Microsoft released four (4) bulletins. The bulletins are identified as Important.
The security updates address six (6) vulnerabilities in Microsoft Windows, Office, and Dynamics AX.
Note that the update provided in MS14-002 fully addresses the issue first described in Security Advisory 2914486, which only affects Windows XP and Server 2003. Microsoft has only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own.
- MS14-001 -- Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
- MS14-002 -- Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
- MS14-003 -- Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
- MS14-004 -- Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
February Security Advisory ImplementationAs described in Security Advisory 2862973, usage of the MD5 hash algorithm in certificates will be restricted. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Prerequisite: KB 2862966
Known Issues: KB 286973
MSRTMicrosoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Windows XP End of SupportUsers of Windows XP are reminded that support ends for Windows XP on April 8, 2014. See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.
Also note that after April 8, 2014, technical assistance for Windows XP will no longer be available. This includes automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download. Note, however, that definitions will be available until July 15, 2015. See Microsoft antimalware support for Windows XP.
The following additional information is provided in the Security Bulletin:
- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Security solutions for IT professionals: TechNet Security Troubleshooting and Support
- Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
- Local support according to your country: International Support
- MSRC: A Look Into the Future and the January 2014 Bulletin Release
- TechNet: Microsoft Security Bulletin for January 2014
- Support is ending for Windows XP - Microsoft Windows