Tuesday, January 14, 2014

Microsoft Security Bulletins for January 2014

Microsoft released four (4) bulletins.  The bulletins are identified as Important.

The security updates address six (6) vulnerabilities in Microsoft Windows, Office, and Dynamics AX.

Note that the update provided in MS14-002 fully addresses the issue first described in Security Advisory 2914486, which only affects Windows XP and Server 2003.  Microsoft has only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own.

  • MS14-001 -- Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
  • MS14-002 -- Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
  • MS14-003 -- Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
  • MS14-004 -- Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826) 

February Security Advisory Implementation

As described in Security Advisory 2862973, usage of the MD5 hash algorithm in certificates will be restricted. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Prerequisite:  KB 2862966
Known Issues:  KB 286973


Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Windows XP End of Support

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Also note that after April 8, 2014, technical assistance for Windows XP will no longer be available.  This includes automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download.  Note, however, that definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.

The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: