Akamai Diversity
Home > Web Security > Patch Tuesday Revision

Patch Tuesday Revision

Microsoft's patch Tuesday has arrived and further to our post from Feb 7th there have been a couple updates for the release this month. The revised bulletin contains two additional patches which address remote code execution issues in Internet Explorer and the Windows operating system.


Find out how Akamai can help you with your patch management via origin offload



Bulletin IDBulletin Title and Executive Summary
MS14-010*************************************************
Cumulative Security Update for Internet Explorer (2909921) 
This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
*************************************************
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
MS14-011This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
*************************************************
Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
MS14-007This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker's website, or by getting them to open an attachment sent through email.
*************************************************
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
MS14-008This security update resolves a privately reported vulnerability in Microsoft Forefront. The vulnerability could allow remote code execution if a specially crafted email message is scanned.
*************************************************
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
MS14-009This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the compromised website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website.
*************************************************
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
MS14-005This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services included in Microsoft Windows. The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker's website, or by getting them to open an attachment sent through email.
*************************************************
Vulnerability in IPv6 Could Allow Denial of Service (2904659)
MS14-006This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a large number of specially crafted IPv6 packets to an affected system. To exploit the vulnerability, an attacker's system must belong to the same subnet as the target system.

Leave a comment