Microsoft Patch July 8 2014
Microsoft today released six security bulletins and updates to address the vulnerabilities disclosed in them. The updates address a total of 29 vulnerabilities.
Update at 2:20 pm ET: This story is updated below to clarify the exploitability of MS14-042.
- MS14-037: Cumulative Security Update for Internet Explorer (2975687) — This update fixes 24 vulnerabilities, all of them memory corruption vulnerabilities, in every supported version of Internet Explorer. Ironically, the only IE version for which there are no critical vulnerabilities in this update is IE6 on Windows Server 2003. None of the vulnerabilities had been publicly disclosed or exploited.
- MS14-038: Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) — A user who opens a specially-crafted Journal file can be exploited in their user context. All versions of Windows since Vista are affected and the vulnerability is critical on all of them. Running as a standard user limits the potential damage.
- MS14-039: Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685) — When the on-screen keyboard is triggered by a malicious low-integrity process, that process could load and execute programs with the privileges of the current user. This vulnerability is rated important.
- MS14-040: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684) — An attacker who has rights to log on locally could run a malicious program that would elevate privileges to kernel mode. This vulnerability is rated important.
- MS14-041: Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681) — A user could elevate privilege by running a malicious program from a low-integrity process. Running IE in immersive mode with Enhanced Protected Mode helps to mitigate this problem. This vulnerability is rated important.
- MS14-042: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) — A remote authenticated attacker could create and run a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system, triggering a denial of service. This vulnerability is rated moderate.
The Microsoft Exploitability Index this month's updates says that successful exploit code for 28 of the 29 vulnerabilities is "likely." The 29th is rated Moderate and therefore not rated as to exploitability.
As is usually the case, Microsoft will also release a new version of the Windows Malicious Software Removal Tool and a large collection of non-security updates to various Windows versions.
Executive Summary:
Bulletin ID |
Maximum Severity Rating and Vulnerability Impact |
Restart Requirement |
Affected Software |
---|---|---|---|
Bulletin 1 |
Critical |
Requires restart |
Microsoft Windows, |
Bulletin 2 |
Critical |
May require restart |
Microsoft Windows |
Bulletin 3 |
Important |
Requires restart |
Microsoft Windows |
Bulletin 4 |
Important |
Requires restart |
Microsoft Windows |
Bulletin 5 |
Important |
May require restart |
Microsoft Windows |
Bulletin 6 |
Moderate |
Does not require restart |
Microsoft Server Software |
Windows Operating System and Components
Windows Server 2003 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
None |
None |
None |
||
Windows Server 2003 Service Pack 2 |
Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 |
Not applicable |
Not applicable |
Windows Server 2003 Service Pack 2 |
Not applicable |
Windows Server 2003 x64 Edition Service Pack 2 |
Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 |
Not applicable |
Not applicable |
Windows Server 2003 x64 Edition Service Pack 2 |
Not applicable |
Windows Server 2003 with SP2 for Itanium-based Systems |
Internet Explorer 6 Internet Explorer 7 |
Not applicable |
Not applicable |
Windows Server 2003 with SP2 for Itanium-based Systems |
Not applicable |
Windows Vista |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
|||||
Windows Vista Service Pack 2 |
Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
Windows Vista Service Pack 2 |
Windows Vista Service Pack 2 |
Windows Vista Service Pack 2 |
Windows Vista Service Pack 2 |
Windows Vista x64 Edition Service Pack 2 |
Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 |
Windows Vista x64 Edition Service Pack 2 |
Windows Vista x64 Edition Service Pack 2 |
Windows Vista x64 Edition Service Pack 2 |
Windows Server 2008 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
|||||
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Windows Server 2008 for x64-based Systems Service Pack 2 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Internet Explorer 7 |
Not applicable |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Not applicable |
Windows 7 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
|||||
Windows 7 for 32-bit Systems Service Pack 1 |
Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 |
Windows 7 for 32-bit Systems Service Pack 1 |
Windows 7 for 32-bit Systems Service Pack 1 |
Windows 7 for 32-bit Systems Service Pack 1 |
Windows 7 for 32-bit Systems Service Pack 1 |
Windows 7 for x64-based Systems Service Pack 1 |
Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 |
Windows 7 for x64-based Systems Service Pack 1 |
Windows 7 for x64-based Systems Service Pack 1 |
Windows 7 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
|||||
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Internet Explorer 8 |
Not applicable |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 |
Not applicable |
Windows 8 and Windows 8.1 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
|||||
Windows 8 for 32-bit Systems |
Internet Explorer 10 |
Windows 8 for 32-bit Systems |
Windows 8 for 32-bit Systems |
Windows 8 for 32-bit Systems |
Windows 8 for 32-bit Systems |
Windows 8 for x64-based Systems |
Internet Explorer 10 |
Windows 8 for x64-based Systems |
Windows 8 for x64-based Systems |
Windows 8 for x64-based Systems |
Windows 8 for x64-based Systems |
Windows 8.1 for 32-bit Systems |
Internet Explorer 11 |
Windows 8.1 for 32-bit Systems |
Windows 8.1 for 32-bit Systems |
Windows 8.1 for 32-bit Systems |
Windows 8.1 for 32-bit Systems |
Windows 8.1 for x64-based Systems |
Internet Explorer 11 |
Windows 8.1 for x64-based Systems |
Windows 8.1 for x64-based Systems |
Windows 8.1 for x64-based Systems |
Windows 8.1 for x64-based Systems |
Windows Server 2012 and Windows Server 2012 R2 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
|||||
Windows Server 2012 |
Internet Explorer 10 |
Windows Server 2012 |
Windows Server 2012 |
Windows Server 2012 |
Windows Server 2012 |
Windows Server 2012 R2 |
Internet Explorer 11 |
Windows Server 2012 R2 |
Windows Server 2012 R2 |
Windows Server 2012 R2 |
Windows Server 2012 R2 |
Windows RT and Windows RT 8.1 |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
None |
||||
Windows RT |
Internet Explorer 10 |
Windows RT |
Windows RT |
Windows RT |
Not applicable |
Windows RT 8.1 |
Internet Explorer 11 |
Windows RT 8.1 |
Windows RT 8.1 |
Windows RT 8.1 |
Not applicable |
Server Core installation option |
|||||
Bulletin Identifier |
Bulletin 1 |
Bulletin 2 |
Bulletin 3 |
Bulletin 4 |
Bulletin 5 |
Aggregate Severity Rating |
None |
None |
None |
||
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
Not applicable |
Not applicable |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
Not applicable |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
Not applicable |
Not applicable |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
Not applicable |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
Not applicable |
Not applicable |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
Not applicable |
Windows Server 2012 (Server Core installation) |
Not applicable |
Not applicable |
Windows Server 2012 (Server Core installation) |
Windows Server 2012 (Server Core installation) |
Not applicable |
Windows Server 2012 R2 (Server Core installation) |
Not applicable |
Not applicable |
Windows Server 2012 R2 (Server Core installation) |
Windows Server 2012 R2 (Server Core installation) |
Not applicable |
Windows Server Software
Microsoft Server Bus for Windows Server |
|
Bulletin Identifier |
Bulletin 6 |
Aggregate Severity Rating |
|
Microsoft Service Bus for Windows Server |
Microsoft Service Bus for Windows Server |
The Bottom Line: Restart Your Window Computers and Servers first thing Wednesday Morning!
Apple MAC and Linux users - no need
- Printer-friendly version
- Log in to post comments
- 3365 reads