April’s Patch Tuesday features four bulletins: MS14-017 to MS14-020. Two bulletins are rated critical and two are rated important, All of the bulletins address “Remote Code Execution”, which is something that attackers are ultimately after.
Bulletin #1 addresses the current 0-day vulnerability (KB2953095) in Microsoft Word and is applicable to all versions of Word starting with 2003 to the latest 2013, and includes Mac OS X as well. By the way, Office 2003 together with Windows XP are going to be end-of-life after this Patch Tuesday and will stop receiving security updates. The end of life for XP has received plenty of coverage already, but this vulnerability is a good reminder not to focus only on Windows XP, and that this Office version also deserves attention.
Bulletin #2 is a new version of Internet Explorer, applicable to all versions of IE starting with IE6 on XP to IE11 on Windows 8.1 and RT. The only version not affected is IE10 under Windows 7 and I expect it to contain the fixes for the vulnerabilities disclosed at PWN2OWN at CanSecWest.
Bulletin #3 and Bulletin #4 are the both rated “important,” but Bulletin #3 is the more urgent one. It affects all versions of Windows and can be used to gain Remote Code Execution.
Bulletin #4 addresses a problem in Publisher 2003 and 2007, which is a software package that we do not see widely installed.
Bulletins in detail:
| Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
|---|---|---|---|
| Bulletin 1 | Critical Remote Code Execution |
May require restart | Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps |
| Bulletin 2 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
| Bulletin 3 | Important Remote Code Execution |
Requires restart | Microsoft Windows |
| Bulletin 4 | Important Remote Code Execution |
May require restart | Microsoft Office |
Affected Software.
| Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
|---|---|---|---|
| Bulletin 1 | Critical Remote Code Execution |
May require restart | Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps |
| Bulletin 2 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
| Bulletin 3 | Important Remote Code Execution |
Requires restart | Microsoft Windows |
| Bulletin 4 | Important Remote Code Execution |
May require restart | Microsoft Office |
| Windows XP | ||
|---|---|---|
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Critical | Important |
| Windows XP Service Pack 3 | Internet Explorer 6 (Critical) Internet Explorer 7 Internet Explorer 8 |
Windows XP Service Pack 3 (Important) |
| Windows XP Professional x64 Edition Service Pack 2 | Internet Explorer 6 (Critical) Internet Explorer 7 Internet Explorer 8 |
Windows XP Professional x64 Edition Service Pack 2 (Important) |
| Windows Server 2003 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Moderate | Important |
| Windows Server 2003 Service Pack 2 | Internet Explorer 6 (Moderate) Internet Explorer 7 Internet Explorer 8 |
Windows Server 2003 Service Pack 2 (Important) |
| Windows Server 2003 x64 Edition Service Pack 2 | Internet Explorer 6 (Moderate) Internet Explorer 7 Internet Explorer 8 |
Windows Server 2003 x64 Edition Service Pack 2 (Important) |
| Windows Server 2003 with SP2 for Itanium-based Systems | Internet Explorer 6 (Moderate) Internet Explorer 7 |
Windows Server 2003 with SP2 for Itanium-based Systems (Important) |
| Windows Vista | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Critical | Important |
| Windows Vista Service Pack 2 | Internet Explorer 7 (Critical) Internet Explorer 8 Internet Explorer 9 |
Windows Vista Service Pack 2 (Important) |
| Windows Vista x64 Edition Service Pack 2 | Internet Explorer 7 (Critical) Internet Explorer 8 Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 (Important) |
| Windows Server 2008 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Moderate | Important |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Internet Explorer 7 (Moderate) Internet Explorer 8 Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Important) |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Internet Explorer 7 (Moderate) Internet Explorer 8 Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Important) |
| Windows Server 2008 for Itanium-based Systems Service Pack 2 | Internet Explorer 7 (Moderate) |
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Important) |
| Windows 7 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Critical | Important |
| Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 8 (Critical) Internet Explorer 9 Internet Explorer 11 |
Windows 7 for 32-bit Systems Service Pack 1 (Important) |
| Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 8 (Critical) Internet Explorer 9 Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 (Important) |
| Windows Server 2008 R2 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Moderate | Important |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 8 (Moderate) Internet Explorer 9 Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) |
| Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Internet Explorer 8 (Moderate) |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Important) |
| Windows 8 and Windows 8.1 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Critical | Important |
| Windows 8 for 32-bit Systems | Not applicable | Windows 8 for 32-bit Systems (Important) |
| Windows 8 for x64-based Systems | Not applicable | Windows 8 for x64-based Systems (Important) |
| Windows 8.1 for 32-bit Systems | Internet Explorer 11 (Critical) |
