Number: IRCNE2014072243
Date: 2014-07-11
According to “zdnet”, Microsoft today released six security bulletins and updates to address the vulnerabilities disclosed in them. The updates address a total of 29 vulnerabilities.
- MS14-037: Cumulative Security Update for Internet Explorer (2975687) — This update fixes 24 vulnerabilities, all of them memory corruption vulnerabilities, in every supported version of Internet Explorer. None of the vulnerabilities had been publicly disclosed or exploited.
- MS14-038: Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) — A user who opens a specially-crafted Journal file can be exploited in their user context. All versions of Windows since Vista are affected and the vulnerability is critical on all of them. Running as a standard user limits the potential damage.
- MS14-039: Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685) -This vulnerability is rated important.
- MS14-040: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684) — An attacker who has rights to log on locally could run a malicious program that would elevate privileges to kernel mode. This vulnerability is rated important.
- MS14-041: Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681) — This vulnerability is rated important.
- MS14-042: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) — A remote authenticated attacker could create and run a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system, triggering a denial of service. This vulnerability is rated moderate.
As is usually the case, Microsoft will also release a new version of the Windows Malicious Software Removal Tool and a large collection of non-security updates to various Windows versions.
- 2