ID: IRCNE2014012070
Date: 2013-01-15
According to "zdnet", microsoft disclosed four security bulletins today describing a total of six vulnerabilities, and released product updates to address these vulnerabilities.
This is the first month since September 2011 that Microsoft has released no critical updates in a Patch Tuesday cycle, and the first since September 2012 that they have released four or fewer updates.
The four bulletins, all of which are rated Important:
- MS14-001: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
- MS14-002: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368) — A user with valid logon credentials who is able to log on locally could run a special program and elevate privilege. This vulnerability affects only Windows XP and Windows Server 2003.
- Note: This vulnerability was reported back in November as being exploited in the wild.
- MS14-003: Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602) — Windows 7 and Windows Server 2008 R2 are vulnerable to a privilege elevation vulnerability. The user must be have valid logon credentials and be able to log on locally.
- MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826) —Microsoft also released today a large number of non-security updates including a new version of the Windows Malicious Software Removal Tool.
- 2