Windows 8.1 for 32-bit Systems (Important) |
| Windows 8.1 for x64-based Systems | Internet Explorer 11 (Critical) |
Windows 8.1 for x64-based Systems (Important) |
| Windows Server 2012 and Windows Server 2012 R2 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Moderate | Important |
| Windows Server 2012 | Not applicable | Windows Server 2012 (Important) |
| Windows Server 2012 R2 | Internet Explorer 11 (Moderate) |
Windows Server 2012 R2 (Important) |
| Windows RT and Windows RT 8.1 | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | Critical | Important |
| Windows RT | Not applicable | Windows RT (Important) |
| Windows RT 8.1 | Internet Explorer 11 (Critical) |
Windows RT 8.1 (Important) |
| Server Core installation option | ||
| Bulletin Identifier | Bulletin 2 | Bulletin 3 |
| Aggregate Severity Rating | None | Important |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Not applicable | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (Important) |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Not applicable | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (Important) |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Not applicable | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (Important) |
| Windows Server 2012 (Server Core installation) | Not applicable | Windows Server 2012 (Server Core installation) (Important) |
| Windows Server 2012 R2 (Server Core installation) | Not applicable | Windows Server 2012 R2 (Server Core installation) (Important) |
| Microsoft Office 2003 | ||
|---|---|---|
| Bulletin Identifier | Bulletin 1 | Bulletin 4 |
| Aggregate Severity Rating | Critical | Important |
| Microsoft Office 2003 Service Pack 3 | Microsoft Word 2003 Service Pack 3 (Critical) |
Microsoft Publisher 2003 Service Pack 3 (Important) |
| Microsoft Office 2007 | ||
| Bulletin Identifier | Bulletin 1 | Bulletin 4 |
| Aggregate Severity Rating | Critical | Important |
| Microsoft Office 2007 Service Pack 3 | Microsoft Word 2007 Service Pack 3 (Critical) |
Microsoft Publisher 2007 Service Pack 3 (Important) |
| Microsoft Office 2010 | ||
| Bulletin Identifier | Bulletin 1 | Bulletin 4 |
| Aggregate Severity Rating | Critical | None |
| Microsoft Office 2010 Service Pack 1 (32-bit editions) | Microsoft Word 2010 Service Pack 1 (32-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | Microsoft Word 2010 Service Pack 2 (32-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2010 Service Pack 1 (64-bit editions) | Microsoft Word 2010 Service Pack 1 (64-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | Microsoft Word 2010 Service Pack 2 (64-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2013 and Microsoft Office 2013 RT | ||
| Bulletin Identifier | Bulletin 1 | Bulletin 4 |
| Aggregate Severity Rating | Critical | None |
| Microsoft Office 2013 (32-bit editions) | Microsoft Word 2013 (32-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | Microsoft Word 2013 Service Pack 1 (32-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2013 (64-bit editions) | Microsoft Word 2013 (64-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | Microsoft Word 2013 Service Pack 1 (64-bit editions) (Critical) |
Not applicable |
| Microsoft Office 2013 RT | Microsoft Word 2013 RT (Critical) |
Not applicable |
| Microsoft Office 2013 RT Service Pack 1 | Microsoft Word 2013 RT Service Pack 1 (Critical) |
Not applicable |
| Microsoft Office for Mac | ||
| Bulletin Identifier | Bulletin 1 | Bulletin 4 |
| Aggregate Severity Rating | Critical | None |
| Microsoft Office for Mac 2011 | Microsoft Office for Mac 2011 (Critical) |
Not applicable |
| Other Office Software | ||
| Bulletin Identifier | Bulletin 1 | Bulletin 4 |
| Aggregate Severity Rating | Critical | None |
| Microsoft Word Viewer | Microsoft Word Viewer (Critical) |
Not applicable |
| Microsoft Office Compatibility Pack Service Pack 3 | Microsoft Office Compatibility Pack Service Pack 3 (Critical) |
Not applicable |
| Microsoft SharePoint Server 2010 | |
|---|---|
| Bulletin Identifier | Bulletin 1 |
| Aggregate Severity Rating | Critical |
| Microsoft SharePoint Server 2010 Service Pack 1 | Word Automation Services (Critical) |
| Microsoft SharePoint Server 2010 Service Pack 2 | Word Automation Services (Critical) |
| Microsoft SharePoint Server 2013 | |
| Bulletin Identifier | Bulletin 1 |
| Aggregate Severity Rating | Critical |
| Microsoft SharePoint Server 2013 | Word Automation Services (Critical) |
| Microsoft SharePoint Server 2013 Service Pack 1 | Word Automation Services (Critical) |
| Microsoft Office Web Apps 2010 | |
| Bulletin Identifier | Bulletin 1 |
| Aggregate Severity Rating | Critical |
| Microsoft Office Web Apps 2010 Service Pack 1 | Microsoft Web Applications 2010 Service Pack 1 (Critical) |
| Microsoft Office Web Apps 2010 Service Pack 2 | Microsoft Web Applications 2010 Service Pack 2 (Critical) |
| Microsoft Office Web Apps 2013 | |
| Bulletin Identifier | Bulletin 1 |
| Aggregate Severity Rating | Critical |
| Microsoft Office Web Apps 2013 | Microsoft Office Web Apps Server 2013 (Critical) |
| Microsoft Office Web Apps 2013 Service Pack 1 | Microsoft Office Web Apps Server 2013 Service Pack 1 (Critical) |
Bottom Line:
The patches and updates are very important. Please remember to restart your Windows Servers and Workstations Wednesday Morning
Special Note for MAC users:
If you are using ANY Microsoft products on the MAC, Please make certain that they receive the update.
Special Note 2:
If you have any difficulty with this update, please give us a call