Microsoft released seven (7) bulletins. Two of the bulletins are identified as Critical with the remaining five as Important.
The updates address 66 Common Vulnerability & Exposures (CVEs) in Microsoft Word, Office and Internet Explorer. Of those CVEs, the update to Internet Explorer addresses 59 items, including CVE-2014-1770. Note, however, that Microsoft is not aware of any impact to customers of the CVE's addressed in the updates.
- MS14-035 -- Cumulative Security Update for Internet Explorer (2969262)
MS14-036 -- Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)
- MS14-034 -- Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)
- MS14-033 -- Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
MS14-032 -- Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258)
- MS14-031 -- Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)
MS14-030 -- Vulnerability in Remote Desktop Could Allow Tampering (2969259)
MSRTThe W32/Necurs rootkit was added to detection. The Necurs rootkit components have drivers that try to block security products during every stage of Windows startup. For information about the Necurs rootkit see the MMPC blog post, MSRT June 2014 – Necurs.
The updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Windows XP and Windows 8.1As has been widely publicized, support for Windows XP and Office 2003 have ended. Thus, there will be no further security updates for those products. See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.
Although Microsoft has stopped providing Microsoft Security Essentials for download, that definitions will be available until July 15, 2015. See Microsoft antimalware support for Windows XP.
Important note for Windows 8.1 users: Windows 8.1 Update Requirement Extended
The following additional information is provided in the Security Bulletin:
- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Security solutions for IT professionals: TechNet Security Troubleshooting and Support
- Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
- Local support according to your country: International Support
- MSRC: Theoretical Thinking and the June 2014 Bulletin Release
- TechNet: Microsoft Security Bulletin for June 2014
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...