in place, and not knowing if these Windows 7 clients had prior updates queued or requiring reboot, it is hard to say for certain what the cause was. To troubleshoot this, you would look at the windowsupdate.log file from one or more of these client machines for further clues. See Microsoft KB Article 902093 "How to read the windowsupdate.log file" for trouble shooting tips. If you are not able to identify a common cause, you might contact Microsoft support for assistance (visit support.microsoft.com for support options).
Q5: Regarding MS14-033, if the Windows 2003 server does NOT have MSXML 6.0 installed, it is still vulnerable to the MSXML 6.0 vulnerability/exploit? The bulletin makes it sound like we need to install MSXML 6.0 and then the update in order to be protected. Is that true? A5: The vulnerability affects MSXML 3 and 6. In order to apply the update on Windows Server 2003, MSXML 6 must be installed. To determine your installed MSXML version, guidance is available at http://support.microsoft.com/kb/278674
Q6: After installing this month's updates, I opened Internet Explorer and got a page titled, "Windows Internet Explorer 9 privacy statement". Which update caused this? A6: This issue was cause by an incorrect link in the KB2957689 update and has been resolved.
Q7: MS14-021 for Windows XP has expired from our SCCM even though no patch supersedes it for Windows XP. We still have systems that need this patch deployed. How should we proceed? A7: MS14-021 is a Security Update for Internet Explorer (2965111). Even though Windows XP has reached the end of support, the MS14-021 security bulletin does provide update packages for Windows XP that you can download by visiting the MS14-021 bulletin webpage. Please note that every month, existing Windows XP systems face new security vulnerabilities for which there are no security updates to install, which represents a growing risk in your enterprise. We continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1.