Today we released seven security bulletins addressing 31 unique CVE’s. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
CVE-2014-0257 addresses sandbox escape vulnerability invoving com objects running code out-of-process.
CVE-2014-0295 addresses the vsab7rt.dll ASLR bypass described at http://www.greyhathacker.net/?p=585.
(Forefront Protection for Exchange)
- Jonathan Ness, MSRC