Microsoft updated the Advance Notice to include two additional critical bulletin, resulting in the release of seven (7) bulletins. Four of the bulletins are identified as Critical with the remaining three as Important.
The security updates address 31 unique CVEs in Microsoft Windows, Internet Explorer, .NET Framework and Forefront Protection for Exchange.
In the event you have had problems with .NET in the past, it is suggested that the .NET update, MS14-009, be installed separately from the other updates with a shutdown/restart.
- MS14-010 -- Cumulative Security Update for Internet Explorer (2909921)
- MS14-011 -- Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
- MS14-007 -- Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
- MS14-008 -- Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
- MS14-009 -- Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
- MS14-005 -- Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- MS14-006 -- Vulnerability in IPv6 Could Allow Denial of Service (2904659)
February Security Advisory ImplementationAs described in Security Advisory 2862973, usage of the MD5 hash algorithm in certificates will be restricted. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Prerequisite: KB 2862966
Known Issues: KB 286973
MSRTMicrosoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. The target for February is Jenxcus, a worm coded in VBScript.
Windows XP End of SupportUsers of Windows XP are reminded that support ends for Windows XP on April 8, 2014. See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.
Also note that after April 8, 2014, technical assistance for Windows XP will no longer be available. This includes automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download. Note, however, that definitions will be available until July 15, 2015. See Microsoft antimalware support for Windows XP.
The following additional information is provided in the Security Bulletin:
- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Security solutions for IT professionals: TechNet Security Troubleshooting and Support
- Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
- Local support according to your country: International Support
- MSRC: Safer Internet Day 2014 and Our February 2014 Security Updates
- TechNet: Microsoft Security Bulletin for February 2014
- Support is ending for Windows XP - Microsoft Windows