Tuesday, May 13, 2014

Microsoft Security Bulletin for May 2014

Microsoft released eight (8) bulletins.  Two of the bulletins are identified as Critical with the remaining six as Important.

The updates address 13 Common Vulnerability & Exposures (CVEs) in .NET Framework, Office, SharePoint, Internet Explorer, and Windows.

Regarding .NET Framework MS14-026, if you have had problems with it in the past, it is advised that you install that update separately, followed by a shutdown/restart.

Please refer to the MSRC Blog post, linked below, for information regarding new and updated Security Advisories, Security Advisory 2871997, Security Advisory 2960358 and Security Advisory 2962824.


  • MS14-029 -- Security Update for Internet Explorer (2962482)
  • MS14-022 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)
  • MS14-023 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)
  • MS14-025 -- Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)
  • MS14-026 -- Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)
  • MS14-027 -- Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488) 
  • MS14-028 -- Vulnerability in iSCSI Could Allow Denial of Service (2962485)
  • MS14-028 -- Vulnerability in iSCSI Could Allow Denial of Service (2962485)


Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Windows XP and Windows 8.1

As has been widely publicized, support for Windows XP and Office 2003 have ended.  Thus, there will be no further security updates for those products.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Although Microsoft has stopped providing Microsoft Security Essentials for download, that definitions will be available until July 15, 2015.  See Microsoft antimalware support for Windows XP.

Important note for Windows 8.1 users:  Windows 8.1 Update Requirement Extended


The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: